We are in the last quarter of 2022. Yes, it is the end of the year, and we are headed to prepare for 2023. This is also the time when markets in general, including cybersecurity, are preparing to present their forecasts for the following year. We, from senhasegura, already have our forecasts for 2023 and what the biggest challenges are for CISOs and their teams. However, the purpose of this article is to review the cybersecurity forecasts we made for 2022 and to understand how they were met this year.
First, let’s revisit the cybersecurity trends we brought in 2022. Here they are:

• Greater Coverage of Data Protection Laws
• Remote Work Protection
• Cyber Awareness
• Talents Wanted
• It is All About Connection
• Mobile Attacks
• (Even) More Ransomware
• Social Freedom
• Artificial Intelligence and Machine Learning for Cybersecurity

Let’s now explore each of these forecasts and see what we got right (or not)!

Greater Coverage of Data Protection Laws

We all know data is the new oil. And governments have acted energetically to ensure the protection of their citizens’ data. This is reflected in the definition of high sanctions for companies that do not show commitment to the aspect of data protection.

Gartner estimates the personal information of 75% of the world’s population will be covered by specific data protection laws by 2023. In 2022, countries such as Thailand, the United Arab Emirates, and Qatar passed their specific laws for data protection. It is worth remembering the World Cup takes place in 2022 in Qatar. In this way, the data protection law further increases citizens’ guarantees regarding the processing of their personal data.

Another interesting aspect we brought into our cybersecurity forecasts for 2022 was the lack of a data protection law in the United States at the federal level. In July, the American Congress moved forward with the proposal of the American Data Protection and Privacy Act. However, the law still needs to go through new approval in the House of Representatives and the Senate.

Remote Work Protection

In our 2022 forecasts, we talked about the transformation of work environments during the pandemic. Remote work has been consolidated as an alternative to in-person work. According to the Buffer 2022 State of Remote Work survey, 72% of companies surveyed plan to allow their employees to work remotely, while in 2021 this percentage was 46%. Other important survey data are that 97% of survey respondents recommend remote work. The same percentage would also like to continue working in remote mode, at least for some time, for the rest of their careers.

Cyber Awareness

Cyber Awareness should be among the priorities of CISOs. After all, it is impossible to invest in state-of-the-art security solutions without addressing the weakest link in this chain: people. According to Verizon, we saw a decrease in the percentage of data leaks involving the human aspect: from 85% in 2021 to 82% in 2022. The report also indicates a decrease in attacks involving Social Engineering as well as various mistakes. It is worth mentioning that the decrease in the influence of the human aspect in data leaks does not take away its relevance as a cybersecurity trend.

Talent Wanted

The cybersecurity aspect is increasingly present and more influential in organizations’ business strategies. To ensure infrastructure protection and business continuity, more resources are needed, including human resources.

According to the 2022 ISC2 Cybersecurity Workforce Study, the cybersecurity workforce has reached a record 4.7 million people, an increase of 11.1% compared to 2021. However, despite this increase, the gap grew more than double the workforce, with a YoY growth of 26.2%. According to the survey, more than 3.4 million cybersecurity workers would be needed;

It is All About Connection

In our 2022 forecasts, we talked about the development of technologies such as 5G and Internet of Things to offer greater connectivity to users. According to IoT Analytics, 14.4 billion IoT devices were expected, forecast to reach 17.2 billion by 2023 and a CAGR of 22% by 2025. In addition, according to Gartner, by 2025, cyberattackers will turn Operational Technology (OT) environments into weapons to cause even human deaths.

Another forecast that reinforces the need for the protection of IoT devices is that, according to Gartner, by 2025, more than 85% of companies will have more connected edge devices than laptops, tablets, desktops, or smartphones. And by 2026, more than 90% of companies will have some security incident associated with their edge network.

Mobile Attacks

The spread of remote work during the Covid-19 pandemic resulted in an explosion of mobile devices. Mobile device protection has evolved from the traditional antivirus approach to more comprehensive protection involving malware and zero-day threats. Moreover, companies have made BYOD and shadow IT policies more flexible, which hinders the process of protecting the devices used by cybersecurity teams;

(Even) more Ransomware

Ransomware attacks are among the top cybersecurity trends at least since the creation of Wannacry in 2017. And in 2022, cyberattacks through ransomware have only grown. According to ChackPoint, there was a 28% increase in ransomware attacks in the third quarter of 2022 if compared to the same period in 2021. During 2022, the areas that stood out in relation to ransomware attacks were Education and Healthcare. Education organizations experienced more than double weekly attacks compared to other industries, with YoY growth of 28%. Healthcare companies had a YoY increase of 60%.

Social Freedom

We talked about the influence of social media in important events, such as the war between Ukraine and Russia and elections in several countries, such as Brazil and the Philippines. In addition, the mid-term elections in the United States also took place. Fighting false information has been a growing challenge for governments around the world, with a growing difficulty for the population to identify such fake news. Also, another challenge is that many of those who disseminate this fake news want to associate this fight with censorship. In the United States, for example, the Disinformation Governance Board was created in April 2022. However, less than 5 months after the creation, the Board was dissolved, which shows this will continue to be a challenge for governments and society.

Artificial Intelligence and Machine Learning for Cybersecurity

With the rise of cyberattacks, adequate infrastructure protection depending only on the action of Information Security teams has become virtually impossible. With this, the use of technologies based on Artificial Intelligence and Machine Learning has become essential to ensure the protection of users and companies. According to Acumen Research, the global market for AI-based security products was $14.9 billion, with an estimation to reach $133.8 billion by 2030. The areas with the most opportunities for using AI and ML-based technologies are the protection of connected devices and Cloud environments.

2022 was not easy in the cybersecurity aspect. The increase in the number of cyberattacks and the lack of resources to detect and respond to these attacks have brought numerous challenges to security teams. After all, the question is not whether, but when organizations will suffer a cyberattack. And for 2023, the outlook is not the best one. We take this opportunity to invite you to check out the main cybersecurity trends for 2023.