Back 
It is prediction time once again, and we’ve polled some of our esteemed experts here at Netskope to see what’s piquing their interest with 2022 on the horizon. Much like our predictions last year, we’ve broken the list out into some longer shots and some pretty safe bets. Here’s what we think is in store for 2022:
Long Shots:
Ransomware threats will begin to boil over
As ransomware continues to plague organizations impacting the critical infrastructure and causing major disruptions in businesses resulting in tensions increasing between countries to the point that we could see retaliation through sanctions, cyber, or even open hostilities. Since 2013 there have been more than 770 attacks on critical infrastructure and government facilities. As we see more attacks that cripple our economy or our health services, patience will begin to fade and people will demand that it be stopped by any means necessary. – James Christiansen, VP and CSO, Cloud Strategy
Phishing campaigns will increasingly abuse OAuth workflows
Phishing campaigns have historically focused on obtaining usernames and passwords. As MFA becomes more commonplace, attackers have been forced to find workarounds. One such workaround is the illicit consent grant, wherein an attacker tricks a victim into authorizing access to the target app by abusing an OAuth workflow intended for device or plugin authorization. We expect to see an increase in attacks abusing OAuth workflows across multiple apps. – Jenko Hwong, Researcher, Netskope Threat Labs
Organisations across the globe will start to measure their carbon footprint in relation to IT and their data centres
COP26 has been the most urgent we have seen yet, with governments, businesses, and individuals all hearing and responding to scientists’ calls for expedient action to protect our ways of life. We will see this imperative running through RFPs and procurement choices in 2022, and predict that Cloud Service Providers (CSP) will be required to share a metric of their carbon footprint and details on their green agenda. – Neil Thacker, CISO, EMEA
Office Documents will represent >50% of all malware downloads
By the end of 2022 malicious Office documents will account for more than 50% of all malware downloads as attackers continue to find new ways to abuse the file format and evade detection. At the beginning of 2020, Office documents accounted for only 20% of all malware downloads and have increased to 40% in 2021. This trend will continue due to the pervasive nature of Office documents in the enterprise and the many different ways they can be abused, making them an ideal malware delivery vector. – Ray Canzanese, Director, Netskope Threat Labs
Technology-specific security vendors are going to redefine/rebrand themselves as SSE vendors
SASE is a framework–a suggestion for how cloud security should be designed as security and networking converge in the cloud era. Security Service Edge (SSE) represents the security services needed for SASE and is an actual set of products and services companies can buy today. SSE will prompt significant consolidation of companies and their tools to offer single platform security. If the way SASE hype has already played out in the two years since the debut of the term is any indication, SSE will also place the burden of selection on customers, who will need clear advice to figure out fact from fiction. – Shamla Naidoo, CISO, Head of Cloud Strategy
DeepFake, voice cloning, and misinformation
DeepFake and misinformation will thrive on social media causing distrust in society driving further political and societal divide, as well being used for financial gain. Voice cloning, a derivative of DeepFake, will exponentially increase as fraudsters use this to create social engineering attacks and bypass voice-based biometrics authentication systems. Digital ID verification systems will also be at risk of being fooled, which will then lead to potential mistrust in eKYC and Digital ID verification systems. – David Fairman, CSO, APAC
Safe Bets
APIs will continue to grow in 2022 as a point of focus for attackers
Across industries, the abuse of APIs, and their misconfigurations, continues to grow as a risk. Back in 2019, Gartner even predicted that by 2022 abuses of API will become the most-frequent attack vector, and as we actually look ahead at 2022 on the horizon, API abuses show no signs of slowing down as an attack surface. – David Fairman, CSO, APAC
AI/ML risks will start to shine
Last year, we predicted that artificial intelligence and machine learning threats would be coming sooner than we all expected, and headed into 2022 it’s clear that AI/ML risks are upon us. We see there being a stronger industry consciousness around AI/ML threats as we become more aware of the robustness and integrity of the model. – David Fairman, CSO, APAC
Office reopenings will cause some growing pains
In the new year, office re-openings and job resignations will drive a surge in malware attacks and both intentional as well as accidental data leaks due to employees changing jobs or mixing up personal vs business app instances. Similarly, the return to the office will drive an explosion in SD-WAN deployments as more customers move off legacy WANs, decommission their costly MPLS circuits, and steer more traffic direct-to-cloud. – Jeff Brainard, Product Marketing Director
Corporations will have a renewed interest in insider threats
In 2021 we’ve seen a rise of the “Great Resignation” and the utilization of gig workers. Specifically, with gig workers, the rapid churn of short-term projects and the widespread set of skills in demand means that background checks may be overlooked and the security of their own computers isn’t up to corporate standards. At the same time, in 2021 Netskope Threat Labs found that departing employees upload 3X more data to personal apps in their final month of employment. Taken together, both of these developments point to a need for corporations to rethink their insider threat strategy. – James Christiansen, VP and CSO, Cloud Strategy
New and unpatched VPN and endpoint vulnerabilities will increasingly be exploited
Patching or upgrading the firmware of your endpoint and VPN appliances can be a tedious process, requiring thorough testing before rolling out patches as well as carefully scheduled maintenance windows. Unfortunately, attackers are well aware of the resulting vulnerabilities and exposures. According to CISA’s list of vulnerabilities most frequently exploited by attackers in 2020 and 2021, many are related to remote access, with some even dating back as far as 2018. Make 2022 the year you get your VPN and endpoint vulnerabilities under control, potentially by accelerating to cloud-delivered Zero Trust Network Access (ZTNA). – Tsailing Merrem, Director of Product Marketing
While we’re all very excited to see how things pan out for 2022, keep an eye out for an episode of the Security Visionaries podcast in early January, with host Jason Clark and a number of Netskope experts discussing these predictions and more in depth.
Read the blog