Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > Prepare for the worse ~ Cybersecurity predictions for 2022 ~

Prepare for the worse ~ Cybersecurity predictions for 2022 ~

Published by Jessica Weisman-Pitts

Posted on March 25, 2022

5 min read

Last updated: January 20, 2026

EUA1552

2021 was no easy year for anyone, including cybersecurity experts. With many cyber-threat fears coming true, from cloud security threats to deepfakes, some worry about what 2022 might bring. Here Neil Ballinger, head of EMEA at automation parts supplier EU Automation, discusses cybersecurity predictions for 2022.

In 2021, many organisations were slow to adapt to the new security climate. However, with ransomware becoming one of the most concerning trends for 2022, businesses will need to adapt their cybersecurity quickly in preparation.

Typically, ransomware gains access to organisations via phishing attacks conducted on an organisation’s employees by tricking them into providing details or clicking a link that will download the malware. This works by infecting devices with a virus that encrypts files and refuses to reveal the decryption key until a ransom is paid. In some cases, hackers threaten to publish the data publicly if the victim does not comply with their requests.

In 2021, the number of ransomware attacks grew substantially, targeting, among others, critical infrastructures such as water treatment facilities. One example is the attack on a water treatment facility in Florida that could have endangered many lives. Other notable attacks on critical infrastructure include targeting hospitals and gas pipelines.

Many believe that this trend will only continue into 2022. In fact, research by PwC shows that 61 per cent of UK executives expect a boom in ransomware incidents. As a result, 63 per cent of them are increasing their cybersecurity budgets for 2022. But what are the main access points for cybercriminals, and how are these attacks typically carried out?

Social engineering

Cybercriminals usually carry out these attacks by exploiting an employee to gain access to an organisation’s system. Social engineering is a term used to describe a range of malicious activities achieved through human interactions, usually using psychological manipulation to trick employees into making security mistakes or giving out sensitive information. Although social engineering is nothing new, it is predicted that it will grow in popularity in 2022 due to the success of hybrid and remote working initiatives.

Cybercriminals will often investigate an employee to gather necessary background information. The attacker will then try to gain their trust using this information to persuade them to release sensitive data or give access to the network. Other techniques used to gain access to company networks include phishing, spear phishing, baiting, scareware and pretexting.

The method of gaining access to a network may differ, but the best way to combat these attacks remains education. By educating employees on cybersecurity, such as advising them not to open any links they are unsure of, not using unapproved USB devices or giving out company details, and connecting only from secure networks, companies can limit the risk of being a successful target.

IoT

As of 2021, the number of IoT-connected devices was approximately 13.8 billion. The increase in popularity of internet-connected devices means that enterprises are able to collect valuable data to care for their equipment and optimise processes. However, IoT connections also provide more access points to digital systems, which can be exploited by cybercriminals. With the number of IoT devices expected to increase to 25.4 billion by 2030, exposure is also set to increase.

As IoT devices become prevalent, they also become more advanced, with many businesses investing in the development of digital twins. The term was first coined in 2002 by Michael Grieves and describes comprehensive digital simulations of systems or businesses from reconstructed sensor data, allowing for manufacturing processes to be tested prior to implementation. This technology allows companies to gain insight into operation improvements, efficiency or issues. However, it also holds a gold mine of data and provides access points for exploitation.

The threat of IoT devices has long been recognised, with past attacks gaining access through connected systems such as PLCs to gain access to companies’ valuable data. Edge computing can limit data exposure, but this solution alone does not erase all risks.

So, what can manufacturers do? The usefulness of IoT devices to manufacturing is undeniable, but with the shadow of cyberattacks growing, companies should start securing their IoT devices now. To protect against these attacks effectively companies should conduct regular audits of all connected devices to assess any vulnerabilities.

Supply chain attacks

Attacks on supply chains have long been a threat to businesses. The significant increase in software supply chain attacks makes it a likely threat for 2022.

Supply chain attacks are effective in causing mass disruption to a business by taking down their software supply chain and services. There are many methods a cybercriminal could use to attack a supply chain, for example by attacking website builders, third-party software providers or third-party data stores or by carrying out a watering hole attack.

We can expect these attacks to continue in 2022 but with the added worry of their possible commoditisation, meaning that cybercriminals will see value in these attacks and be more likely to risk carry them out. This commoditisation is anticipated to encourage even less-skilled attackers to perform supply chain attacks.

Microsoft advises protecting against supply chain attacks by deploying strong code integrity policies, allowing only authorised apps to run and using endpoint detection and response solutions to detect suspicious activities.

The increased threat to cybersecurity does not negate the benefits of using technology such as IoT devices. Education is the best form of defence against all cybersecurity threats — the more you know about network vulnerabilities, the better you can protect them.