Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedCyber Security Predictions for 2022 - K2 Cyber Security


November 29, 2021 Pravin Madhani, CEO and Co-Founder
Cyber Security Predictions for 2022

As we approach the end of 2021, all of us at K2 Cyber Security want to wish you and your families the best holiday season and new year, especially after the almost two years of living with the COVID-19 pandemic.  This last year was especially challenging as we finally developed a vaccine and thought things were getting back to normal, only to have repeated lockdowns and restrictions on travel.  On the IT front, organizations that were forced to accelerate their digital transformation in 2020, found they had to continue to rely on their cloud infrastructure as many of their employees continued to adapt and move to a hybrid work model. Many organizations found that the cyber criminals were working from home as diligently as they expected of their own employees.  All types of cyber attacks increased during the pandemic.

With that backdrop, as we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community.  It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production code (after four record years and probably a fifth), and that ransomware will exact a record-setting payment from an organization in the coming year.  Instead, we’ll focus on three predictions that are probably a little less likely, but ones we may still actually see come to pass in the coming year.

Prediction #1: Even as attacks get more sophisticated, some of the worst breaches in 2022 are going to come from simpler, well-known vulnerability attack vectors.

We’ve seen well-known vulnerabilities continue to be exploited by attacks.  It’s why in the most recent 2021 revision of the OWASP Top 10 Web Application Risks, common vulnerabilities like SQL Injection, Remote Code Execution, and Cross Site Scripting continue to be part of the list (even if they’ve been lumped into broader categories).  It’s the simple vulnerabilities that seem to continue to persist in code writing, and why organizations need to focus both on improving DevSecOps and runtime application security.

Prediction #2: With the rise of popularity of cryptocurrency, the major breach of 2022 will not be of data, but instead involve the loss of cryptocurrency.

With the rise of the popularity of cryptocurrency we’ve seen a number of new trading platforms launched, and the associated applications developed and released to support trading of cryptocurrency, payment by cryptocurrency, and savings accounts for cryptocurrency.  This rush to cash in on the fad of cryptocurrency almost guarantees that some corners were cut in application development, meaning there are bound to be some vulnerabilities out there waiting to be exploited.  We’ll be bold and predict that one of these applications will get exploited, leading to a major loss of cryptocurrency.

Prediction #3: We’ve seen the move to shift left, in the coming year we’ll see a move to shift right, where there will be an increased spend in securing applications running in production.

Many organizations rushed to “shift left” as that phrase gained popularity, moving security testing and secure coding earlier into application development.  Even as money poured into these areas, it was obvious that the focus on security for applications running in production seemed to wane in the past couple of years.  As attacks continue to increase, we predict that we’ll see an increase in spend on application security for applications running in production, essentially a shift back to the right.

Looking Forward to 2022

To sum up our predictions, 2022 will be the year that security comes back into focus (since some companies previously switched their IT personnel from security to enabling work-from-home) as a priority for organizations. Protecting the attack surface will regain attention, as attacks continue to increase. With the increase in attacks, the continued need for a hybrid worker, and the ongoing digital transformation of organizations around the world, application security will become a key focus in the coming year.

To learn more about how to make your organization’s applications more secure for the coming year, request a demo, or contact us for a meeting




Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131