Skip to Content



14 cybersecurity predictions for 2022 and beyond

In the new year, ransomware attacks are projected to increase, major nation-states look to ramp up aggressive tactics, and deepfakes are likely to compound the threats to cybersecurity.

December 20, 2021

Provided byMandiant

While the covid-19 pandemic upended workplaces and ushered in rapid digital transformation, the turmoil around cybercrime has remained constant: attackers are always changing tactics to evade detection. Flexible, customer-first solutions have emerged to meet ever-changing circumstances to keep organizations secure and confident against cyber threats. In the new year and beyond, as technology and workplace trends evolve and laws and regulations change, cybersecurity forecasts are emerging.

Mandiant’s “14 Cyber Security Predictions for 2022 and Beyond” projects trends based on insights from leaders and experts around the globe to assess the evolving cyber environment and the security threats it faces. From ransomware to deepfakes to analyzing the security of IoT devices, these predictions are based on existing trends and incorporate the behavior of attackers and changing technological innovations.

14 cybersecurity predictions for 2022 and beyond

Ransomware threats will continue to grow unless governments and technological innovations can significantly change the cost-benefit calculation for attackers, as the crime is simply too lucrative. These kinds of attacks are also expected to rise in critical industries where paying cyber criminals is imperative to protect health and safety. New tactics are expected from attackers as they become more business savvy and anticipate counter-negotiation strategies.

Further, there is an anticipated increase in conflict among bad actors within ransomware-as-a-service operations, affecting how victims and organizations think about making ransom payments. The US government has placed sanctions on suspected threat actors in an effort to curb ransomware attacks. However, this approach to stop organizations from paying money to extortionists can cause negative recourse for victims.

Deepfakes are another threat that have been used to facilitate business email compromise (BEC) fraud, bypass multi-factor authentication (MFA) protocols and  know your customer (KYC) ID verification, and will be increasingly used in 2022 and beyond.

Major nation-state actors in Russia, Iran, China, and North Korea will likely maintain an aggressive posture to promote each of their regional interests. Russia’s scope of operations will expand as it targets NATO, Eastern Europe, Afghanistan, and the energy sector. Iran will use its cyber tools to target Israel and the Middle East in an effort to shift power balances in its own interest. Using cyber espionage, China is poised to support the Belt and Road initiative and scale their operations. North Korea will flex its cyber capabilities and take risks despite its financial and geographical challenges.

As organizations continue to rely on cloud and cloud-hosted third-party providers, those third parties face mounting pressure to maintain availability and security. The growth of cloud adoption through 2022 will coincide with the increase of cloud compromise and abuse.

The outlook on incoming threats in 2022 appears grim as ransomware actors become more aggressive and adept at dodging defenders’ tactics and negotiations. Attacks are likely to become more elaborate and lucrative for cyber extortionists. While government agencies are looking to mitigate the ransomware-as-a-service business, there could be negative outcomes for organizations. The compounding threats of ransomware, deepfakes, and aggressive tactics from international nation-states may be daunting for organizations, but remaining vigilant and focused on cyber defense technologies can keep them secure.

Download Mandiant’s full report to understand more in depth and detail what the 2022  cybersecurity landscape will look like – from actors to threats.

This content was produced by Mandiant. It was not written by MIT Technology Review’s editorial staff.

Deep Dive


Linux hack concept
Linux hack concept

The US military wants to understand the most important software on Earth

Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

Close up of worker inspecting chip in a clean room
Close up of worker inspecting chip in a clean room

Corruption is sending shock waves through China’s chipmaking industry

The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.

inflection point post-NSO concept
inflection point post-NSO concept

The hacking industry faces the end of an era

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

The Western Union Building, 60 Hudson Street, c. 1931.
The Western Union Building, 60 Hudson Street, c. 1931.

Energy-hungry data centers are quietly moving into cities

Companies are pushing more server farms into the hearts of population centers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.