Cybersecurity moves fast. It can be hard to know what will happen tomorrow, let alone next year. Just as no one saw the SolarWinds attack happening in December 2020, the Apache Log4j flaw appeared in December 2021 as people were preparing for the holidays.

In good news, we can take stock of the recent past and know what to prepare for. The analysts at Enterprise Strategy Group (ESG), a division of TechTarget, brainstormed to come up with cybersecurity predictions for 2022. Here are five of their forecasts for the next 12 months.

1. Enterprise-level security comes home

Companies must secure data on home networks in 2022. Life for office workers has fundamentally changed, and the hybrid workplace is here to stay. With more employees outside the traditional network perimeter, the attack surface has grown exponentially, and companies must make this a top priority in 2022.

“Organizations are rethinking their longer-term strategies for securing distributed and diverse environments,” analyst John Grady said. This isn’t the first time vendors have attempted to provide such a solution to the problem, though. Previous product releases that attempted to protect home devices didn’t pan out, such as the now-defunct Norton Core. “The difference now is that organizations have a reason to help employees protect personal networks and vendors see a business opportunity,” he said.

Vendors already have Secure Access Service Edge products available — for example, Palo Alto Networks’ Okyo Garde and Fortinet’s Linksys HomeWRK. Expect to see more as the year progresses.

2. APIs become part of the attack surface

Attackers are setting their sights on unprotected APIs, and API attacks will see a banner year in 2022. These often overlooked connectors between applications frequently have access to sensitive data.

“The world is getting more interconnected via APIs in the interest of modernizing application development to increase productivity and scaling,” analyst Melinda Marks said. “The APIs connecting services and applications could be vulnerable to attack if measures aren’t taken.” APIs are vulnerable to common web application vulnerabilities, such as distributed denial-of-service attacks and SQL injection.

Securing APIs is difficult, however, because of the increasing number of them used that are internal- and external-facing, Marks added. Plus, confusion surrounds not only how many APIs are in use at an organization, but also who is responsible for handling API security. Companies must take stock of the APIs used in their organization and properly secure them in 2022.

3. SIEM vendors add to XDR confusion

Extended detection and response (XDR) has been around for three years, but uncertainty about it remains. Organizations may not understand what XDR provides, and endpoint security vendors aren’t making it any easier. In 2022, expect SIEM vendors to exacerbate the issue as they insist they provide the same services by adding XDR features to their SIEM products.

“SIEM vendors are under pressure to defend their install base,” analyst Dave Gruber said. “A few SIEM vendors have essentially rebranded existing SIEM products under the umbrella of XDR. I expect SIEM vendors to respond with new features that align with XDR leaders. This will level the playing field between XDR and SIEM, causing additional confusion. Budget dollars are on the block to move from SIEM and EDR [endpoint detection and response] into XDR, motivating vendors.”

4. Insider breach damage exceeds nation-state attack damage

A lot of the focus for security teams in 2021 was protecting networks from ransomware attacks and nation-state attacks. Ransomware is a perennial issue and will continue to be in 2022, but don’t overlook insider attacks. Analyst Jack Poller predicted a major organization will fall victim to an insider attack and suffer significant financial damages — and that the cost of insider breaches will exceed nation-state attacks.

“The media is focused on external attacks, from ransomware to nation-state attacks,” Poller said. “What doesn’t get a lot of press is insiders who either inadvertently or maliciously attack a company and extract data.”

Victim companies may also not want to admit an insider attack due to embarrassment and liability worries. Insider threats are certainly happening in 2021 — for example, in December, the U.S. Department of Justice announced the arrest of a Ubiquiti employee who attempted to extort the company. But expect to see more of them in the news — and hitting the wallet hard — in 2022.

5. Rise of SOP-V platforms

A new acronym will make the rounds in 2022: security observability, prioritization and validation, or SOP-V. SOP-V products unite attack surface management, vulnerability management, asset management, threat intelligence, security testing and risk ratings. With SOP-V, enterprises can improve monitoring and response, learn what is happening on the network and account for assets at scale.

“The way we’ve done risk management in the past is sort of a best effort,” analyst Jon Oltsik said. “We had vulnerability scanners and asset management systems. We had to determine what’s out there, what’s vulnerable and how to prioritize fixing them.” SOP-V will change the game, integrating tools for efficiency and effectiveness.

“SOP-V is about taking individual tools and building an architecture so they can share data for analysis and allow analytics to prioritize risk,” Oltsik said. “Once we make the changes, we can go back and make sure we get it right.”