If 2021 taught us anything, it’s that we should expect the unexpected. While nobody knows with certainty what the future has in store, the three trends below have surfaced in the cybersecurity industry, based on the types of attacker behaviors SOC and threat research teams have seen and recent conversations with companies across industries.

The next trends in cybersecurity include a big focus this year on API security, an evolution of ransomware and continued reliance on social engineering and bots for cyberattacks.

APIs are the attack vector of choice

Going forward, application programming interfaces (APIs) will be the primary attack vector of threat actors across the globe, with complex botnets being the tactic of choice. The scale and diversity of APIs make the modern application attack surface much more complicated. In the past, all user experiences were predictably funneled through a single path of a WWW website. Today, every experience involves extensive interactions between systems and devices, meaning they may expose dozens or hundreds of API calls. In addition, during the pandemic, many organizations that weren’t always digital first, such as hospitals, put more information online on patient portals and other consumer-facing sites. This shift requires the use of APIs to allow patients instant access to health information via mobile apps, exposing new data to external threats.

In fact, Gartner Research predicts, “by 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications.” APIs are not only less secure, but are also more likely to be missing authentication and authorization, making them a prime target. Security leaders increasingly see attackers taking their time and employing a variety of tactics, usually involving bots, in order to stay below detection thresholds. In turn, the ability to track attacker behavior will become more important next year.

In addition, when it comes to APIs, we’re still in the early days. Many organizations simply don’t understand just how exposed they are, making it not only an enforcement issue, but an educational one as well. For example, while many companies are benefiting from the use of APIs, many don’t realize that they have some that are outdated or no longer in use, but are still exposed to the internet.

The evolution of ransomware

Ransomware will continue to be big business for threat actors, who have made this formerly behind-the-scenes criminal enterprise feel more like a corporate business transaction — complete with help desks and marketing departments. This year, bad actors will start to recognize that while they could make $1 million stealing data from a high-profile target, this “level” of ransom will draw interest from law enforcement agencies like the FBI or Interpol, which could lead to a potential loss of profits.

Instead, attackers will begin paying more attention to smaller organizations and demanding much smaller sums of ransom; think $2,000. This change in targets will enable attackers to continue making money while going practically unnoticed by authorities and avoiding detection.

Additionally, many of these smaller businesses don’t have the resources to recover from a ransomware attack without paying. This differential in power often forces organizations to feel like the cheaper (time, resources, human-power) option would be to pay the ransom, as opposed to investigating and fighting the criminal effort.

It should be noted that large-scale thefts won’t entirely disappear, however. With cryptocurrency continuing to gain popularity, threat actors can instead use this as a form of payment, making it much harder for law enforcement to track.

Social engineering is here to stay

Even with insecure APIs and lucrative ransomware, it is always easier to exploit a human than it is to hack into critical infrastructure. Build a foolproof system and you’ll find a better fool. Attackers will continue to exploit human behavior because one person can be a weak link for an entire organization and that organization’s connected partners.

This year, security professionals must ensure that their organizations ramp up security awareness training, especially during critical points of the year, or during a merger or acquisition. These events will remain popular targets to execute an attack because they are time sensitive, which increases the pressure on employees to move fast, but also, attackers know that company leadership would be more inclined to pay to avoid jeopardizing a critical deal.

While recent news, and these industry trends, may make tomorrow’s cyber landscape seem bleak, it is important to note that by following industry best practices, with some additional protections in place, these trend predictions can remain just that: predictions. Organizations have been inundated with attacks this year, but they have also blocked attackers quickly and effectively. Solid API security, web app security and security awareness training will play big roles throughout the rest of 2022.