With renewed government and private focus on the “Space Race” and recent cybersecurity research concentration on satellite vulnerabilities, we believe a “hack in space” will hit the headlines in 2022.

Text-based phishing, known as SMSishing, has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know, including perhaps your boss.

It’s official. Windows has gone password-less! While we celebrate the move away from passwords alone for digital validation, we also believe the continued current focus of single-factor authentication for Windows logins simply repeats the mistakes from history. Windows 10 and 11 will now allow you to set up completely password-less authentication, using options like Hello (Microsoft’s biometrics), a Fido hardware token, or an email with a one-time password (OTP).

Since the astronomical success of ransomware starting back in 2013, cybersecurity insurers have realized that payout costs to cover clients against these threats have increased dramatically. In fact, according to a report from S&P Global, cyber insurers’ loss ratio increased for the third consecutive year in 2020 by 25 points, or more than 72%. This resulted in premiums for stand-alone cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD. As a result, they have greatly increased the cybersecurity requirements for customers. Not only has the price of insurance increased, but insurers now actively scan and audit the security of clients before providing cybersecurity-related coverage.

Most security professionals have had the principle of least privilege grilled into them from the very beginning of their careers. Giving users the minimum level of access needed to perform their job functions is for the most part an uncontested best practice. Unfortunately, best practices don’t directly translate into wide adoption, and least to their full extent. Over the past few years, or decades really, we’ve seen the ease in which attackers can move laterally and elevate their level of access while exploiting organizations that haven’t followed basic security principles.