Skip to content

Cybersecurity Trends to Watch in 2022

A look back at some of the biggest stories of 2021 can help to inform security strategies over the coming year


The past 12 months have pushed corporate IT and cybersecurity teams to the limit. From the sophisticated SolarWinds campaign at the start of 2021 to the global scramble to patch Log4j vulnerabilities in December—the pressure was intense. And it will continue into the new year, as the pandemic drives digital transformation and new ways of working—exposing more endpoints to attack.

In the face of spiraling threats, security teams must focus on getting the basics right, through cyber hygiene, endpoint protection and data risk management and compliance. And choosing providers that have built best-in-class partnerships with industry leaders for optimized performance and protection.

Here are some of the key trends to inform your security strategy in the coming year.

All eyes fall on digital supply chain security

Software powers the world. But in relying on an ever-greater number of providers to support critical IT and business processes, enterprises are at the mercy of supply chain attacks. The campaign targeting SolarWinds kicked off 2021, compromising nine US government agencies. Then came organized criminal gangs with a sophisticated ransomware attack that hit IT software firm Kaseya. By compromising scores of its MSP customers, the attackers ultimately managed to infect at least 1,500 downstream customers across the globe.

However, 2021 saved the worst till last, with the Log4j vulnerability known as “Log4Shell.” Relatively easy to exploit, near ubiquitous in enterprise environments but also challenging to comprehensively find and patch, it was given a CVSS score of 10.0. Nation-states and cybercrime gangs soon pounced.

According to one security agency, two-thirds (66%) of supply chain attacks now focus on the provider’s code. So how can organizations mitigate this fast-emerging threat? Taming third-party risk in 2022 will require a more mature approach to vetting providers; one which involves security teams from the outset and focuses on continuous code reviews. Tanium’s Global CISO, Chris Hodson, has some useful advice here.

The COVID-19 pandemic will continue to loom large

The tremendous upheaval of 2020-21 may be behind many organizations. But what’s left is a much larger attack surface, thanks to a flood of cloud and digital investments designed to support new ways of working and learning. Here are some key trends to watch:

K-12 cybersecurity

US schools saw “a record-breaking number” of publicly disclosed incidents in 2020, leading to school closures, millions of stolen taxpayer dollars, and identity fraud stemming from staff and student data breaches. The trend continued in 2021 as cybercrime gangs sought to exploit schools’ limited IT security funding and in-house skills, and vulnerabilities and misconfigurations in remote learning apps, infrastructure and devices.

However, some school districts, like Gwinnett County Public Schools (GCPS), are leading by example—using tools like Tanium’s to drive visibility and control of an increasingly distributed IT endpoint infrastructure.

Cybersecurity in higher education

It’s not just K-12 institutions that are an increasingly popular target for threat actors. Universities must not only deflect financially motivated ransomware attacks but also nation-state attempts to steal sensitive research.

That’s why it’s vital that higher education IT teams have the right tools to scan for and fix any misconfigured or vulnerable endpoints, at speed and scale. With enhanced visibility, they can also proactively hunt for threats, build resilience going forward, and remediate before attackers can cause any serious damage.

Remote employee experience

Mass remote work is the new reality for countless organizations and their employees across the globe. In the US, an October 2021 study found nine in 10 employees want to maintain remote work to some degree, as a new era of the hybrid workplace emerges. This creates new challenges for IT help desk staff often lacking crucial endpoint information, and hamstrung by manual processes, tool bloat and reactive maintenance.

Fortunately, the world of IT helpdesk software is changing. Today, cloud-based platforms like the IT Service Center from Tanium and Salesforce are reimagining the employee experience. Built on real-time endpoint data and automation, they’re able to drive faster incident resolution, proactive maintenance and self-service interactions.

It’s time to focus on the fundamentals

Ransomware attacks soared to record highs during 2021, while the volume of reported data breach incidents easily surpassed 2020 figures. Why? Because threat actors are getting better at targeting the weakest links in the corporate security chain. These include misconfigured or vulnerable systems, users prone to clicking on phishing links, digital supply chains, and more.

These trends will demand a response across the following best practice areas in 2022:

Cyber hygiene

Put simply, cyber hygiene means getting the basics right by continuously identifying and remediating insecure IT assets. To do so, organizations need the right risk-based tooling to provide comprehensive visibility into those assets at all times, and the ability to fix any issues rapidly and at scale. That could mean patching a vulnerability, changing an insecure password or restricting admin privileges.

Data risk management and compliance

With serious security breaches potentially incurring multimillion-dollar costs and critical reputational damage, IT and cyber risk is now a board-level issue. That has driven a huge demand for tools that can accurately score and remediate that risk. Yet most fail because they run infrequently, collect limited data, lack context and don’t combine scoring with remediation. Tanium Risk is different.

Endpoint detection & response

Modern business happens at the endpoint. So that’s naturally where threat actors also focus their efforts. Traditional endpoint protection platforms (EPPs) cover more traditional anti-malware scanning, while endpoint detection and response (EDR) tools offer a more flexible way to address multiple categories of exploits, malicious binaries, and OS-layer post-compromise activity. In reality, a defense-in-depth approach is recommended combining both.

Despite industry hype, EDR tools are not a panacea. They can be bypassed by skilled attackers, making additional investments like Tanium Threat Response an important consideration. Tanium works in the dwell time before, during, and after an initial alert, to define the blast radius of an attack and comprehensively remediate to stop the bleeding.

Strategic cybersecurity partnerships come of age

Cybercriminals have a vast economy worth trillions of dollars each year. Nation-states are becoming increasingly bold in their attacks, and capabilities are trickling down beyond the usual suspects. Faced with these challenges, and the mounting complexity of supply chains and digital infrastructure, IT leaders need partners laser-focused on solving their problems. That means vendors prepared to work with other industry leaders to optimize for user experience and security.

That’s why Tanium will continue to team up with best-in-class partners such as:


We’re reimagining employee service management for the new era of hybrid working. There’s plenty more to come as we combine the power of with Tanium’s real-time endpoint visibility and control to empower the IT helpdesk.


Integration with the ServiceNow Service Graph means organizations now have accurate, current data to ensure their configuration management database (CMDB) inventory is always up to date. It can provide the foundation on which effective cybersecurity is built.


Cybercriminals are past masters at sharing information and knowledge to enhance their offensive capabilities. Defenders, less so. That’s the value of Open Cyber Threat Intelligence (OpenCTI): an open-source platform that allows organizations to manage cyber threat intelligence knowledge. Our integration takes OpenCTI data from multiple open and closed sources, and delivers it to Tanium for enhanced threat hunting and vulnerability detection.

Deep Instinct

Deep Instinct provides a purpose-built, deep learning cybersecurity framework. The integration of Tanium’s Threat Response solution will empower joint customers to improve their ability to block unknown malware before it executes on endpoints.

Try Tanium today and discover how Tanium can support your organization throughout 2022.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.