Top Security Concerns, Best Practices and Key Security Findings – 2021 in Review

Bonus: Cybersecurity Predictions for 2022

Last year was a busy year for cyber security. Some of the most impactful cyber security attacks and security innovations to date took place during 2021.

More than ever, it’s been important for organizations to be cyber aware and equip their organizations with the necessary security precautions while assessing their overall security posture.

Here are the top security concerns and security best practices of 2021, and cyber security predictions for 2022.

Top 5 Security Concerns of 2021

1. Ransomware

  • There have been multiple, notable ransomware attacks during 2021, with global ransomware costs expected to reach $20 billion.
  • The average ransom payment during the first quarter of 2021 was $220,298, up from $154,108 during the last quarter of 2020. As more organizations pay ransoms, there are more resources available to cyber attackers, increasing their attack rate and the severity of their attacks.
  • According to a recent McAfee Cybercrime report, 56% of surveyed organizations said they don’t have a ransomware solution to both prevent and respond to a cyber incident. Out of the 951 organizations with a response plan, only 32% said the plan was effective. More than half of respondents believe cyber attacks are too advanced for their IT team to handle without help.

2. Data Breaches

  • There are more than 1,000 data breaches annually throughout the United States.
  • Although some industries can spend more than $8 million in data breach costs, the average total cost globally for a data breach is $3.86 million and growing each year.

3. Social Engineering

COVID-19 and the coronavirus pandemic has opened the door for cyber attackers to use social engineering to gain insider trust for revealing sensitive information or granting access to critical resources.

4. Regulatory Compliance

Ultimately, organizations want to stay secure and compliant, while lowering their risk profile and abating security concerns. That way, they can focus on higher value-added activities to grow their organization.

However, regulatory compliance is often overlooked. According to Globalspace, spending on compliance made up only 14.3% of IT budgets. This is expected to increase due to the cost associated with non-compliance.

5. Cyber-Hygiene and Security Posture

Cyber attackers are constantly adjusting their tactics at an alarming pace to combat any kind of vulnerability assessment and/or security precautions.

Top Security Best Practices of 2021

Cyber Security Awareness Trainings. Organizations must frequently carry out cyber security awareness training for both new and existing employees to inform and educate them about how to recognize and report cyber security threats.

Continuous Network and Application Vulnerability Scans. Organizations use these to find threats and system misconfigurations.

Security Assessment and Penetration Testing. Organizations use this to increase security posture by finding security vulnerabilities and risks. This can help defend your organization against security threats, protect sensitive information and secure devices connected to your data.

Ensured Compliance. It’s important that organizations understand applicable operational, regulatory and compliance laws and mandates, ensuring compliance and avoiding fines, penalties and reputational damage.

Endpoint Security and Threat Intelligence. Organizations must use innovative technology to collect and convert raw data into meaningful security insights, while protecting their data from malicious cyber attacks.

Cybersecurity Predictions for 2022

Passwordless Authentication. The need for passwords is slowly decreasing as major identity management providers, such as Microsoft, are telling you best practices are shifting from “stronger passwords mean more security” to “no password as a means of security.”

During 2022, you will see a stronger move toward passwordless authentication.

Hybrid Workplace Impact. The coronavirus pandemic and the move toward a hybrid workplace model will continue to focus on security concerns and the challenge of balancing both flexibility and security.

Digital transformation is here and coming more rapidly than organizations had expected.

Redefining Security. Compliance is no longer enough and doesn’t mean security. During 2022, organizations must rethink their investment of security policies.

Deepfake Technology. As technology advances, so do cyber attackers. Deepfake technology is predicted to help attackers commit cyber crimes and let social engineering be more effective.

AI-Driven Malware. Advancements in artificial intelligence are allowing cyber attackers to attack more efficiently and at a higher speed.

Supply Chain Attacks. Cyber attackers are learning to use supply chains to cause a ripple effect across multiple partner ecosystems.

Cloud Applications and APIs. The importance of having a zero-trust control model in place is growing as enterprises transition to software defined applications.

Gartner has predicted that API attacks will become the most common cyber attack measure causing data breaches during 2022.


As you move forward into 2022, your organization must increase security investments, pay attention to security concerns and make it a priority to understand your current cyber security posture.

Security cannot be a response to a cyber attack on your organization. Create a security strategy to prevent cyber attacks and remain secure.

Learn how System Soft Technologies is addressing the current challenges of security and preparing organizations for the new year through security assessments, and security governance, risk and compliance.

About the Author: Mark Imhoff

Imhoff picture

As Head of Security Practice, DNA Practice and Enterprise Architecture at System Soft Technologies, Mark influences IT strategy, enterprise architecture, application architecture, cloud architecture, mobility, BPM and governance, data and analytics architecture, integration architecture, digital strategy, digital transformation and delivery programs. He also leads cross-functional teams in support of cloud design programs (Amazon Web Services, Google Cloud and Microsoft Azure) by mentoring, guiding and overseeing both architectural and technology integrity.