From a CISO\u2019s point of view, 2021 was not a very good year. It started with a scramble to address the SolarWinds cyberattack and is ending with record-breaking highs in ransomware attacks. CISOs have had to deal with juggling a hybrid workforce with continuing security issues caused by COVID-19 and a skills shortage, cyberattacks on the critical infrastructure, understanding what the growth in cryptocurrency means for cybersecurity, and handling the usual everyday issues in the life of a CISO.\nWith 2021 approaching the rearview mirror, we can expect more of the same with some added twists in the year ahead. Reviewing the cyberattacks that CISOs had to address, either directly or indirectly, along with trends and issues that surfaced can help us anticipate what lies ahead in 2022.\nRansomware\nRansomware isn\u2019t going anywhere. One report said there were nearly 500 million attempted ransomware attacks by the end of September. We can expect that number to be closer to 700 million by the time the ball drops on New Year\u2019s Eve. The banking industry alone saw ransomware attacks increase by more than 1,300% in 2021.\nPerhaps no ransomware attack had a higher profile than the one on Colonial Pipeline, which gave Americans their first real taste of how devastating cyberattacks can be on critical infrastructure. Even though this attack was on the financial part of Colonial\u2019s business, it effectively shut down the flow of oil to the eastern part of the country and caused considerable panic.\nThe Colonial Pipeline attack could have been much worse, just like the ransomware attacks on Kaseya (which impacted the IT infrastructure of some of the largest companies in the world) and meat processing company JBS Foods. We don\u2019t know how much these attacks have impacted current supply chain woes, but they certainly didn\u2019t help. We\u2019re always one attack away from a breach that takes down the energy grid or food supplies for extended periods of time. The only solid way to prevent this from happening is with tools that continuously monitor and assess your company\u2019s ransomware susceptibility.\nWebsite cloning\nWhile attention has been heavily focused on ransomware this year, one of the trends we\u2019ll be looking at a lot more next year is website cloning and online fraud problems. Consumers and brands are both being frauded by cyberattacks that are generated overseas. The fraudsters target well-known U.S. brands, whether they\u2019re banks, Big Tech companies, or even cryptocurrencies, with the hopes that the consumer will be unaware that the link they are clicking is taking them to a clone of the real website. Thinking they are on the proper site, the consumer enters their log-in and other sensitive information, which leads to credential theft, account takeovers and bigger headaches as the credential stuffing attacks snowball.\nAddressing website cloning requires an offensive strike. CISOs will need to use cybersecurity tools that can identify scams as soon as they materialize and shut them down before they reach consumers, employees, or other online users.\nCryptocurrencies ready to go mainstream\nDespite the general lack of understanding of how cryptocurrencies work, they have entered mainstream America in 2021. LA\u2019s Staples Arena has been renamed Crypto.com Arena. The incoming mayor of New York City announced plans to take several months\u2019 salary in cryptocurrency.\nBut even as it moves into the mainstream, crypto remains the currency of cybercriminals and ransomware payments. As more organizations and consumers use cryptocurrency, it could result in even more ransomware attacks or other illegal attempts to get at the digital currency. And unlike money in the bank, which is protected by federal regulations and replaced if the bank is robbed, once someone gains access to your digital wallet, that money is gone for good.\nProtecting cryptocurrency takes multiple forms. First, ransomware needs to be stopped along with the need to use crypto to pay ransoms. Second, the cryptocurrency itself needs protection, and that could be done through diversifying crypto portfolios \u2013 in other words, not having it all in one digital wallet and having wallets that aren\u2019t connected to the internet.\nGovernment security plans\nWe saw some movement to improve cybersecurity with the White House releasing an Executive Order that, among other points made, supports the removal of barriers for threat sharing information between agencies. The order stated: \u201cRemoving these contractual barriers and increasing the sharing of information about such threats, incidents, and risks are necessary steps to accelerating incident deterrence, prevention, and response efforts and to enabling more effective defense of agencies\u2019 systems and of information collected, processed, and maintained by or for the Federal Government.\u201d\nAs we move into 2022, expect to see a growing trend toward greater collaboration between the public and private sectors. Groups like the Advanced Cyber Security Center will become increasingly critical and more formalized, and commercial organizations \u2013 those that need cybersecurity and those who provide cybersecurity \u2013 will have to be more collaborative with federal agencies about how to address threats. Foreign-based hackers and nation-state threat actors already support each other to better launch attacks, so it is time we work together to better protect from those attacks.\nThe Great Resignation\nIn 2020, employees stayed home to prevent getting and spreading COVID-19. In 2021, employees are staying home because they want something else, something their jobs didn\u2019t offer. The cybersecurity profession was already dealing with the skills gap and millions of open jobs. Now it is impacted by the Great Resignation, with the best people jumping ship and taking their knowledge with them. Whether it is early retirement or moving to positions or careers with less stress, CISOs will be tasked with filling a knowledge gap that is widening, and it has to be a top priority. After all, even though the defenders are walking away, hackers aren\u2019t retiring. In fact, they are becoming more industrious in their efforts, and CISOs won\u2019t be able to stop them alone.\nPredicting the cybersecurity landscape in 2022\nPredicting what will happen in the year ahead is, well, unpredictable. But taking a retrospective view of this past year can help improve enterprises\u2019 cybersecurity posture and offer additional chapters in a CISO\u2019s best practices handbook.