Blog
← Back to Blog
December 15, 2022 cybersecurity

2022 Cybersecurity Year in Review: War, Supply Chains, and the Password Manager Problem

2022 cybersecurity year in review and major threats

2022 was the year cybersecurity became geopolitics. Russia's invasion of Ukraine brought cyber warfare into the daily news. CISA's "Shields Up" advisory put every US organization on alert. And the LastPass breach forced us to confront an uncomfortable truth: even our security tools can be compromised.

The Major Events

Russia-Ukraine Cyber Warfare

Russia deployed wiper malware, DDoS attacks, and disinformation campaigns against Ukraine. The feared spillover to US infrastructure didn't materialize at scale, partly due to CISA's proactive warnings and partly because Ukraine's cyber defenses were stronger than expected. But the elevated threat level persisted all year.

LastPass Breach

The most trusted name in password management was breached twice, with encrypted customer vaults ultimately stolen. The incident forced a reevaluation of cloud-based password manager security and accelerated adoption of alternatives like 1Password and Bitwarden.

Regulatory Acceleration

SEC proposed cybersecurity rules for financial advisors. FDA strengthened medical device requirements. State privacy laws proliferated (California, Virginia, Colorado, Connecticut, Utah). Every regulated industry faced increased cybersecurity scrutiny.

Ransomware Evolved Again

Ransomware groups continued professionalizing: dedicated PR teams, bug bounty programs for their own malware, and "customer service" for victims. Average ransom payments exceeded $800,000. Healthcare, legal, and financial services remained top targets.

By Industry

  • Dental/Medical: Healthcare breaches affected 50+ million individuals in 2022. HHS increased HIPAA enforcement actions.
  • Legal: ABA updated guidance on lawyers' cybersecurity obligations. Multiple firms disclosed breaches.
  • Financial: SEC enforcement actions for cybersecurity failures. Proposed new rules signal stricter requirements ahead.

Looking Ahead to 2023

AI is about to change everything. ChatGPT launched in November 2022, and its implications for both cybersecurity attack and defense are enormous. AI-generated phishing, automated vulnerability discovery, and AI-assisted social engineering are on the horizon.

Prepare for: AI-powered threats, continued regulatory expansion, supply chain security scrutiny, and the ongoing ransomware epidemic. The fundamentals remain your best defense.