7 common cybersecurity threats and attacks in 2022

| By:
Bryson Medlock

10.5 trillion. That’s the projected cost of global cybercrime by the year 2025. Hackers are constantly sharpening their skills, and the common cyber threats they cause are eternally evolving.

In addition to providing clients with robust cybersecurity services, MSPs need to attack potential digital threats from another angle. Remaining up-to-date on industry trends and the latest hacker tactics, techniques, and procedures (TTPs) is one of the simplest things you can do to protect your clients.

To make your job easier, our team at ConnectWise has done the research and compiled a list of the 7 most common cybersecurity threats endangering your clients in 2022 and what you can do to protect them.

Let’s jump right in.

The 2022 cybersecurity threat landscape

Navigating the world of common cyber threats is becoming increasingly complex and faster-paced. 85.3% of organizations experienced a successful cyberattack in the last 12 months in one survey, showing that there is a constant stream of attempted attacks. Add the effects the COVID-19 pandemic has had on the way we live and work, and it’s easy to see that there’s no shortage of opportunity for digital threat actors.

In recent years, society’s push toward remote work has changed more than just our lifestyle. Companies are shifting more of their business to the cloud and continuing to leverage freelance, work-from-home labor. 

For companies to remain productive, IT admins need to grant system access to numerous remote terminals around the country or even around the world. According to a study done by Gartner, 70% of employees’ work will be administered by cloud services by 2023. This number is almost double the 40% we saw in 2020.

Experts are pushing toward cloud infrastructure and remote work, making human error one of the biggest threats to cybersecurity in 2022. Brad LaPorte, a partner at HighTide Advisors, predicts 99% of data breaches will be caused by a misconfiguration of settings or installation by the end-user – meaning most common cyber threats of the future are avoidable. It’ll take some reflection and learning from the past to avoid them.

Cybersecurity lessons learned from 2021

The data available from 2021 offered some interesting clues into what trends might emerge in the future of the digital landscape. One of these trends was that the internet is more responsible for cybercrime than ever before.

According to data from SecureWorks, 43% of cyberattacks in 2021 came from internet-facing devices. This might seem like a no-brainer, but if you compare this data to 2020, you’ll find that credential-based attacks were more popular that year.

We can take this data a step further to spot another emerging trend in cybercrime. The fact that most cybercrimes were executed on internet-facing devices speaks to our increased connectivity as a society. But, what causes this increased connectivity?

Thanks to mobile devices like tablets and smartphones, the internet is always just an arm’s length away. And, with 54.4% of worldwide internet traffic coming from mobile devices in 2021, MSPs should be making protection against mobile attacks a priority in 2022.

7 common cybersecurity threats in 2022

Protecting our constantly-connected devices and monitoring malicious mobile attacks are just the tip of the iceberg. MSPs and other IT professionals need to be wary of a wide range of hacker TTPs that will continue to be popular in 2022. Here are 7 common cyber threats that deserve a watchful eye. 


1. Ransomware

Malware, more specifically ransomware, continues to be a significant threat in the modern computer age. This form of cyberattack has been around for decades, and hackers continue to evolve their delivery methods.

To help keep clients protected in 2022, here are some of the ransomware data that should be on your radar:

  • According to ConnectWise’s 2022 MSP Threat Report, out of 500 cybersecurity incidents, 40% were related to ransomware, 25% were directly related to Exchange Vulnerabilities, and 10% were coin miners, with some overlap. The report also noted that ransomware in 2021 surged 148% compared to the year before.
  • In 2020, the U.S. travel giant, CWT, was forced to pay a $4.5 million ransom as hackers took down 30,000 computers and stole countless private company files.
  • Global ransomware damages are predicted to exceed $265 billion by 2031.
  • 68% of U.S. companies experienced some type of ransomware attack in 2020.
  • Ransomware, a specific form of malware, was the chosen method for 623.3 million attacks worldwide in 2021. That works out to 2,170 attempts per user and 105% growth from the 2020 numbers.
  • 230,000 new malware samples are produced daily, and experts predict that number to keep growing.

What can MSPs do to protect clients against ransomware?

With ransomware causing such devastating effects to companies around the globe, the question becomes: how do you protect against it? Attacks this potent need to be handled on two fronts. MSPs should not only focus on taking internal measures to protect client systems, but also take steps to limit the damage end-users can cause.

Modern EDR (Endpoint Detection and Response) software can help prevent ransomware payloads from executing. They can also set security parameters on endpoint web browsing to ensure clients’ employees don’t stray too far from safe browsing locations.

Additionally, having a solid and robust backup plan can be one of your best protections against ransomware. If a client’s system is larger, there’s no way to prevent 100% of attacks. The key is having procedures in place to backup corrupted data from the attacks that do get through. Watch this webinar for best practices in the wake of a ransomware attack.

2. Supply chain attacks

These types of attacks are relatively new but continue to grow in size and frequency. Hackers use this infiltration method to access source codes, build codes, and other infrastructure components of benign software apps. The end goal is to use these legitimate platforms as conduits for distributing malware into supply chain systems.

According to SecurityWeek, a leading cybersecurity publication, supply chain attacks tripled in 2021. These attacks have grown so quickly and grown to be so devastating that they’ve even garnered the attention of the White House. In a May 2021 executive order, President Biden listed supply chain attacks as a major area of concern.

Cybersecurity experts believe that open-source code, compromised pipeline tools, and poor code uploads are the three main culprits of these attacks. 

What can MSPs do to protect clients from supply chain attacks?

Preventing future supply chain attacks may be one of the biggest challenges MSPs face. With the increased reliance on open-source platforms and APIs, hackers will have no shortage of infiltration points to execute their malicious endeavors. 

But, all hope is not lost. Here are steps MSPs can take to protect their clients against supply chain attacks:

  • Use endpoint monitoring tools to spot and stop suspicious activity
  • Stay current with all system patches and updates
  • Implement integrity controls to ensure users are only running tools from trusted sources
  • Require admins and other users to use two-factor authentication

In addition to the steps above, working with your clients to craft an effective incident response plan can go a long way in protecting their digital assets. Supply chain attacks are relatively new, and some are bound to infiltrate some of your clients’ systems. Check out our ConnectWise incident response webinar or contact us for more detailed advice on preparing your clients if disaster strikes.

3. Cloud-based threats

Cloud-based threats encompass a wide range of hacker TTPs. With so many businesses using the cloud and cloud networks becoming more intricate, their infrastructure has become “low-hanging fruit” for digital threat actors.

Within the cloud world, cybersecurity professionals focus on something known as the “Egregious Eleven.” These are the 11 most popular infiltration points for cloud-based threats. In order of severity, they are:

  1. Data breaches
  2. Misconfiguration of settings and installs
  3. Poor cloud security setup and planning
  4. Mismanagement of ID, login credentials, and account access
  5. Stolen or hijacked accounts
  6. Insider threats
  7. APIs and insecure software interfaces
  8. Weak control plane
  9. Applistructure and metastructure failures
  10.  Restricted cloud usage visibility
  11.  Abuse of cloud services

What can MSPs do to protect clients against cloud-based threats?

Since cloud-based applications shoulder most of the modern corporate workload, focusing on airtight standard cybersecurity practices is one of the best steps MSPs can take to protect their clients. Monitoring access to sensitive resources, enforcing strict password requirements, implementing a sound data backup plan, and leveraging data encryption are instrumental in defending clients against the broad spectrum of cloud-based threats.

To add an extra layer of protection, MSPs should also implement routine penetration testing. Thinking like a cybercriminal and pushing your clients’ cybersecurity protocols to the breaking point is one of the best ways to strengthen their defenses. Be sure to assess and inventory potential system weaknesses after testing.

4. Social engineering

Social engineering attacks are digital threats like phishing. Essentially, any hacking technique that plays on a user’s human nature or emotion can fall under the umbrella of social engineering. These attacks can be a challenge for MSPs because user error and the human element will always be part of the cybersecurity puzzle.

Here are some of the most common social engineering attacks MSPs need to watch for in 2022:


  • Phishing – Attackers disguise themselves as a trusted entity to trick a user into opening an email or message in an attempt to steal sensitive information like login credentials, financial data, and more. 
  • Spear phishing – More targeted phishing attacks aimed at a specific group of individuals or a particular organization.
  • Whaling – Spear phishing attacks directed at select high-profile targets. An example might be c-suite email accounts in a large corporation.
  • Smishing – Attackers disguising themselves as reputable companies via text message to steal sensitive information.
  • Vishing – Phishing attacks conducted via voicemail or phone call.
  • Baiting – Attackers leverage false promises to convince users to give away sensitive information or allow hackers into their system to distribute malware. 
  • Piggybacking/tailgating – Hackers will digitally “follow” an authorized user into a restricted area after they’ve entered their login credentials and gained access.
  • Watering hole attacks – Cybercriminals attempt to target a specific group of people by infecting websites they’re known to visit often. 
  • Scareware – These attacks play on an end-user’s fear to trick them into downloading and installing software that’s potentially dangerous. An example might be a “Your computer’s been infected” pop-up followed by a prompt to download fake antivirus software. 
  • Honeytraps – Attackers will pose as an attractive male or female online and engage in romantic conduct with a user to extract sensitive information from them.
  • Pretexting – Attackers develop a fake scenario requiring a user to share personal information to prove their identity.
  • Quid pro quo – users are promised a profit or financial benefit in exchange for personal or sensitive information.
  • Business email compromise (BEC) – Members of particular organizations are tricked via email to send money, divulge company secrets, or share proprietary intellectual property. Check out this webinar to learn how to react to a BEC attack.

Currently, social engineering attacks account for 98% of cybersecurity attacks. There are also 75 times more phishing websites than malware sites – making social engineering still very much a concern for MSPs.

What can MSPs do to protect clients against social engineering attacks?

Since social engineering attacks rely heavily on end-user behavior, education is the best form of defense. The end-users of your clients’ systems should:

  • Ask for ID
  • Remove the sense of urgency
  • Ask, “Is this realistic?”

On top of these three steps, providing a solid spam filter can help protect your clients from these attacks. While the spam filter helps, protection from social engineering will ultimately boil down to caution and common sense.

5. Insider Threats

Once internal system users are compromised, they can become an even greater threat to the system than external attackers. The Ponemon Institute’s 2022 report on the global state of insider threats found that incidents have risen 44% since 2020.

The Ponemon Institute also found the cost of insider threat breaches to be on the rise. Businesses who experience an insider threat can expect it to cost them somewhere in the neighborhood of $15.38 million.

The bulk of those costs come from disruption of business, loss in technology value, and direct and indirect labor. Those three categories alone account for 63% of insider threat costs. The remaining 37% of costs come from workflow changes, cash outlays, overhead, and subsequent revenue losses.

What can MSPs do to protect clients against insider threats?

Much like social engineering, insider threats rely on the negligence and actions of a company’s end users. MSPs should work closely with their clients to develop a plan for cybersecurity education and behavior monitoring that helps to minimize the chance of an insider threat occurring.

Aside from conducting cybersecurity awareness training, MSPs should implement tools and procedures to proactively monitor their client’s network, like ConnectWise’s SIEM platform. They should also set up parameters and tools to monitor user behavior, as well as establish strict security protocols.

6. Mobile Devices

Earlier, we briefly touched on the threat mobile devices pose to your clients’ overall cybersecurity. Since employees are now working from home and accessing sensitive company platforms and data from multiple scattered endpoints, hackers are presented with many more infiltration opportunities than ever before.

The remote work migration caused by the COVID-19 pandemic has left 97% of businesses exposed to mobile cybersecurity threats. And, although experts in the industry say the number of attacks has decreased, digital threat actors are developing more sophisticated infiltration methods.

Hackers are getting more creative in the emails, messages, and social media tactics they use to trick mobile users into downloading malicious software and handing over private information. Threat actors will even leverage the App Store to infect users’ mobile devices.

What can MSPs do to help clients secure mobile devices?

Fortunately, many of the steps MSPs can take to secure mobile devices are things you’re probably already doing. Things like:

  • Having users select secure, difficult passwords
  • Staying current with OS updates and system patches
  • Making sure clients encrypt their data
  • Having clients install antivirus or antimalware protection

Since your clients’ employees are using these devices from home now – since the pandemic – there are a couple of other challenges. You’ll want to work closely with your clients to take whatever steps you can toward making sure employees only use company devices on secure Wi-Fi networks.

If they happen to use devices on less secure, public networks, advise them not to do anything work-related or any tasks requiring access to sensitive data. It’s also helpful to monitor or screen employees’ app downloads. Configure parameters that prohibit certain apps from being downloaded to your client’s devices, or talk to your clients about offering devices to their employees with all the necessary apps pre-loaded.

7. Poor post-attack practices

As devastating as they can be, each cybersecurity threat is a learning opportunity for you and your clients. Collecting the right data and following the right post-attack procedure can help you extract the most intel from each attack and strengthen your clients’ defenses moving forward.

What can MSPs do to improve their post-attack practices?

MSPs should have a structured plan for what to do after an attack. By sticking to the same routine every time, you can be sure to achieve consistent analytics and reporting results as you review the most recent cyber threat event. This routine is generally known as an incident response plan, and is essential for reducing risk/damage and making companies more secure in the future.

A strong post-attack plan should contain the following steps:

  • Contain/neutralize the attack – disconnect all network connections, disable remote users, maintain firewall settings, install any updates or patches, and change passwords
  • Assess the attack – who had access to the data or servers infected, how did the attack start, what went wrong, and which network connections were breached
  • Create a plan for notification – who in your client’s organization needs to be notified? If they have cyber insurance, you may also want to have them notify their carrier
  • Consider an incident response service – these services are teams of cybersecurity professionals you can call on to act immediately in the event of a breach to tackle the issues above if your team is stalled or understaffed

On top of the above steps, you’ll also want to make sure the proper arms of law enforcement are notified. Your client’s state and local municipalities should have procedures for this process. If necessary, the breach may need to be escalated to the federal level.

General best practices for MSPs in 2022

Being aware of these common cyber threats to expect in 2022 is a great step toward being prepared on your clients’ behalf. But, the best cybersecurity efforts start “close to home.”

Here are a few best practices you can follow internally to minimize the chances of one of these attacks infiltrating your clients’ systems:

  • Implement audits – keep track of any system changes for clients, attacks you’ve dealt with, etc. You’ll be able to avoid any mistakes and continually improve your offerings for clients.
  • Use first-class software – ConnectWise can help on this front. We have a full suite of products to help you give your clients the exact service and protection they need.
  • Stay proactive – Remain ahead of the curve when it comes to hacker/attack education, client system updates, and anything else that’s within your grasp. Planning ahead and being prepared are two of the most critical steps in protecting clients’ digital assets.
  • Keep clients in the loop – Have open lines of communication with your clients. Even in the event of drastic errors, breaking the news right away is always the best course of action. You and your client can work together to get out in front of the issue. By not saying anything, you may turn a minor issue into a much bigger problem.
  • Train your staff often – Your team should constantly be renewing their training on cybersecurity trends and news, but also on your internal company policies and procedures. This way, they’re both knowledgeable about their craft and also able to follow company SOPs to provide white-glove customer service.

As always, ConnectWise is here to help. We offer trials and demos for several products within our suite of cybersecurity tools. With the information in this article and our unwavering support, you should have everything you need to keep your MSP clients happy in 2022.


What are the biggest cybersecurity threats right now?

The most common cybersecurity threats right now are:

  • Ransomware
  • Supply chain attacks
  • Cloud-based threats
  • Social engineering
  • Insider threats
  • Mobile devices
  • Poor post-attack practices

How to monitor cybersecurity threats in real-time?

Cybersecurity monitoring software and SOCs can help you monitor cybersecurity attacks in real-time. MSPs can leverage these tools to scan an entire system in real-time, identify ransomware, stop threats, and notify system users and administrators about suspicious activity.

How to prevent insider threats from cybersecurity risks?

MSPs and system administrators need to be proactive and have a plan to identify insider threats. Once identified, these threats can be sandboxed, assessed, and remedied before serious system damage occurs.