Webinar: What's New in Graylog 6.0? | Watch On-Demand >> ​

Graylog Insights — How 2021 Will Shape 2022

People may not reminisce over 2021, but as Winston Churchill once said, “Those that fail to learn from history are doomed to repeat it.” 2021 swooped in on the coattails of a major supply chain data breach, and a lot of the challenges we experienced during this past year seemed to follow suit. To celebrate the best and hopefully move away from the worst that 2021 had to offer, this look back at 2021 trends can inspire us all to learn, and most of all, show us how to move forward.


NIST announced the Log4j vulnerability on a Friday afternoon right before the 2021 holidays. It might seem so last year, but unfortunately, Log4j was just another in a long stream of vulnerabilities detected. According to one article, more than 50 CVEs (common vulnerabilities and exposures) were logged every day in 2021, more than any time since the start of record-keeping.

With companies relying on applications more than ever, these vulnerabilities make them more susceptible to data breaches as malicious actors use them during their attacks.

Vulnerabilities are nothing new, but malicious actors will continue to jump on any opportunity to use them to their advantage. At the beginning of January, the Federal Trade Commission (FTC) announced it would levy fines and penalties for data breaches caused by a failure to mitigate Log4j risks. More regulatory agencies are likely to follow (law)suit.


Not everyone was working alone, especially those with pets. However, many teams remained distributed throughout 2021 as companies continued to feel the effects of the COVID pandemic.

As most companies maintained remote and hybrid workforces, IT and security teams struggled to manage the different problems that these workforce models create. Malicious actors leaked passwords on the Dark Web after compromising VPN providers. Companies struggled to keep their networks at speed needed for a productive workforce.

All in all, while employees want to stay fully or partially remote going forward, IT and security teams need to find ways to solve these problems.

No matter how much people want to go back into the office, new COVID variants seem to keep disappointing them. Companies that planned a return to the office or hybrid workforce models might feel like they’re back to square one. Total security protection will continue to be mitigating remote workers as new variants keep pushing timelines back for the short and long term.


With everyone working remotely, cloud applications allowed people to keep doing their jobs. However, these made it easier for cybercriminals to gain a foothold then move laterally across systems and networks. This lateral movement meant that the cybercriminals could maintain persistence in systems and networks.

Advanced persistent threats (APTs) with lateral movement will only continue to increase. They’ve been around a while, but they no longer target only large organizations. Every company manages sensitive data. Newly discovered vulnerabilities combined with remote workers create a perfect storm for these attacks. Detecting these attacks early on will be the key to mitigating risks.


You can’t talk about 2021 – or 2022, for that matter – without discussing zero trust architectures. What was long considered nothing more than marketing jargon moved into the mainstream for IT and security professionals this year.

Whether in response to Executive Order 14028, “Improving the Nation’s Cybersecurity,” or implementing best security practices, most companies started looking at how they can move toward zero-trust security.

The problem? Most companies don’t have the team or tools necessary to enforce zero trust. For many companies, this is going to be a slow process, especially when they lack visibility into fundamentals like users with too much access or mobile devices that are difficult to secure.


Although this goes hand-in-hand with ZTA and remote work, many companies increased their MFA adoption in 2021. In the 2021 State of the Auth report, 79% of respondents said they were using 2FA in 2021, compared to 53% in 2019.

The top three second factors were:

  • SMS
  • Email
  • Mobile passcode

The push toward MFA was likely in response to more people working remotely, connecting to networks and applications from less secure home wireless networks.

2022 might just be the Year of the MFA. After all, it’s one of the less time-consuming, burdensome zero trust security controls. However, companies will need to make sure that they secure their MFA. Cybercriminals know that texts are a common way of getting security codes, and they’re going to continue to use phishing attacks to try to undermine this protection.


Nearly every week, new headlines announced another ransomware attack. This year, double extortion ransomware attacks increased in size and severity. In the first half of 2021, global ransomware attacks increased by 151%. Further, most incorporated a double-extortion process, stealing sensitive data and holding it “hostage” until the affected companies paid.

Ransomware gangs aren’t going to stop. Since they’re motivated by money, every paid ransom acts as a reward. Further, they now use the same business model as most SaaS companies. Ransomware-as-a-Service (RaaS) means that cybercriminals don’t need to be sophisticated coders. With the costs going down and the benefits going up, they’re only going to increase their attacks.


In today’s highly interconnected world, you want to love the technologies that help you get work done. Unfortunately, in 2021, the increased number of supply chain attacks might have meant you’ve lost that loving feeling. In December 2020, supply chain attacks impacted corporate security and critical infrastructures like oil and gas, causing shortages and increased prices.

According to one survey, 61% of respondents said that their company used over 100 SaaS applications. This number doesn’t include additional services providers or hardware technologies. In other words, companies are more intertwined than ever, and that means that a breach of one can be a breach against all. Malicious actors know this and will continue to look for the weaknesses that have the biggest impact across the supply chain.


AI and security automation make it harder for cybercriminals to be successful by helping security teams detect incidents faster to respond better for a more robust security posture.

The number of companies using AI and security automation rose steadily for the third year in a row, according to the 2021 Cost of a Data Breach Report. While 35% of companies still don’t use any AI, 48% had none in 2019. Further, 25% of respondents have fully deployed automation, compared to 16% in 2019. The report also found that companies with fully deployed automation spent on average $3.81 million less on a data breach compared to those with no automation. Companies with automation also managed to identify and contain a data breach in 247 compared to 324 days for those without automation.

When you wrap the challenges from 2021 together with the predictions for 2022, AI/ML will continue to be used to enforce security controls. Detection, investigation, and remediation activities are too time-consuming to be done manually. Infrastructures and supply chains are too complex. IT and security teams have tools, but security technologies often require specialized skills.

Companies will be looking for AI/ML technologies that help them reduce the cost of data breaches and the total cost of ownership. They won’t be able to maintain their current security operations in 2022 without updating their security technology stack in a way that makes sense.


Many of the challenges companies faced in 2021 aren’t going anywhere. In 2022, common security problems will become a variation in previous issues. To move forward with confidence, follow Churchill’s advice, and learn from the 2021 security challenges so you can meet them in 2022. This way you are prepared for what you know and ready to face and overcome those security challenges you haven’t yet encountered.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.