After two years of pandemic-induced disruption, 2022 felt like a return to business as usual for many. And that certainly seems to have been the case for the world's cyber criminals. As COVID-19 medical and economic programmes began to wind down, attackers had to get back to making a living the old-fashioned way: by honing their social engineering skills, enhancing their tooling, and looking for opportunity in unexpected places.

All of this has led to an explosion in ingenuity. From the commoditisation of sophisticated techniques like multifactor authentication bypass to threats that rely solely on the attacker's charm and persuasiveness, the cyber attack chain-and the landscape as a whole-has seen major development on several fronts. And with Microsoft's moves to curtail abuse of Office macros creating unignorable pressure to innovate, many threat actors are still experimenting to figure out what comes next.

But no matter which tactics or techniques attackers turn to, their victims remain stubbornly human. Cyber attackers target people. They exploit people. Ultimately, they are people. That's what makes protecting people from cyber threats such a profound and fascinating challenge.