What will 2022 bring for cybersecurity? Are we going to see more of the same as we did in 2021?
During the latest Thales Security Sessions podcast, hosted by Neira Jones, I had the pleasure to discuss what we can expect in 2022 with Andy Green, CISO at Gemserv, and how the many changes have impacted the security landscape.
What are the key security challenges for 2022?
For the past two years, organizations have been trying to adapt to this pandemic driven change. We are living through uncertain times, but 2021 was supposed to be the period when we returned to normal. However, that has not really been the case, and we are going to continue the trend towards decentralization and hybrid working. Hence, the challenge we are going to face is maintaining a degree of agility within organizations. We need to have agile processes and policies which will allow organizations from a cybersecurity perspective to adapt quickly and flexible.
As for the threats, such as ransomware, supply chain attacks and software vulnerabilities, these will continue to become more sophisticated: the significant challenge will be how businesses will prioritize security initiatives and be prepared to respond to a steady stream of threats.
Another challenge that organizations are going to face is this period of great resignation. This trend results in overburdened and fatigued workers who are often filling in for coworkers. Hiring new employees takes time, but also requires onboarding them, training them in enterprise cybersecurity policies and practices. This conundrum makes enterprises more vulnerable when it comes to their overall security posture.
Considering all these challenges, the key for all organizations is to be always vigilant to react to any number of breaches and vulnerabilities swiftly. This is a necessity as digital transformation continues as a secular trend. Organizations are not slowing down the migration of applications, workloads, and data to the cloud, which leads to a broader attack surface.
What technologies are expected to rise?
It is true that we are moving at warp speed with regards to technology changes. As physical security meets digital security, we should expect to see an uptake of identity verification and Zero Trust principles to protect and manage our digital entities. The impact of 5G networks will become even more significant, both enabling edge computing and smart cities, and increasing the attack surface.
Another technology trend we will witness in 2022 is the integration of augmented reality (AL) into collaboration platforms to provide an immersive experience to everyone. In addition, AI, Machine Learning, and natural language processing will continue to evolve and provide deeper insights into data intelligence.
How is the communications attack surface going to challenge businesses?
Collaboration technologies have expanded so much that they have overcome traditional communications channels, like emails. The attack surface is now broader by virtue of the fact that we are using these collaboration engines everywhere. This does bring additional challenges, because bad actors are also evolving their tactics to trick users, for example through phishing emails using the meeting invites.
In addition, collaboration engines are used for reconnaissance attacks to determine the profile of potential targets and deliver targeted spear phishing attacks. The perennial challenge, which is not unique to the communications attack surface, is that there needs to be greater user education and awareness to prevent phishing, smishing or any other types of fraud targeting online users.
In addition, user awareness needs to be seconded by improving the overall security posture. What organizations need is defense in depth – user awareness needs to be governed by policies and processes that people understand but underpinning all that is the need to have robust technical controls. This is especially important in critical national infrastructure, where an attack to any of the connected operational technology systems has the potential to cause widespread disruption that will impact our lives.
Andy Green and I discussed many more pressing and emerging topics around the trends we expect to see in 2022. We also provided tips for organizations both in the public and the private sector that we believe can help businesses thrive in 2022. If you want to hear all these, you can head to the Thales Security Sessions podcast webpage and listen to the whole episode.