By embracing emerging security strategies like Zero Trust and improving automation tactics, CISOs are looking to be better positioned to support the demands of a new hybrid workforce, finds DynamicCISO.com’s Future Forward Security Priorities survey. Find out what some of the IT and security leaders have to say.
Key findings:
- 63% of enterprises to increase cybersecurity budget in 2022
- Ransomware continues to be the greatest business threat
- Securing hybrid workplace, a concern for 42% of enterprises
- Demand for AI-based security solutions on the rise
2021 was all about securing remote work. In 2022 with hybrid work emerging as the “new normal,” CISOs will have to balance business priorities and employee productivity coupled with security in a way we have never seen.
According to DynamicCISO.com’s Future Forward Security Priorities Survey, 42 percent of respondents stated that securing their hybrid workplace will be their topmost concern in 2022.
A lot of employers, rather than going completely remote or entirely in-office, are finding the best solution is a hybrid environment that certainly means different challenges for cybersecurity. With a distributed workforce, the threat landscape is broader and security must expand to protect it.
The survey also revealed that Zero Trust cybersecurity approach is on the verge of gaining ground in 2022 with 38 percent of respondents stating that a Zero Trust framework will be an essential tool in their arsenal. A Zero Trust approach will enable teams to rethink the way network access works and more closely scrutinize the products they rely upon.
Security was never seen as a business enabler. This perception has changed. A Zero Trust approach will help organizations deliver high quality protection without impacting the existing controls. The Zero Trust framework has matured, and adoption will become more easier for organizations with many new use cases.
Manikant R Singh, Vice President & Chief Information Security Officer, DMI Finance Private Limited
Cybersecurity skills shortage is another cause of concern for enterprises. While there was a skills shortage before, it has got much bigger since Covid because people haven’t been able to get the necessary in-person training.
On High Alert: Fear of Ransomware and Data Breach
The pandemic has directly exacerbated the cyber threat landscape, resulting in record-high figures of ransomware attacks and data breaches. As organizations pivot and go online, their digital operations increasingly become an inextricable part of their business.
As per the survey, ransomware and malware emerged as the top concern for 36 percent of the enterprises going into 2022 followed by data breach (19 percent), user privacy (13 percent) and business email compromise (12 percent).
The concern for ransomware attacks stems out from the fact that it has worked, and proved effective. There have been several instances where organizations have paid or willing to pay the ransom following an attack – some to avoid shutting down their business or losing their data, others because they had no other choice.
While ransomware continue to dominate the headlines, the problem of identity, cloud security as well as risk of insider threats, user privacy, misconfigurations and unpatched software will continue to bother security practitioners, as per the survey.
I see worsening threats in coming days that will have rippling effect for everyone in the supply chain. Data breaches will further scale up using latest sophisticated malware and vulnerability in applications. Fake news and misinformation campaigns using social media platforms will flourish using phishing campaigns. 2022 will remain yet another turbulent year with many more cyber incidents.
Prof (Dr) JS Sodhi, Senior Vice President & Group CIO Ritnand Balved Education Foundation (AMITY Group) & Executive Director of Cyborg Cyber Forensics and Information Security Pvt. Ltd.
Security Spending to Increase:
The survey revealed that 63 percent of respondent will be spending a significantly greater portion on security as compared to last year while 21 percent of enterprises will spend the same as last year.
The imperative to protect increasingly digitized businesses and safeguard consumers from cybercriminals who sense that they have opportunity to find new forms of disruption — whether through profitable ransomware attacks, or by exploiting vulnerabilities to infiltrate and manipulate company networks are some key factors that will be driving security spends.
Our cloud adoption is steadily rising across verticals and hence cloud security is our topmost priority followed by data security and XDR (Extended detection and response) to fight threats like ransomware. Zero Trust approach provides context aware, continuous verification for all resources at all times, and also limits the “blast radius” in case of a breach.
Vasudevan Nair, Head IT & CISO, Writer Corporation
AI-based security solutions (19 percent), security operations center or SOC (16 percent), end-point security (15 %), Threat intelligence (14%) and Cloud Security (13 %) are the top five areas where the investments in security will be directed as per the survey.
No single framework can address all domains of security. A combination of frameworks, tools, systems, processes and people will drive security. The fulcrum of security is risk assessment. Unless organization’s pursuing security use scientific Risk Assessment Models, the threat and vulnerabilities Landscape pertaining to the organization cannot be identified.
Dr. Rajan, Group CISO, Kauvery Group of Hospitals.
Editorial opinion:
2022 will reinforce the critical need for security programs to be agile enough to react to minor and major extraneous shocks. In a world of increased uncertainty and complexity, agile co-operation based on shared values will be essential to build cyber resilience.
IT and business leaders must continually familiarize themselves with up-to-date threat intelligence and invest in the resources necessary.
Data-security and privacy professionals have learnt that “data security is no longer just about the confidentiality of data.” Data security needs to also focus on the integrity and availability of data, especially in the face of rising disinformation and frequency of ransomware attacks.
Note: The Future Forward Security Priorities Survey 2022 was conducted by DynamicCISO.com between 15th of November to 30th of November, 2021. A total of 168 IT and InfoSec-decision makers across industries participated in this survey. The primary focus of the survey was to gauge the emerging security threat landscape, and find the priorities/focus areas where security leaders will be investing their time, energy, and resources in the year ahead.