Today, technology has advanced in ways that were unfathomable a few years ago. Artificial intelligence (AI), machine learning (ML), the Internet of things (IoT), big data, analytics, robotic process automation (RPA), and other ground-breaking technologies have transformed the way we interact in the digital world. Amid these technological advancements, the COVID19 pandemic introduced unprecedented deviations from the normal. Enterprises paused for a while and moved on. However, cybercriminals too began leveling up their game and taking advantage of security loopholes in the new normal, making data and enterprise security business imperatives.
Happiest Minds predicts the top cybersecurity trends for 2022 to help you stay prepared to address threats and attacks.
1. Securing the Remote Workforce
In 2020, the pandemic changed the way organizations functioned. Employees and vendors started working from their homes and accessing enterprise applications on their devices. As the remote work model became a norm, cybersecurity acquired new urgency. According to a study published by IBM Security, a data breach in 2020 cost an average of USD 3.86 million.
Organizations implemented basic controls to protect their information and assets, and with time, they have been working toward strengthening their security controls. Business leaders are attesting to the crucial role of cybersecurity. We see board-level discussions around how newly implemented measures will fit into organizations’ overall scheme of enterprise risk management and regulatory compliance. Cybersecurity is truly taking shape in the new normal. Organizations are looking for newer mechanisms to secure the remote workforce more effectively, and the trend will continue in the new year.
2. Zero-Trust Network Architecture
People are working from everywhere. Applications are residing everywhere — on the cloud, at data centers, on third-party systems, etc. In such a scenario where enterprise borders are disappearing and network perimeters are dissolving, how can we enable secure access for authorized users? Leveraging a zero-trust architecture can help.
Forrester’s zero-trust security model has been picking up speed. Enterprises are trying to understand what zero trust architecture is, its various features, how they can leverage existing technologies and processes to enable zero-trust network architecture (ZTNA), and what new investments they will need to make. Happiest Minds has been receiving a lot of queries in this regard. As the trend takes off, there will be some confusion regarding the right way to achieve zero-trust architecture and what tools and technologies to choose to gain success. Nonetheless, many organizations have already set out on their journey toward enabling zero trust architecture and we foresee the ZTNA concept gaining traction in 2022. ZTNA will continue to evolve.
3. Cloud Adoption and a Focus on Cloud-Based Security
Organizations are moving their workloads to the cloud and platforms such as Google Cloud, Amazon Web Services (AWS), and Microsoft Azure have been powering the journey. While there is a steady increase in the adoption of third-party software-as-a-service (SaaS) applications, organizations are realizing the need for cloud-based security services too. Hence, a lot of traditional on-premise security solutions such as firewalls and perimeter security have started transitioning to the cloud. Enterprises are investing in secure access service edge (SASE), a must-have for today’s hybrid organizations.
With a single network, SASE’s cloud architecture integrates and safeguards all enterprise assets irrespective of their location — on-premise, in the cloud, mobile-based, or anywhere in the world. In 2022, we will see the cloud continuing to remain in focus with respect to cloud adoption for business applications and workloads, and cloud-based security capabilities and services.
4. Re-emphasis on Regulatory Compliance
The remote work model, cloud adoption, and dissolving perimeters also call for a re-focus on regulations that were relaxed in the pandemic era. Considering the changing work model, increase in remote and third-party users, and the expanding threat landscape, a few of the existing regulations are bound to change to ensure enterprises are secure in the digital environment.
Security guidelines, including those related to data privacy, are now considering IT delivery and security delivery changes. These regulations and security compliances will further evolve in 2022. According to Gartner, by the end of 2023, there will be modern privacy laws to safeguard the personal data of 75% of the world’s population.
5. Third-Party and Supply Chain Risk Management
As the way of conducting business and streamlining processes evolves, enterprises will need to work toward reducing third-party or supply chain breaches. Today, an organization’s workload may be residing in the cloud, HR may be hosted on a third-party site application, security may be managed via the cloud, and so forth. To make sure organizations are able to secure all their processes end to end, they will need to address the security of all their third parties, vendors, suppliers, and partners. Hence, the area of third-party and supply chain risk management will experience growth.
In 2022, organizations will collaborate with third parties that support their business for discussions around cybersecurity. Enterprises will increasingly begin evaluating the cyber risk profiles of their critical service providers and vendors to review inherent risks and introduce necessary security controls to mitigate threats.
6. The Expanding Threat Landscape
As many organizations transition from traditional technology solutions to the cloud, they are still familiarizing themselves with the various features in the new environment. At the same time, new vendors and solution providers are trying to gain a foothold in the cloud market. They are yet to fully comprehend cloud security. Hence, threat and attack vectors are bound to increase. Cybercriminals are taking advantage of the opportunity to launch cyberattacks.
The year 2022 will see innovative ways and newer mechanisms of attacks where fresh entrants in the cloud space will become targets. Attackers, instead of trying to get into enterprises, will target broader areas — a cloud or service provider. As attack vectors increase and become more sophisticated, threat defenses will also evolve. Gartner predicts the global information security market to reach USD 170.4 billion in 2022.
7. Vulnerability of 5G Technology
The advent of 5G, already launched in a few markets across the world, will bring in a lot of new applications and a strong push toward IoT and connected devices. Each of these connected devices, though, is a possible target for attackers. As organizations explore 5G and look into its vulnerability, cybercriminals will use the opportunity to attack businesses and users by exploiting the fairly new technology. Furthermore, as 5G enters with the promise of faster network capabilities and larger bandwidth, existing security controls might not be enough to protect businesses and data.
Vendors and organizations will begin focusing on 5G, its key features, and securing related assets and applications that are leveraging 5G — primarily related to IoT and machine-to-machine communication. The area will evolve pretty quickly in 2022.
In 2022, enterprises will see some new types of attacks, new targets, and new security challenges. Understanding these cybersecurity trends can help organizations, vendors, and security teams navigate threat patterns and work toward successfully addressing vulnerabilities before being attacked.
(The article is to be attributed to Mr. Vijay Bharti, SVP, CISO, Happiest Minds Technologies.)
(Image Courtesy: www.clipground.com)