Last updated on January 28th, 2022 at 10:08 am
The turmoil caused by the log4j vulnerability took everyone by surprise, which validates an old saying about predictions: They are difficult to make, especially concerning the future. Nevertheless, in cybersecurity some trends seem obvious, which is why we are continuing or predictions for 2022 with some insights from industry expert. This article will focus on the defense, i.e. what companies can expect in cybersecurity in the coming year, where our third article of the series focuses on what you can expect from the bad guys.
Richard Massey, VP EMEA for Arcserve, sees 4 main trends:
The attack surface will continue to expand as ways of working evolve.
“Your attack surface includes all the possible ways an attacker can get into your company’s devices and networks and lock up or exfiltrate your data. So, it’s essential to keep your attack surface to a minimum. The problem is that your attack surface is continually growing as more people work remotely on multiple devices and create more entry points for cybercriminals to carry out cyberattacks.
“The bottom line is that breaches will inevitably happen. And in the coming year, companies will have to do a better job of recognising breaches so they can extricate themselves as quickly as possible. Security and recovery strategies must be more thorough.”
Data sovereignty will create even greater complexity for data management.
“As companies have grown globally and become more interconnected, the rules around data privacy have become far more complicated. 86% of IT decision-makers say their organisations have been impacted by changing compliance requirements for data privacy, according to a global survey conducted by Dimensional Research.
“Companies no longer have a single data lake at their corporate headquarters that IT can focus on protecting. They must keep track of sovereignty issues in different jurisdictions, and to do this, they will need help.
“In the year ahead, the onus will be on both businesses and public cloud providers to improve compliance and data sovereignty issues by better understanding what is in the petabytes of data they’re storing and the regulations around every element of that data. Businesses will have to get smart about their data content and put policies in place around that content.”
Global supply-chain issues will become a data-protection issue.
“Logistics issues and digital risks such as cyberattacks will cause further disruptions to the global supply chain in the coming year. The supply chain will remain a top priority for organisations in 2022. That means they will need to be actively armed with data protection solutions to keep the supply chain working and meet the demands of their customers.”
The Data Protection Officer will grow in strategic importance.
“The Data Protection Officer (DPO) is an enterprise security leadership role that, under certain conditions, is required by the General Data Protection Regulation (GDPR). Data Protection Officers are responsible for having expert knowledge of data protection laws and practices while overseeing their company’s data protection strategy and ensuring compliance with GDPR requirements.
“The role of the DPO is poised to grow in strategic importance in the coming year, particularly as the responsibilities of DPOs extend beyond traditional IT to encompass a holistic view of data privacy, security, and education. The challenge of data protection is sure to become even more daunting in 2022 and beyond. Companies must stay on top of the ever-evolving data landscape or risk sinking altogether.”
Data Security specialist Rubrik focuses on organizational integrations:
James Hughes, EMEA enterprise CTO and VP of systems engineering:
“You’ve heard it all before: there is a glaring disconnect between the goals of security and IT teams. But with the growth of technology and increasing amount of cyberthreats, the ultimate success will come from the integration of these teams. When these two teams are combined – and I’m not talking about just the integration of their tools, but real collaboration – recovery and cyber resilience will be at its peak. This results in a better security practice and posture, as well as allowing digital transformation within organisations. If security professionals are thinking of IT implications, and IT professionals about the security implications we begin to form a more unified process.”
Don Boxley, CEO of DH2i, keeps it short and simply with his predictions on cloud security:
Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud. They weren’t designed for them. They’re complex to configure, and they expose ‘slices of the network,’ creating a lateral network attack surface. Instead, Kubernetes and software defined perimeter (SDP) enhanced database containers will rule multi-cloud and cloud native. If a company’s multi-cloud and cloud native network security strategy relies on VPNs, the CEO should fire their head of network security.”