Even though new security products and solutions keep flooding the market, businesses across all industries continue to experience an urgent cybercrime crisis, and the predictions for 2022 aren’t looking too good either. Today, some 80% of IT leaders acknowledge that their organization lacks the necessary protection against cyber attacks, despite increased investments in cybersecurity.
Some larger enterprises refuse to sleep on the issue, pouring dollars into robust solutions, but small and medium businesses (SMBs) remain largely unprepared. The truth is that no company, no matter its size, can afford to risk its neck under the false hope that it will be spared by malicious hackers.
Understanding the current cybersecurity landscape is key to navigating it successfully. So, what are the main cybersecurity trends and challenges on the horizon?
- Cybersecurity moving from important to essential
While government entities and financial institutions are still a popular target, healthcare has become a real magnet for hackers. Most hospitals may not even have a designated IT team and don’t bother to invest in updating their digital infrastructures. But with medical ransomware becoming an extremely worrying occurrence, this will have to change.
In fact, ransomware has hit record heights in 2021 and will continue to mark the cybersecurity landscape next year, alongside malware and phishing attacks. Whether in healthcare or not, the majority of threats are tied to employee error, so organizations must prioritize controlling the human aspect more than ever before. Working from personal devices, accessing corporate resources from public Wi-Fi, or downloading any app are just a few of the issues that will drive companies to shift their narrative and put cybersecurity first in 2022. With cybersecurity services moving into the spotlight, hiring a specialist or contracting a consultant will be the norm.
Interestingly, the growing awareness will affect the implementation of emerging tech, mainly the Internet of Things (IoT). As companies increasingly rely on this innovation, they’ll realize that interconnected devices within a complex infrastructure mean that a vulnerability of a single device opens the door to an entire enterprise network. So, if you were worried about an email on your phone, now you will have to consider checking up on your smart toaster too.
- Phishing more sophisticated than ever
Phishing has always been a defining concern for companies and actually managed to creep its way into 75% of organizations around the world in 2020. Now, it’s virtually impossible to identify a well-crafted phishing email. If someone is hell-bent on hacking a company, they will most probably succeed because there’s no such thing as 100% security. Phishing emails are like pawns in the cyberwar – and these pawns alone do half the job.
There’s email, spear, angler phishing… You name it. And while strict email security policies, if enforced, can bring phishing under control, there’s a limit to imposing security as too many restrictions can get in the way of employee productivity. In 2022, companies will advance solutions that marry baseline security measures with user education. Traditionally, companies realize there has been a breach when it’s too late; rapid-response solutions will be vital.
- New arsenal within IAM
It’s not just precarious threats entering the picture; it’s new solutions too. From software solutions, such as single sign-on or multi-factor authentication to hardware tools where devices act as tokens to strengthen verification, the era of simple usernames and passwords is at its end in 2022.
On a business level, Identity Access Management (IAM) is becoming the cornerstone of enterprise efforts. As an additional level, Privileged Access Management (PAM) is also becoming the norm, helping ensure that the right data is accessed by the right people and not trusting them until verified, complementing todays’ zero trust postures.
User Behavior Analytics (UBA), an emerging domain within IAM, will rise as a key player in cybersecurity technology. Its power lies in easy yet powerful traffic examination. By keeping an eye out for suspicious user activity, it can help cybersecurity professionals identify potential threats in real-time.
Secure Access Service Edge (SASE) is another innovation worth mentioning, providing the edge functionality of the cloud as a single service alongside cloud security. The global SASE market is predicted to expand at a compound annual growth rate of over 36% by 2028.
- Cyber insurance as a natural market development
If you follow the news about companies suffering cyber attacks, you’ll see that the story never ends there; it’s followed by court hearings, judicial cases, and hefty fines. That’s because when a company goes down, a lot more goes down with it – be it shares, stocks, or even lives.
So, just like you insure your car, companies are now looking towards cyber insurance, too. While the field is relatively new and providers are looking for more data to determine accurate policy rates for coverage, the appeal is undeniable. Some predict the cyber insurance market could reach a staggering $20 billion by 2025.
From traditional, rigid approaches to cybersecurity defined by password education and installing antivirus software, dynamic technologies are now changing the game. In today’s ever-complex threat environment, these modern solutions will help companies assume responsibility for their security once and for all.
Recognized in the IT management community as a consultant, speaker and thought leader, Apu has been a strong advocate for IT governance and Information security management. He’s passionate about entrepreneurship and spends significant time working with startups and empowering young entrepreneurs.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.