Until recent times, many accelerated technological advances have been experienced, especially due to circumstances surrounding the pandemic. But these advances have also led to a rise in cyber attacks. So overall, 2021 was definitely a trying year for cybersecurity in so many areas and it will continue to remain one of the primary concerns in 2022 as well. Lets take a look at what’s in store for cybersecurity in 2022.
- Increased Government Involvement as Zero Trust takes center stage
Zero Trust is a security framework that requires all users within and outside an organization’s network to gain authentication, authorization, and consistent validation before acquiring access to applications on data. While 2020 gave a major impetus to the need for a Zero Trust security model, large-scale ransomware attacks across 2021, such as SolarWinds, led to businesses starting to consider implementation. Joe Biden signed an Executive Order, compelling the federal government to adopt a Zero Trust architecture by the fall of 2024. The Indian government too is looking at a comprehensive cybersecurity policy, as it evaluates similar policies rolled out by the UK and other countries. As ransomware attacks grow in number and sophistication, and CISOs seek to bridge security loopholes, Zero Trust adoption is set to rise exponentially and for good measure.
- Micro-segmentation: The Only Protection in a Perimeter-less World
As security needs become complex and InfoSec teams work towards implementing a new security model (i.e. Zero Trust) while balancing daily operations – micro-segmentation will come in handy. Micro-segmentation is a security practice, usually the first step towards Zero Trust adoption, that aims to make security as granular as possible. Micro-segmentation when coupled with the right technologies and partners, can help overworked IT teams, bring more security with less effort. As Zero Trust takes center stage, micro-segmentation will no longer be optional.
- The Rise of Ransomware Gangs and Supply Chain Threats
Ransomware-as-a-Service or RaaS became the talk of the town in 2021. With their pandemic-style threat, ransomware group or “gangs” have been wreaking havoc while maximizing profits with their digital extortion business models. These well-organized, well-financed, efficient, and most importantly ruthless gangs will continue their mission, irrespective of the size of an enterprise. With larger organizations increasing their cybersecurity budgets and focus, small and medium businesses are likely to be primary targets for such attacks. This will also require organizations to bolster their supply chains, which are becoming the first lines of attack. Due to the scope of their impact, supply chains will demand a focused security approach and increased awareness.
- Proactive Vulnerability Detection and Mitigation
InfoSec professionals have had no rest as 2021 ended with the discovery of Log4Shell and now PwnKit is doing the rounds. Such is the impact of zero-day vulnerabilities that have been in the most widely used systems and have remained undetected. As security measures increase, threat actors will also work harder to find more such flaws that can essentially break down the best of systems and networks. In 2022, we will see more vulnerabilities coming to the fore – ones that cannot be found unless researchers specifically search for them. The first step to safeguarding against such potential attacks is to prioritize upgrading legacy systems.
- New Work Models, Newer Attacks
Remote work is here to stay. Hybrid models are becoming the norm as employers balance safety, convenience and productivity. Unfortunately, cybercriminals are exploiting this opportunity too! A combination of the right tools and employee best practices will be crucial to combating this issue. As access points increase, companies must let go of VPNs. The focus will need to be on securing distributed workloads by defining intelligent, user identity-based access. Enterprises that minimize the attack surface using micro-segmentation and secure user access across their environment will reap true benefits.
There is a common thread across these trends – the world has become digital; threat actors are relentless and only a proactive and comprehensive security approach will prevail! Keeping cybersecurity on the back burner will prove to be costlier than implementing a new strategy. How they protect their data, customers and employees will define enterprises’ success in 2022 and beyond.
The author is Shakeel Khan, Regional Director – India & SAARC, ColorTokens.