As global economies look to exit the pandemic chaos, there is a cloud of uncertainty around navigating the new normal. While enterprises tout their efforts to accelerate digital transformation efforts, for security leaders in business there is a dark side to the rapid deployment of new technology.
Remote work, virtual meetings, hybrid cloud networks, and software-as-a-service (SaaS) adoption have all brought about complex IT infrastructures that are opening up new threat avenues. Meanwhile, CSOs also must help ensure their organisations are in compliance with new regulations.
The recent onslaught of attacks, network vulnerabilities, and new compliance regimes means CSOs have their work cut out for them as they enter 2022. CSO has collected insights from analyst firms and industry experts to arrive at a list of top cyber security predictions for the year.
1. Companies to prioritise supply chain resiliency, responsible sourcing
Threat actors are progressively targeting smaller vendors and suppliers, making supply chain, or third-party, breaches almost inevitable.
There have been a growing number of reports of third-party incidents plaguing firms. “60 per cent of organisations will use cyber security risk as a primary determinant in conducting third-party transactions and business engagements,” according to a Gartner prediction report.
Before onboarding new suppliers or renewing contracts, companies will demand agreement on policies stipulating that their vendors will assume the risk of third-party attacks, paying for costs of remediation, the report suggests.
2. Privacy legislation will accelerate globally
As data residency continues to be one of the most important components of security, modern privacy laws could be expected to cover the personal information of 75 per cent of the worldwide population, according to the Gartner prediction report.
“The sheer scope of laws like GDPR, LGPD [Brazil's general data protection law), and CCPA [the California Consumer Privacy Act] suggests that compliance officers will be managing multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data is being collected and how it’s being used,” said the Gartner prediction report.
According to Ben Smith, field CTO at network security company Netwitness, the flexibility of an organisation's IT architecture will become even more important as new privacy regulations are passed and enforced.
“Regardless of your corporate size, if you are charged with securing your global organisation, be thinking about your own architecture and where the data is collected, where it lives, and where it is handled,” Smith says.
3. Hiring of resident compliance officers will pick up
As organisations face new regulations, there will be a demand for resident compliance officers to help navigate through the complex and evolving dictates.
“Compliance officers will certainly rise on the recruiters' agenda as regulatory bodies mandate there be a 'single throat to choke,'" says Liz Miller, an analyst from Constellation Research.
“Although, that’s exactly the opposite of what we need. What we do need are skilled tacticians and strategies, which can be trusted voices and leaders within (and across) an organisation, capable of translating the complexity of new (and constantly shifting) global regulations into real business value for everyone from the CEO to the mailroom.”
4. Bossware will affect employee engagement and insider threats
With a major chunk of the global workforce forced to work from home by the pandemic, there is an upsurge in the usage of software that allows supervisors to monitor employees at all times. This has upset the remote working ecosystem to some extent, escalating employee distress.
“Tattleware (also bossware) will degrade employee experience by five per cent and increase insider threats in 2022,” according to a security prediction report by Forrester. “Employee backlash will grow as firms overreach, leading to an appreciable drop in technology satisfaction and employee engagement.” This, according to the report, may also lead to CISOs overcorrecting by reducing the scope of insider threat programs, thereby increasing risks.
5. Security products, supplier management will be consolidated
With major business processes moving to complex cloud environments, there will be a push on the part of enterprises to streamline management of security product suppliers.
According to the Gartner prediction report, enterprises will look to adopt cloud delivered secure web gateways (SWGs), cloud access security brokers (CASBs), zero trust network access (ZTNA), and firewall as a service (FaaS) capabilities from the same vendor.
Vendors themselves will consolidate features formerly found in separate applications. “The growing complexity of cloud, cloud-native and devops environments will also lead to consolidation of functionality, with vendors tackling use cases from IT observability for security to cloud security posture management (CSPM), cloud workload protection, cloud asset attack surface management, and more,” says Scott Crawford, research director for information security at 451 Research.
6. Spending on threat detection and response to grow
As significant malware campaigns — including ransomware, spearphishing, and sideloading attacks — proliferated in 2021, CISOs started focusing on getting ahead of cyber attackers in order to protect their businesses.
“In 2022, we expect the many high-profile and far-reaching attacks in 2021 to drive further spending in threat detection and response — the area most frequently reported by respondents to our 451 Research Voice of the Enterprise: Information Security surveys, where they either have deployments in pilot/POC or plan to deploy in the next 6-24 months,” says 451's Crawford.
7. Cyber insurance premiums will increase
Cyber insurance will be more expensive, with premiums shooting up, in the wake of recent high-profile cyber attacks. “Cyberinsurances are much more expensive these days as costs surge, and are most likely to continue soaring,” says Constellation's Miller.
“Insurances are like double-edged swords: While they do provide security coverage and have become a 'must-have' for organisations, they have also alerted the attackers to asking for even more ransom in the attacks, knowing it’s all covered.” Insurers, hurting from the losses assumed from old policies, are increasing prices by 25-27 per cent on average, she noted.
8. Use of CDT (customer data tokens) and BAT (basic attention tokens) to rise
Several experts have been predicting the launch of blockchain-enabled tokens as compensation to security-conscious customers for gathering and using their data. “In the coming few years, 25 per cent of the Fortune Global 500 will employ blockchain-enabled CDT and BAT to compensate their customers,” according to a report by IDC.
“The idea of compensating visitors/customers with tokens for their time, data, or mere attention has long been an attractive concept to marketers who keep watching the impact and outcomes of their media investments,” adds Constellation's Miller, citing Brave, an open source web browser.
“One such model recently announced by Brave could be a testing ground to see if even the most privacy-aware and sensitive users like Brave users are willing to watch ads or engage with ad-sponsored content in exchange for a BAT that could be used to support publishers and content producers.”
Brave encourages users to turn on optional ads in exchange for BATs as a reward for their attention to the generated content. Users may pass their tokens to publishers as a way to support selected sites or retain them to, for example, exchange them for premium content.