Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Where cybersecurity spending will go in 2022
By Ameesh
Divatia, co-founder and CEO, Baffle
As cybersecurity continues to
climb up the business priority stack, the astronomical valuations of public cybersecurity
companies suggest that we'll see an even greater influx of massive funding in
the sector.
Based on my experience and conversations with executives in the field, I expect
the following trends to impact where security investments are directed in 2022.
Supply chain security. The supply chain is a red flag for
cybercriminals. Cybercriminals historically strike when industries are going
through times of chaos-and this moment certainly qualifies. For example, many
digital supply chains contain code with vulnerabilities that stem from open
source projects, which cybercriminals are adept at exploiting. To help keep
problems from worsening, organizations should conduct audits and penetration
testing, and update cybersecurity protections within their supply chain to
determine vulnerabilities and address them.
Data-centric
security.
Executives will champion more stringent data security standards. While 2020
proved to be a chaotic trial-and-error attempt at operating under "the new
normal," 2021 was the first year of doing so with some experience. Over the
last 12 months, companies collected a treasure trove of data with entirely new
insights on how well they responded, areas of potential growth and avenues for
greater efficiency. That data must be analyzed in the cloud-which can be
vulnerable. Expect more organizations to invest in comprehensive data
protection-like encryption, masking and tokenization-to facilitate faster
access to analyzed data. Organizations that don't have the appropriate data
analytics pipeline protections will be delayed in accessing this critical
information.
National
privacy law.
It is difficult to say when the U.S. will adopt a federal privacy law, similar
to the EU's GDPR, but next year may prove to be the tipping point. In the
absence of a national referendum, states are taking matters into their own
hands. I expect even more proposed privacy laws to be introduced in 2022,
accelerating the debate over a national policy that sets a baseline of privacy
expectations for consumers regardless of the state in which their data resides.
A federal privacy law will also help minimize the number of requirements
companies must sort through when conducting business in different states.
Cybersecurity
complexity.
Cybersecurity environments become more complex as a result of deploying
cybersecurity solutions from a variety of providers. Any number of unnecessary
challenges arise in a multiple-provider scenario, such as extra time managing
each vendor and solution integration. Many organizations will seek solution
providers with a single data transformation approach in identity management,
tokenization, masking and encryption that simplifies data management and
protection.
The
cybersecurity talent gap. Organizations will creatively tackle the
cybersecurity talent shortage. Cybersecurity professionals are taking on more
tasks than ever, which leads to burnout and diverts their focus from ensuring
the company has the strongest possible security posture. The talent gap
increases an organization's risk considering the learning curve they face to
fend off attacks or prevent accidental data exposure. To compensate for the
talent shortage, more companies will employ a hybrid solution that incorporates
additional training and automation. Automating a wide range of less critical
cybersecurity tasks will free up staff to identify and mitigate potential
threats. This approach will help retain skilled employees and be a selling
point for recruiting. As well, organizations can address personnel shortages while
maintaining the highest level of security.
Turning the calendar to a new year does not mean the
industry will change course and improve upon policies and practices instantly.
The private and public sectors must prioritize their spending, and the areas
discussed here represent a good starting point. No matter what, cybersecurity
hygiene with effective policies and practices will always be top-of-mind.
##
ABOUT THE AUTHOR
Ameesh Divatia is
co-founder and CEO of Baffle, a cloud data protection company that
simplifies encryption while enabling secure computation on encrypted data in
memory, in use and at rest. Divatia has a proven track record of turning
innovative ideas into successful businesses.