Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
5 IT Security and Cybersecurity Trends in 2022
By Maxime Trottier, VP of Sales &
Marketing, Devolutions
We can no longer use the analogy of riding
a roller coaster to describe what we are experiencing in the age of coronavirus.
At least a roller coaster ride comes to an end - and many riders are so
exhilarated, that they race back in line so they can experience the thrills and
chills yet again. But for us, we have no idea when COVID-19 will leave the
headlines. And once it does, absolutely nobody will be pining for the "gool ol'
days" of lockdowns, physical distancing and masks.
Still, as legendary motivational speaker
and positive thinking guru Zig Ziglar advised, when it comes to the future "expect
the best, prepare for the worst, and capitalize on what comes." In this spirit,
here are five technology trends that we think will dominate in 2022 - and which
we encourage organizations to "expect, prepare for, and capitalize on"
accordingly:
1. Securing Remote Access Will Become a
Mission-Critical Priority
Well before COVID-19, it was important for
organizations to ensure that remote workers, on-site technicians, field sales
reps, and other "road warriors" accessed apps and networks in a secure manner.
However, in a matter of weeks - and for some companies, days - the pandemic exponentially
increased the number of remote workers; and consequently, the volume of
vulnerabilities that hackers and rogue users could exploit.
The good news is that in the last year, some
organizations have plugged these gaps through a mix of tools and platforms, such
as a multifunction authorization (MFA), virtual private network (VPN), password
manager, privileged access management (PAM), and identity access management
(IAM). But the bad news is that other organizations - including many SMBs -
still have a shockingly weak remote access infrastructure.
In 2022, these organizations need to make
addressing this problem a mission-critical priority. According to IBM's Cost of
a Data Breach Report 2021, the average price tag of a single breach has surged to USD $4.4 million per incident - which is the highest level in the 17-year history of the report.
What's more, the average cost of a data breach in SMBs has climbed to USD $2.98 million per incident, and 60% of SMBs go out of business within six months of getting hacked.
2. Cybersecurity Spending Will Rise
Conventional advice says that cybersecurity
spending should represent about 7-10% of the overall IT budget. There are two
major problems with this traditional guidance.
The first problem is that the cyberthreat
landscape has become much worse in the last few years, as evidenced by the
alarming rise of ransomware, phishing/spear phishing, and supply chain attacks such
as the notorious Solarwinds breach. And as mentioned earlier in this article, hackers have stepped-up their attacks on remote workers during the pandemic.
The second problem is that many
organizations - and again, especially SMBs - do not have a sufficiently large
enough IT budget to begin with. As such, allocating 7-10% towards cybersecurity
may be appealing in theory, but insufficient in practice.
And so, how much should organizations
spend on cybersecurity? There is no magic number or generic formula. The right
amount supports a robust posture. While there is no way to completely eliminate
the possibility of breaches and hacks, there certainly are proven and practical
strategies, technologies, policies, and processes that mitigate the risk in a
responsible, reasonable, and cost-effective manner.
In 2022, we predict that more
organizations will realize that they are vulnerable (and likely have been for
several years), and as such will increase their cybersecurity spending, both absolutely
and as proportion of the overall IT budget. In our recently published State of Cybersecurity in SMBs in 2021-2022 Survey
report, 56% of respondents indicated that they
would be boosting cybersecurity spending in the future. We expect the bulk of
new spending will go towards password managers and PAM solutions, which have shifted
from being nice-to-have options, to essential tools.
3. The "Turnover Tsunami" Will Force a
Review (and Possibly Re-Invention) of Employee Access De-Provisioning
The so-called Turnover Tsunami - also
referred to as the Great Resignation - is upon us. According to the U.S. Bureau of Labor
Statistics, 4 million Americans quit
their jobs in July 2021. And according to Gallup
research, 48% of employees are actively looking to
make a change.
However, it is a potentially catastrophic
mistake to only view this migration as a workforce matter - because it is also
an information security risk on a scale and magnitude that most organizations
have never experienced, or even imagined.
Specifically, organizations need to establish
and enforce a comprehensive employee de-provisioning process that locks - or
better yet, deletes - access to accounts, networks, and other digital assets
the moment an employee is headed out the door; or if that is not practical
(i.e., many employees will provide two weeks' notice), then as soon as they no
longer require access.
Currently, this is a practice that many
organizations are neglecting. In fact, a recent survey
by passwordless security company Beyond Identity revealed
that 1 in 4 workers could still access accounts from past jobs - including
former IT staff and managers who had the proverbial "keys to the kingdom" (i.e.,
access to privileged accounts). In 2022, we expect this to become a much higher
priority given the potential costs and consequences.
4.
Automation, Automation and More Automation
In 2022, more organizations will use
automation to strengthen their defenses, establish visibility, and reduce the
size of the attack surface. The impact will be particularly beneficial for
SMBs, which do have the budgets to establish a fully fledged SOC or hire a team
of security engineers - especially given that the already-massive shortage of qualified cybersecurity professionals
is growing larger and larger (and costlier and costlier!).
5. Blockchain Meets InfoSec
In the mainstream, conversations
and commentaries about blockchain generally revolve around cryptocurrencies.
However, there are many exciting and potentially paradigm-shifting blockchain applications
in the cybersecurity space, and in 2022 we expect to see significant
developments in this area.
For example, blockchain can be leveraged to take passwords off a centralized
server and use biometric and password-free solutions - ultimately making IoT
devices virtually impossible to hack. This is vital for both consumers and
companies alike, since the proliferation of connected devices has created
a cybersecurity blind spot that is
enabling hackers to launch zero-day attacks and compromise routers, printers,
TVs, webcams, and more.
The Road Ahead
Predicting the future has always been tricky.
But in the shadow of COVID-19, predicting the next quarter or month can be tough.
Some things have, can, and probably will change at a moment's notice -
including shifts that seemingly come out of nowhere.
Still, the future marches on, and we must
travel with it. And regardless of what the year ahead has in store - what we
can imagine, and what we cannot - it is a safe bet that the five cybersecurity
trends described above will accelerate the pace and set the tone; not just in
2022, but for years and decades to come.
All we can really say with absolutely
certainty is: stay seated and keep your hands and feet inside the vehicle at
all times, because the roller coaster ride is far from over!
##
ABOUT THE AUTHOR
As VP Sales & Marketing at Devolutions,
Maxime Trottier leads the company's international market research and
development efforts, along with customer relations and overall business
development. He's driven to bring innovative and cutting-edge solutions to
Devolutions' customers around the globe - this includes secure remote access management, secure digital vaulting, secure
password management, MFA, and security automation. All of Devolutions'
solutions are affordable for SMBs, and are simple to deploy, configure and use.