Virtualization Technology News and Information
Thales 2022 Predictions: Why a Return to "Business as Usual" Could Pose 2022's Biggest Cybersecurity Risk

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Why a Return to "Business as Usual" Could Pose 2022's Biggest Cybersecurity Risk

By Francois Lasnier, VP, Authentication and Access Management Products, Thales

As we turn the page on the second year dominated by COVID-19, there are reasons to be optimistic that 2022 could see a return to "business as usual". The recent rise in cases caused by the Omicron variant has been troubling, yet those who are fully vaccinated and have received a booster seem to be well protected against the virus' worst outcomes. What's more, promising treatments could allow us to dramatically reduce hospitalizations and deaths from COVID-19 in 2022.

With the combination of pandemic fatigue and improved prevention and treatment, we should see many companies return to working in person - limiting the need for the hybrid and remote work environments that became ubiquitous over the last two years. But as organizations return to the pre-pandemic "business as usual", they could be inviting unexpected risks with regard to their cybersecurity practices.

It's only natural that, after two years of high pressure and stress, most people and organizations want to experience a sustained period of calm and stability. However, cybercriminals have shown that they won't be taking any days off from their efforts to hack into valuable infrastructure and data. For bad actors, "business as usual" is a tantalizing opportunity.

Playing catch-up on best practices

In the rapid dash to support remote work in the early days of the COVID-19 pandemic, many organizations left themselves vulnerable by failing to incorporate security best practices in their new hybrid systems. While some teams have worked to patch up any weaknesses over the last two years, others continue to rely on traditional security tools that have proven inadequate against evolving threats. In particular, traditional security tools like passwords and virtual private networks (VPNs) continue to be used widely, despite the fact that these solutions have been exploited in high profile breaches and hacks and could not scale to the new realities of hybrid work.

This isn't to say that IT professionals aren't aware of the issue at hand. According to the 2021 Thales Access Management Index, nearly half of surveyed IT professionals said they are not confident in their current access security systems to support today's hybrid work environment. Yet in the context of constant pressure to optimize processes and integrate new cloud-based tools and microservices, cybersecurity is frequently deprioritized in favor of business growth and agility.

Great Resignation side effects

The transition to remote work presented unexpected hurdles for IT and cybersecurity teams. But while companies adjusted to the new normal of cloud-based tools and online meetings, the added impact of the Great Resignation threatened to exacerbate the access control challenges facing today's enterprises. As millions of Americans leave their current positions in search of new opportunities, companies must scramble to quickly restaff and maintain operations. This reshuffling has major implications for security best practices, and it would be reasonable to expect an increase in cybersecurity incidents as an indirect result of the Great Resignation.

When new staff members join an organization, they're inundated with onboarding information on how to use the company's many systems and processes. In this tidal wave of information, security protocols can often be lost in the shuffle. The more new hires a company brings on, the more likely that innocent mistakes turn into costly incidents. Organizations must also bear in mind the employees that have moved on - former employees maintaining access to a company's infrastructure presents a long-term liability, particularly in the case of those who left on bad terms.

In 2022, businesses must consider that the cost of replacing an employee extends beyond just recruitment and onboarding. Increased investments in security tools and training will be necessary to prevent the potential damages of a cyber incident.

It's not too late to recover

While some organizations may be entering 2022 with questionable security practices, they can make headway by working quickly to identify where their data is being stored and what tools are being used to protect it. An organization can only protect the assets it knows about, so a full audit of where information is being held and who can access it is essential for a sustainable solution.

Once businesses have a clear picture of their infrastructure, they can implement new security and access management controls to protect data at its core. Rather than outmoded tools like passwords and VPNs, these updated solutions should include new best practices like two-factor authentication, encryption and key management. Using those tools, security teams can then restrict access to only those who are authorized. By dramatically limiting the number of employees who can see and access sensitive information, organizations will see an associated reduction in the risk of an incident. Finally, a fully zero-trust strategy - an NIST-endorsed architecture that requires constant validation to access sensitive information - offers the most robust solution to address the security challenges facing businesses in 2022 and beyond.

No one can predict how COVID-19 will shape business in 2022. But even if the pandemic winds down, there's no reason to believe that security threats will wind down with it. Organizations have a responsibility to protect their sensitive data. Instead of giving in to a "business as usual" mindset, business leaders must take this opportunity to protect their teams for both the short- and long-term future.



Francois Lasnier 

Francois Lasnier leads the Identity and Access Management product portfolio at Thales Cloud Protection & Licensing. Francois provides the strategy and vision for the company’s industry-leading Identity and Access Management products and services focused on providing trusted access to cloud services and applications for both the enterprise and government sectors. Francois holds a Master of Science degree in Electrical Engineering and Computer Science from the French graduate school of engineering, Supélec.

Published Friday, January 07, 2022 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>