Cybersecurity Outlook for 2022: Emerging Threats
As we move into 2022, we’re finding that many of the cybersecurity challenges that emerged with the pandemic still remain. Some have been directly related to the ongoing pandemic while others have evolved independently.
The good news is that today’s organizations are increasingly focused on building a strong cybersecurity culture. With a strong commitment from leadership and good communication, you can not only respond to emerging threats but anticipate and mitigate them before they can impact your business. In this article, we’ll take a closer look at some of the top cybersecurity concerns for 2022, the trends behind them and some recommendations to help you get out in front of them.
Supply Chain and Ransomware Attacks Aren’t Going Anywhere
The SolarWinds breach underscored some vulnerabilities in today’s complex supply chains. Ironically, it utilized a best practice—software updates—to breach software and give hackers access to government offices and companies that used the product.
Most DevOps workflows focus on pushing deliverables out as fast as possible, which makes securing software a challenge. At the same time, supply chains and development processes are becoming more complex, introducing new attack opportunities. Fortunately, with measures like code signing, companies can help ensure that security is built into every phase. Developers can confirm the integrity of code every step of the way, applying a digital signature to each revision before it goes out the door and into production environments. To track the growing array of components that go into a software app, organizations can set up a software bill of materials (SBOM) to confirm the source and integrity of code.
Some of the most audacious attacks over the past year used ransomware. The Colonial Pipeline hack jeopardized the flow of nearly half the fuel and gasoline along the U.S. east coast. These types of attacks often garner heavy press coverage—and encourage other hackers looking to do the same. Unfortunately, as IoT and other use cases introduce more connections, new vulnerabilities are emerging all the time. It’s up to governments, private companies and others that are vulnerable to ransomware and cyberterrorist attacks to renew their emphasis on a zero-trust approach to security.
Post-Quantum Computing Pushes Security Boundaries
As computing power continues to grow, traditional security schemes will be put to the test. Mass adoption of quantum computing still lies over the horizon, but we’ve seen some major breakthroughs in recent months. Google recently unveiled its new Quantum AI campus in Santa Barbara, California and is targeting the development of a “useful, error-corrected quantum computer” by the end of the decade.
According to a recent survey by DigiCert, 71% of IT decision-makers believe it will be possible for quantum computers to overcome today’s cryptographic algorithms by 2025. That means security organizations will need to rethink security for a post-quantum world. They should prepare by planning a post-quantum cryptography strategy and taking stock of devices and servers that might be exposed so they can update them quickly when new protection becomes available.
We’ll see some major developments in the post-quantum cryptography (PQC) world in the year ahead, as NIST plans to announce the winner of its effort to replace current versions of elliptic curve cryptography (ECC) and RSA encryption algorithms.
Trust and Identity Provide a Solid Cybersecurity Foundation
As complex technology becomes an integral part of every organization’s most vital business processes, the role of trust and identity will become more prominent. Hybrid work has become the new normal, and Gartner reported 75% of hybrid or remote knowledge workers said their expectations for working flexibly have increased. Digital signatures are becoming more essential for organizations that are built around hybrid work especially to onboard or support remote employees.
For the IoT and other data-driven applications, trust also has become more important. We’re seeing new connections and devices to support everything from industrial control devices, health care pumps and monitors, home security cameras and many more innovations. Real-time data is the fuel that powers IoT use cases, and assuring its integrity is critical to delivering IoT outcomes. As organizations in every industry expand their use of IoT, PKI technology provides a strong, proven method to safeguard data integrity.
A Top-Down Approach to Security
No matter what challenges companies are facing in the year ahead, encouraging a strong culture of cybersecurity across your organization can help them stay prepared. More organizations are building cybersecurity awareness, requiring that employees understand risks and the steps they need to take to avoid them. We’re seeing employee education and mandatory online training and cybersecurity simulation exercises happening at the board level. These and other exercises can help leaders test their communication strategies and decision-making skills in the event of a major cybersecurity crisis. The only certainty is that cyberattackers won’t rest, and it’s up to every organization to put processes and solutions in place to stay prepared when new threats emerge.