In the growing threat landscape and rising security incidents across the globe, 2021 can best be described as a growth year around cybersecurity and data protection platform. The level of threats and incidents has significantly raised in various business areas; however, the adaption of new technology has not decreased. Awareness of cybersecurity risks and need for security posture grew consistently. Reporting on cybersecurity issues/risks/threats has become a regular feature in various media and communication platform. And the IT services industry that assists in cybersecurity preparedness, management and incident response has developed, both in terms of size, capabilities, and sophistication.
Security and risk management are on continuous pressure and are on RADAR, as the digital footprint of organizations expands, expectations from cybersecurity is high. Hybrid culture and working in an open environment in the cloud have introduced new risks. At the same time, complex ransomware, attacks on the digital supply chain and deeply entrenched liabilities have uncovered cybersecurity gaps, threats, and skills shortages in this digital age.There is an uncompromised need in reframing the security practice and rethinking technology, as well as preparing to respond to new threats/vulnerabilities.
Organizations will need new business recovery strategies and security controls in place to respond to the changing cybersecurity threat landscape and growing new technologies. Some of the emerging industry trends are likely to show where the field is moving towards in 2022 and how the businesses should prepare themselves to be resilient in nature
1. Attack surface expansion :
Working remotely has become a new normalcy in today’s world. Currently, more than 70% of resources are working from home and majority of resources are not willing to return to office. These changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of various applications have exposed new and challenging attack “Surfaces”. This type of risk recommends security leaders to look beyond traditional approaches to enable 24/7 security monitoring, detection, and response ( MDR / EDR / XDR) to manage a wider set of risks.
2. Significant rise in Ransomware Attacks :
The ransomware attack on Colonial Pipeline was one of the biggest cybers attacks in 2021. Majority of the organizations have started identifying the vulnerabilities in their network slowly and started investing in enabling security controls. However, ransomware attacks are increasing to threaten business networks around the world. Developing awareness and understanding the current threat landscape of their own network to treat them accordingly will be very essential for most businesses in 2022.
3. Supply Chain Dependencies and Evolving 3rd Party Risks :
While strengthening the internal security controls which is very important for organizations, the need for strengthening the external networks or 3rd party controls is not less important. The attacks on the supply chain seem to be steadily raising the threat among the organizations.
Security experts predict that there will be a significant increase in threats that is creating headlines in 2022. Ransomware attacks will play a significant role in this surge of activity.
Successful supply chain attacks could cause significant disruptions to supply chains around the world, causing impact to organizations key deliverables. Hence, assessing and mandating the security controls on the 3rdparty’s environment is very important with building security posture within the organization.
4. Mobile Devices Attack Vectors :
Many end-users connect to e-commerce software and other online platforms through mobile devices to complete day to day activities which is critical in nature. Based on the rising dependencies on mobile devices, cyber hackers are targeting these users by creating vulnerabilities into attacking mobile devices.
Creating mobile device management policy and strengthening mobile access controls are the key requirements to reduce mobile fraudulent attacks which is increasing in the market.
5. Phishing and Social Engineering remain Major Challenges :
Incidents that rely on social engineering, like phishing attacks, vishing calls, spear phishing, will continue to create difficulties for businesses in 2022. Insider threats are evolving day by day becoming prey to such attacks. Employees who do not know how to identify a phishing email may unconsciously leave their business’s networks open to hackers.
Organizations are recommended to invest an enterprise-wide security training and phishing simulations which will help businesses educate their employees on security best practices and limit the effectiveness of such threats.
With the evolving changes and trends in the market, new business practices and the growing value of data will change the cybersecurity landscape in 2022. Organizations should continuously adapt to changing needs and expectations to be ready to face the emerging and increasing threats like data breaches, ransomware attacks, attack surfaces, social engineering and IoT vulnerabilities.
There is need to strengthen the current security posture and enable the right strategies to toughen the business networks against potential threats. Also, its important to adapt to new security products and growing technology with robust security posture which will reduce the organizations becoming prey to predators.
While thinking of adapting to new technologies in the current organization, it’s also important to eradicate growing vulnerabilities, reducing the complexities, monitoring the network and improving the efficiency to improve the overall security of the organization.
About the Author :
Ms. Kavitha Srinivasulu
Global Head – Cyber Risk & Data Privacy – BFSI R&C
Tata Consultancy Services
Ms. Kavitha Srinivasulu has around 19+ years of experience focused on Cybersecurity, Data Privacy & Business Resilience across BFSI, Financial services, Retail, Manufacturing, Health care, IT Services and Telecom domains. She has demonstrated her core expertise in Risk Advisory, Business Consulting and Delivery assurance with diverse experience across corporate and Strategic Partners.She is a natural leader with versatility to negotiate and influence at all levels.
The views and opinions expressed by Kavitha in this article are only from her personal side and not representing her company viewpoints or sharing any of her customers views.
Ms. Kavitha Srinivasulu is Bestowed with the following Licenses & Certifications :
https://www.linkedin.com/in/ka
https://www.linkedin.com/in/ka
Ms. Kavitha Srinivasulu can be contacted at :
LinkedIn : https://www.linkedin.com/in/ka
Also read Ms. Kavitha’s earlier article: