With a new year comes new strategies for businesses and other organizations. A significant area of focus in 2022 will have to be cybersecurity, but what are the implications for that?
There are a lot of businesses, particularly smaller ones, that donโt have any cohesive cybersecurity strategy at all. They realize itโs something theyโll have to focus on to protect their interests and remain competitive going forward.
The following are some of the priorities that specifically businesses should consider in the upcoming year regarding cybersecurity.
Hybrid Workforce Security
In the spring of 2020, the world changed. People were forced to work remotely due to pandemic shutdowns. The plan, at least from employers’ perspective, was that theyโd bring workers back to the office.
Thatโs proving to be a challenge. Not only are we continuing to contend with waves of COVID-19, but employees also donโt want to go back to traditional work environments.
A lot of employers, rather than going completely remote or entirely in-office, are finding the best solution is a hybrid environment. That means different challenges for cybersecurity, however.
Hybrid work requires a different balance of security and productivity.
2021 was more about the fundamentals of securing a remote workforce. 2022 will be the year of looking for new opportunities and processes.
People who head up cybersecurity initiatives will be thinking about how they can best meet the needs of a workforce thatโs constantly fluctuating between being remote and in-office.
Simple But Effective Threats
We tend to think about cybersecurity as something highly technical and complex. In many ways, it is, but analysts are predicting 2022 is going to be a year where simplicity leads to the worst breaches.
The prevalent threats often involve lapses in human judgment rather than some highly technical scheme. In a rush to try and be forward-thinking with cybersecurity, sometimes the fundamentals are overlooked.
2022 will be about dealing with increasingly complex environments but doing so in a way that first targets the fundamentals.
Privacy Law Implications
Even small businesses need to keep an eye on privacy laws. Analysts believe by the end of 2023, privacy laws will encompass the personal information of 75% of the global population.
GDPR was the first sweeping legislation of its kind, but itโs been quickly followed up by others, including the California Consumer Privacy Act (CCPA). Thereโs also the Brazilian General Personal Data Protection Law.
These wonโt be the last of the laws and regulations of this type.
When you own a business, you will have to manage different data protection laws depending on where youโre operating.
Youโre also going to have to be direct with your customers in letting them know the type of data you collect and how you use it once you have it.
Businesses are likely going to work to automate their privacy management systems so they can standardize how they do things in this area and then adjust as needed depending on the jurisdiction.
Dealing with Visibility Issues
We touched on this a bit above when talking about remote and hybrid work, but a growing challenge in cybersecurity right now is how to regain centralized visibility. IT departments are working on building out infrastructures that allow them to see all the devices and services that are foundational to remote and hybrid work.
Monitoring and threat detection are considerable challenges to solve in these areas.
Thereโs no security without visibility. Additionally, a lot of businesses during the start of the pandemic scrambled to deploy new software and resources for business continuity. However, they didnโt necessarily have time to integrate them into security workflows, so now is the time to start doing that.
Itโs more of a time to stop looking at survival and start looking at strategies for cybersecurity.
Exploitation of Supply Chain Issues
A point of weakness that will need to be considered in the new year will be supply chains. Bad actors may take advantage of supply chain issues, much as they did during the pandemic as far as preying on health fears.
For example, cyberattacks could take advantage of consumer and business desperation to get products.
Embracing Zero Trust
As we move forward in our current environment, itโs going to get to a point where Zero Trust is no longer for enterprise organizations or something theoretical. Zero Trust security architecture will be a must-have for businesses of all sizes.
In May 2021, President Biden issued an executive order calling for Zero Trust security in federal environments.
The idea of Zero Trust is that no traffic should be trusted, even if that traffic comes from authenticated users.
Zero Trust requires cybersecurity teams to shift their thinking about network access completely.
Teams will not only gain a better understanding of the underpinnings of Zero Trust in 2022 but will also start to implement those methodologies.
Upskilling Employees
There are so many challenges on the macro level right now that businesses are dealing with. The supply chain is just one example. Employers also have a tremendously difficult time hiring employees, let alone skilled technical workers.
If you have people on your team currently who could be developed and upskilled, itโs time to start thinking about investing in those initiatives.
Maybe your team has the technical skills, and they need to develop the soft skills to better communicate across departments and break down siloes. Whatever it is, youโre likely to have to rely on looking internally to fill your skills gaps for the foreseeable future.
Business leaders are increasingly willing to invest in cybersecurity, but your team needs to have both the hard and soft skills to convey to them why projects are essential. Security and IT teams are likely to become a more integral part of overall decision-making in many organizations. Using more security automation will fill in some gaps, but still, employee development needs to be prioritized across the board.