When it’s time for a new year, that means businesses and organizations need to be thinking about cybersecurity and where their priorities lie. This is especially relevant as workers are likely to stay remote throughout much of next year, or at least on a hybrid schedule.
The following are likely to be some of the key cybersecurity priorities as we go into 2022.
Emphasis on Identity Management
The easiest way for hackers to access digital assets is through stolen credentials. The number one way organizations are currently targeted and ultimately infiltrated is through compromised identities.
User access should be one of your IT department’s biggest priorities as a result. However, that need doesn’t exist in a vacuum. It has to be balanced with productivity, security, and efficiency. You want your team and verified users to have access to the critical IT resources to do their jobs, but you can’t sacrifice security in the provision of that access.
Identity management is a process of giving users needed access to IT resources.
Identity management is one part of the larger concept of identity and access management or IAM.
Identity management is forward-facing to users, while access management is on the back-end and is managed by IT.
Identity management refers to authentication. Access management is how users are authorized.
Identity management is more than security because it gives IT admins all the information they need in a centralized way to see who’s accessing what. It’s also an efficient means of provisioning and de-provisioning users.
Stronger Defense Frameworks
Another priority will be the implementation of more robust frameworks for defense. Zero Trust is one of the frameworks to pay particular attention to. Other increasingly relevant frameworks include DevSecOps and Cloud Service Provider native services.
Many organizations are in the midst of transitioning to a Zero Trust framework, realizing their legacy security methodologies are no longer going to suffice.
Security in a Hybrid Environment
We’re now going into the third year of dealing with the pandemic, and we’ve learned a lot on the business end of things. In the spring of 2020, employees worldwide were thrown into remote work with little or no planning or strategy. Now, we know that remote work will probably continue on some level in 2022.
Many organizations are working to create a flexible, versatile hybrid environment. They can switch employees to remote easily and it’s an agile way to work, yet they can also get the benefits of in-person work when needed.
A hybrid work environment requires a unique approach to cybersecurity.
There has to be an optimal balance between productivity and security. While 2021 emphasized the fundamentals of remote work security, 2022 will likely be about finding new opportunities and ways of doing things and optimizing processes overall.
Cybersecurity and company leaders will be looking to identify ways to meet the needs of a workforce who could change their work environment from day to day.
Back to Basics
We tend to view cybersecurity as something highly complex. In some ways, the implementation of particular tools and technologies can be, but at the same time it’s like 2022 will be a year to get back to the basics.
Simplicity is often what causes the most damaging, catastrophic breaches. Many times what leads to the most damage is the result of problems in human judgment or human error rather than something highly technical.
Often, organizations will often make the mistake of trying to be so forward-thinking in their approach to cybersecurity that they forget about the basics.
What’s going to happen in 2022 is that environments will get more complex, but at the same time, the targets will be the fundamentals.
Visibility concerns tie in with hybrid and remote work but are so pertinent they also need to be talked about on their own.
IT departments are currently working in many cases to build infrastructures that give them visibility into all the devices and services that are part of hybrid and remote work. They need this visibility because threat detection and monitoring are among the biggest challenges in cybersecurity right now.
Supply Chain Weaknesses
There are ongoing supply chains that are already independently causing enough problems for businesses, but it looks like 2022 could bring a wave of bad actors who want to exploit them. Organizations and IT teams have to be prepared for this.
There could be an influx of cyberattacks who want to take advantage of desperation to get products, for example.
Data Privacy and Security
Without securing data, there’s no way to protect data privacy. There will be increasing regulations put forward nationally and internationally, as well as by state governments and IT departments have to be prepared.
Recently the FTC published its Statement of Regulatory Priorities. Priorities included the Children’s Online Privacy Protect Act. Currently, FTC staff are reviewing public comments about COPPA.
The FTC is also reviewing public comments made in response to the Identity Theft Rules and will likely send a recommendation by the start of the year.
Since there is tremendous growth in the number of hybrid and remote-working employees, many companies are now moving toward making it a long-term change. With a distributed workforce comes the use of employees’ own devices. This is more formally known as Bring Your Own Device or BYOD.
Security leaders need to ensure they’re securing these devices and controlling the access to sensitive data.
It’s all part of the larger goal in 2022 that will have to be at the forefront, which is the elimination of the idea of a traditional security perimeter and the development of a remote work environment that’s secure.
It’s going to be a challenging year, but CISOs and other relevant stakeholders will become a more integral and strategic part of businesses than ever before. They’re going to be relied on and regarded in increasingly relevant ways throughout 2022.