Supply chain attacks, ransomware, and cyberterrorism will continue to increase
- Protecting software is not easy in accelerated organizations driven by DevOps. This is because most workflows focus on delivering deliverables quickly, rather than designing with security in mind. As development processes and device supply chains become more complex, the attack surface will expand. Best practices, such as code signing, can help companies integrate security at every stage of the development process. They can take control of development and verify code integrity before it advances through the development cycle and reaches production environments and customers.
- Cyberterrorism will embolden the bad actors. New opportunities emerge all the time, limited only by the attackers' imagination. High-profile technology environments could become attractive targets. Public and private organizations that are vulnerable to spectacular cyberattacks will need to redouble their efforts with a zero-trust security approach.
- Ransomware attacks affected a wide range of industries in 2022, including healthcare organizations. These attacks will increase as cryptocurrency usage expands. With them, ransom payments will be harder to track outside the banking system.
Evolving Threats
The global digital transformation market is expected to grow at a compound annual growth rate (CAGR) of 24% from 2021 to 2028. Trust and identity increase in business processes: The global digital transformation market is expected to grow at a compound annual growth rate (CAGR) of 24% from 2021 to 2028.
- Entre las predicciones de seguridad para 2022 señalamos que se asociarán más flujos de trabajo con firmas digitales. Eso incluye la industria de la salud, entre muchas otras. Las firmas digitales también son útiles para las organizaciones con trabajo híbrido, para incorporar o dar soporte a empleados remotos.
Europa está actualizando su reglamento eIDAS para permitir la validación remota de alta calidad de la identidad de los firmantes. Además, las nuevas propuestas ampliarán drásticamente el uso de la identificación electrónica emitida por el gobierno para facilitar las interacciones transfronterizas. Estos cambios son parte de una tendencia en curso para restaurar el control de la identidad a los ciudadanos, en lugar de a las empresas privadas.
- Identity and trust drive the Internet of Things (IoT) and beyond. Devices such as healthcare monitors depend on real-time data integrity to support processes and decisions. 5G technology will increasingly converge with IoT, which could lead to more attacks. Public Key Infrastructure (PKI) remains a solid and proven method for ensuring trust in IoT environments.
Post-COVID threats will evolve: Last year's predictions included a variety of security threats that were directly related to the COVID-19 pandemic. Among the security predictions for 2022 , we point out that these threats will continue as the pandemic slowly recedes. Digital identification and storage schemes, such as electronic health records (EHR), are increasingly being used. The threat of them being hacked persists.
Automation, one of the security predictions for 2022
- Post-quantum computing will challenge the security status quo: A DigiCert survey found that 71% of IT decision makers believe quantum computers will be capable of breaking existing cryptographic algorithms by 2025. That means security organizations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography and reduce the likelihood of security breaches. But many companies lack a clear understanding of the cryptography they implement. Therefore, they will want to take proactive measures to locate exposed servers and devices and update them quickly when a new vulnerability comes to light. In our security predictions for 2022, we included that there will be some important PQC developments. NIST is expected to announce the winner of its effort to replace the current versions of RSA and ECC encryption algorithms.
- Automation will drive cybersecurity improvements: Security teams will be asked to do more with fewer resources. Therefore, automation will play an important role in terms of cybersecurity innovation. A recent DigiCert survey showed that 91% of companies are at least discussing automation of PKI certificate management. Artificial intelligence and machine learning will continue to play an essential role in driving this automation.
Cybersecurity Culture, Strengthened
- Cloud sovereignty will create new security demands: In an increasingly multicloud world, traditional perimeter-based security approaches have become obsolete. Our security predictions for 2022 include that cybersecurity challenges will become even more demanding as cloud services become more granular. Organizations are implementing cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls focus on protecting confidential and private data and ensuring that it remains under the control of its owners. For example, T-Systems and Google Cloud announced that they will build and deliver sovereign cloud services for businesses, the public sector, and healthcare organizations in Germany. As more of these sovereign cloud initiatives emerge, we predict that organizations will require greater awareness of regional security requirements.
- Organizations will prioritize cybersecurity culture: Finally, in our security predictions for 2022, we anticipate that organizations will strengthen cybersecurity culture, led from the top. We are hearing more about educating C-level executives through phishing tests, mandatory online training, and cyber simulation exercises. The goal is to actively help them test their communication strategies and decision-making in the face of a cybersecurity crisis. It is clear that cyber attackers will continue to innovate and create more complex and insidious threats. Mitigating tomorrow's threats will require commitment from leaders and good communication across organizations.