The last two years have come with a great deal of upheaval for businesses in accommodating new needs from COVID-19. These changes were impossible to predict without knowing this was on the horizon, and many companies were caught flat-footed and attempting to play catchup to deal with a long-term remote workforce. Businesses are finally reaching their stride and returning to a business as usual, even though “usual” has changed. This puts them in an excellent position to make plans and strategies for adapting to what is on the horizon. Doing this requires looking at what possible trends are likely to change in infosec to prepare your organization better.
Below we will discuss the top 3 trends expected to emerge in the cybersecurity landscape in 2022.
Trend 1: Identity Simplification
With the average person having to remember over 100 usernames and passwords, it is safe to say that individual accounts have spiraled out of control. This is far beyond the capacity of a single individual to keep in their heads, forcing them to utilize password management software, write it down, or reuse passwords. Password reuse is the most dangerous as passwords that attackers stole from a breach of one site can be used in credential stuffing attacks on other sites, allowing hackers easy access.
Moving towards centralized identity management with OAuth and multi-factor authentication (MFA) will help to decrease this risk. OAuth and other centralized management systems allow users to leverage a single set of credentials for multiple sites and services, significantly reducing what needs to be memorized. Adding in MFA will limit the ability of thieves who have stolen credentials to gain access to a user’s assets as they are blocked without providing the second factor on a login. Both of which together will significantly improve identity security and make access management more accessible for users.
Trend 2: Function Consolidation
Cybersecurity consists of numerous domains that need to be addressed by organizations. They cover everything from Identity and access management (IAM) to network security and risk management. Over time, businesses have implemented software solutions to address these domains individually. While highly effective for their area of expertise, these point solutions did not always have value outside of their specialty. This led to a proliferation of software solutions requiring oversight and management while generating insight specific to their functionality and not tying analytics together to create a holistic view of the infrastructure.
With the increase in Zero Trust initiatives, more software solutions add functionality to their existing platform to cater to multiple domains. With this approach, businesses will be able to eliminate many of the current point solutions and roll them up into newer solutions that cover a variety of needs. Solutions that take this approach can offer centralized dashboarding that draws insights across multiple domains to identify high-risk situations that would otherwise not be apparent when viewed only within the scope of a specific area of security.
Zero Trust has been a buzzword for the last few years, with 72% of organizations planning to adopt or already adopting a Zero Trust model. Moving to Zero Trust is more complex than a simple flipping of a switch to engage new functionality. It requires changes and solutions to manage access and increase visibility across the environment. This is where the trends above come into play.
By consolidating functionality into fewer tools, organizations will gain increased visibility into access and utilization throughout their organization. It will provide better monitoring and alerting, crucial for Zero Trust. Along with this, IAM is foundational to Zero Trust implementations. All access to resources, networks, and hosted assets revolves around the Identity and information associated with it. This data drives decision-making for granting and restricting access to users. Implementing these changes must occur before Zero Trust is even viable.
Looking to the Future
Business success in the modern IT environment requires evolution to protect against emerging cyber-attack strategies. Being aware of and adapting to new trends will help your organization to be prepared for new and evolving threats.
In addition to the above, organizations should explore DevSecOps to tie in security as part of engineering and operations to ensure better security posture. Build Cyber Resilience for recovery after a Ransomware attack, and establish a Cyber Resilience office with access skills and insights to new cyber threats and day-zero attacks. Doing all this is an enormous undertaking, but doing so will pay significant long-term security dividends through better trust with users and reputation in the market.
Contact us to learn more about how to implement a complete Zero Trust strategy to uplevel your organization’s security posture.