A quick outlook into 2022

  • Top 2022 priorities for most organizations include digitization projects, enhancing hybrid work productivity, public cloud adoption, and increasing cyber-resilience.
  • Ransomware, attacks targeting work-from-home setups, supply chain attacks, and as-a-service cyber-crime will likely dominate the threat landscape in 2022.
  • The transition from cybersecurity to cyber-resilience is accelerating but there are steps to be made for closing the gap between business and security leaders.

Last week I participated in a Bitdefender webinar focused on the key security incidents from 2021 and how we can use the learnings from the past to be better prepared for the future. This was a great chance to think about what 2022 is likely to throw at us and what is the best course of action we can take to be as prepared as possible.

With the hope that no black swam will hit us hard, I expect that 2022 will be much like 2021 in many regards. It doesn’t mean this year is to be boring, on the contrary. If what we saw last year goes into 2022, that is enough to keep us (very) busy.

What will we be busy with (CIO priorities)

In a fashion similar to 2021 among the top priorities for 2022 we are seeing digitization, hybrid work support, and cloud adoption. There is no surprise here. Digitization is a process that started years back and it still goes strong. The Covid-19 pandemic accelerated the process and two particular trends are important to notice: hybrid work enablement and public cloud adoption.

While we are looking forward to our lives returning to normal in 2022, likely many of us will continue to work fully remote or in hybrid scenarios for long. Enabling productivity goes beyond providing remote access to the same systems that employees have access to while in the office. A new class of tools and processes is needed (more on this in a future blog). The ESG 2022 Technology Spending Intentions Survey shows for example that over 60% of organizations globally will spend more on advanced technologies like AI and ML while 65% intend to spend more on public cloud infrastructure. 

These priorities bring many benefits but also have an important drawback: they create a stronger and stronger dependency on digital. Having that said, the next focus area obviously must be to make businesses more resilient when facing cyber threats. Almost 70% of all organizations will increase cybersecurity spending in 2022 according to ESG. The focus on making sure the digital infrastructure continues to operate undisturbed by incidents is well justified by the past experiences but also by how the threat landscape is expected to evolve in 2022.   

What will they (the attackers) be busy with

Incidents from 2020 and 2021 are showing that remote/hybrid work setups are not only posing productivity challenges but are also are increasing the cyber risks. Attackers will continue to leverage work-from-home technical and social vulnerabilities to cause disruptions. Ransomware was a plague in the past years and will continue to be a headache in 2022. The World Economic Forum places Ransomware as the top cybersecurity concern for 2022. 

Another important threat that we expect to see in 2022 is the increased adoption of the as-a-service business model in cyber-crime. The “professionalization” of attacks is a concern as defenders will have to face more often individuals with both the skills and resources to do harm. Lastly, we will see another trend picking up speed: threat actors will focus more on exploiting the trust relations from within the supply chains. They will attack (smaller) business partners to get access to bigger organizations, otherwise more difficult to breach. 

What to focus on (CISO priorities)

Throughout 2021 I advocated that given the current IT priorities and the evolutions in the threats landscape, the organizations should focus on shifting from cybersecurity to cyber-resilience. I am very pleased to see that in the Cybersecurity Outlook for 2022, the World Economic Forum is stating that for 84% of their survey respondents cyber-resilience is considered a business priority with support and direction from leadership. This is a key transition and the benefits will be long-lasting. With attacks getting increasingly sophisticated and ubiquitous, cyber-resilience is core to any sound security and business continuity effort.

Even if businesses are largely perceiving the value of resilience, there is still a long way to go. The differences between cybersecurity and cyber-resilience are not clearly understood by as many of 59% of cyber leaders, according to the World Economic Forum. The same Cybersecurity Outlook for 2022 is detailing the different viewpoints between cyber and business leaders when talking about cyber reality and the allocated resources. Addressing this gap for a better alignment between cybersecurity and other senior leaders should be a CISO (and board) priority for 2022. Only in this way, cyber-resilience will become an integral and effective component of business continuity planning.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s