Security predictions for 2022
Knowing the risks and making security predictions for 2022 is necessary to find solutions. DigiCert assembled a team of cybersecurity experts. Among them, Jeremy Rowley, Avesta Hojjati, Mike Nelson, Jason Sabin, Dean Coclin, Stephen Davidson, Tim Hollebeek and Brian Trzupek. Here’s a look at their 2022 safety predictions.
Supply chain attacks, ransomware and cyberterrorism will continue to increase
- Protecting software isn’t easy in fast-paced organizations powered by DevOps. This is because most workflows are about shipping deliverables quickly, rather than designing with security in mind. As device supply chain and development processes become more complex, the area of attack will increase. Best practices, such as code signing, can help companies integrate security at every stage of the development process. They can take control of development and confirm code integrity before it progresses through the development cycle and reaches production environments and customers.
- Cyberterrorism will embolden the bad guys. New opportunities arise all the time, limited only by the imagination of the attackers. High-profile technology environments could be attractive targets. Public and private organizations that are vulnerable to spectacular cyberattacks will need to redouble their efforts on a zero-trust security approach.
- Ransomware attacks affected a wide range of industries in 2022, including healthcare organizations. These attacks will increase as the use of cryptocurrencies expands. With them, ransom payments will be more difficult to track outside of the banking system.
Trust and Identity Increase in Business Processes: The global digital transformation market is expected to grow at a compound annual growth rate (CAGR) of 24% from 2021 to 2028.
- Among the security predictions for 2022 we note that more workflows will be associated with digital signatures. That includes the healthcare industry, among many others. Digital signatures are also useful for hybrid work organizations, to onboard or support remote employees.
Europe is updating its eIDAS regulation to allow high-quality remote validation of the identity of signers. Additionally, the new proposals will dramatically expand the use of government-issued electronic identification to facilitate cross-border interactions. These changes are part of an ongoing trend to restore identity control to citizens, rather than private companies.
- Identity and trust power the Internet of Things (IoT) and more. Devices like healthcare monitors rely on real-time data integrity to support processes and decisions. 5G technology will increasingly converge with the IoT, which could lead to more attacks. Public Key Infrastructure (PKI) remains a robust and proven method of ensuring trust in IoT environments.
Post-COVID Threats Will Evolve: Last year’s predictions included a variety of security threats that were directly related to the COVID-19 pandemic. Among the security predictions for 2022, we note that those threats will continue as the pandemic slowly recedes. Digital identification and storage schemes, such as electronic health records (ECE), are increasingly used. The threat of them being hacked persists.
Automation, one of the security predictions for 2022
- Post-quantum computing will challenge the security status quo: A DigiCert survey found that 71% of IT decision makers believe that quantum computers will be able to break existing cryptographic algorithms by 2025. That means that Security organizations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography and decrease the possibility of security breaches. But many companies lack a clear understanding of the crypto they implement. So they’ll want to take proactive steps to locate exposed servers and devices and update them quickly when a new vulnerability comes to light. We include in our 2022 safety predictions that there will be some major PQC developments. NIST is expected to announce the winner of its effort to replace current versions of the RSA and ECC encryption algorithms.
- Automation will drive cybersecurity improvements: Security teams will be asked to do more with fewer resources. Therefore, automation will play an important role in terms of safety innovation. A recent DigiCert survey showed that 91% of companies are at least discussing PKI certificate management automation. Artificial intelligence and machine learning will continue to play an essential role in driving this automation.
Culture of cybersecurity, strengthened
- Cloud sovereignty will create new security demands: In an increasingly multi-cloud world, traditional perimeter-based security approaches have become obsolete. Our security predictions for 2022 include that cybersecurity challenges will become even more demanding as cloud services become more granular. Organizations are implementing cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls focus on protecting sensitive and private data and ensuring that it remains under the control of its owners. For example, T-Systems and Google Cloud announced that they will build and deliver sovereign cloud services for businesses, the public sector and healthcare organizations in Germany. As more of these sovereign cloud initiatives emerge, we predict that organizations will require increased awareness of regional security requirements.
- Organizations will prioritize cybersecurity culture: Finally, in our 2022 security predictions we anticipate that organizations will strengthen cybersecurity culture, led from the top. We hear more about C-level manager education through phishing tests, mandatory online training, and cyber simulation exercises. The goal is to actively help them test their communication and decision-making strategies in the face of a cybersecurity crisis. It is clear that cyber attackers will continue to innovate and create more complex and insidious threats. Mitigating the threats of tomorrow will require commitment from leaders and good communication across organizations.