Cybersecurity predictions: what to expect in 2022
With the roller coaster that cybersecurity has been in 2021, we are all curious to see what 2022 has in store for our industry. To help shed some light on what to expect, we recently hosted a webinar featuring Lewie Dunsworth, Nuspire CEO, and JR Cunningham, Nuspire CSO, who offered their cybersecurity predictions.
Cybersecurity Forecast 1: Pandemic Fatigue Continues
Pandemic fatigue continues to affect the performance of all businesses in all industries, and it’s not going away anytime soon.
“It’s not just about safety,” Lewie said. “You have to focus on the people.
Lewie discussed the importance of flexible working models, not only in terms of where you work, but also flexibility in hours. He stressed that now is not the time to do more.
“When teams are tired, it’s important to focus them on the things that really matter,” Lewie said.
JR added, “It is essential to focus on the human connection and to help the teams through this period by supporting them in any way possible.
For example, JR said he’s started budgeting for controls that can be used on a personal level (i.e. password managers) to accommodate working from home. He went further and extended security support not only to employees, but also to their families.
“If a kid on my team is having trouble with their personal iPad, we’re here to help,” JR said. office work environment.
Cybersecurity Forecast #2: Budget Reconciliation
“Many organizations over the past two years have felt a lot of pressure to digitally transform faster and on a greater scale than anyone anticipated before the pandemic, and this is creating friction between digital transformation efforts, IT spending and security spending,” Lewie said. . “This forces security leaders not only to develop compelling business cases for investing in new security services, but also to validate the effectiveness of those controls.”
According to Lewie and JR, it’s all about starting small and controlling what you can control. Instead of making large purchases in three to five year buying cycles, focus on projects you can take on that offer you the maximum return on risk at that time.
“You have to tie the results to any requests you make to management,” JR said. “One of the common failures we have in the security profession is that we’re not good at announcing our victories. Celebrate these victories by showing how your security project has supported business goals and reduced risk. »
Cybersecurity Prediction #3: Anticipation of regulatory changes
It’s important to anticipate regulatory changes, but sometimes the tendency for security teams is to start putting controls in place before those changes are in place.
“Don’t overreact – all regulation takes time,” Lewie said. “Obviously you can’t put your head in the sand, but what you can do is assume it’s going to happen and start strategizing to prepare for when it does. Be pragmatic in your approach.
A useful thing to remember is that regulatory changes often cover the basics versus introducing clean new rules.
“When GDPR came out in 2018, it spurred all kinds of privacy laws,” JR said. data transparency, disclosing who you share data with and allowing people to correct data about them or opt out entirely. There may be nuances in various regulations, but the basic substance of these generally remains the same. »
Cybersecurity Prediction #4: Big Resignation Exacerbates Talent Shortage
The past two years have galvanized a shift in employee expectations about their careers and the environments in which they want to work. As remote working has become the norm in businesses around the world, employees can now work anywhere in the world, providing more options within the company. the job market.
For the security sector, this has exacerbated its talent shortage problems.
“It got to a point where at some point we have to stop talking about it and just do something about it,” Lewie said. “There are some tactics you can leverage, and the first is always to automate the fundamentals.”
Most employees don’t want to spend their days focusing on rote tasks – they want to work on something that enlightens them – something they can be proud of. Give high-value employees high-value projects. And stop doing the things that aren’t working anymore. Embrace core capabilities and outsource the rest.
“Someone told me it was not the Great Resignation but rather the Great Renegotiation. It’s about revamping what it means to be a cybersecurity professional,” JR said. “What we do is seen as a desirable, multi-faceted industry. however, employees want more freedom and flexibility that in the past was not relevant to our situation, such as access to social media.
Lewie reiterated that often security organizations create their own talent shortages and resource constraints because they try to do too much. Focus on being really good at a few things instead of being mediocre at a lot of things.
Cybersecurity Prediction #5: R2 – Ransomware and Response
Ransomware and how organizations respond to it will continue to be a hot topic in the security industry, and speed is everything. For Lewie and JR, having a solid incident response plan, rehearsing and revising it as needed is key to fighting ransomware. And your response shouldn’t just focus on big incidents.
“You need to know your IR plan inside and out, and remember it’s important to focus on the small incidents, not just the big ones where attorneys need to get involved,” JR said. “We have seen many small threats snowball. massive incidents because there was no early remediation.
Cybersecurity prediction #6: Security leaders aren’t the only ones asking questions
Gone are the days when the CSO or CISO was the sole owner of cybersecurity responsibilities. With the industry changing so rapidly, everyone has a stake in cybersecurity outcomes.
“Bottom line — everyone in an organization who is held accountable for achieving business goals, whether financial, risk, or legal, needs to have an eye on cybersecurity,” Lewie said. “Learn to anticipate and be comfortable with questions from your company’s stakeholders.”
JR said he often jokes that security professionals are some of the most arrogant people because they’re expected to know everything.
“I can’t fit the entire cybersecurity industry in the palm of my hand, and I don’t have all the answers,” JR said. “The industry is moving so fast and it’s so diverse – don’t assume you have to know it all.”
ng survey results on the most important cybersecurity challenges for 2022.
The post Cybersecurity Predictions: What to Expect in 2022 appeared first on Nuspire.
*** This is a Nuspire Security Bloggers Network syndicated blog written by the Nuspire team. Read the original post at: https://www.nuspire.com/blog/cybersecurity-predictions-what-to-expect-in-2022/