22 Dec Security predictions for 2022: part two

We’ve got yet more expert security predictions about what we can expect to see in 2022, following on from part one of our security forecasts.

COVID-19 as a catalyst

The long-term impact of the pandemic, from a business and technology perspective, is manifesting itself in a number of ways such as the use of low/no touch technologies at access points, and intelligent video solutions to ensure that social distancing and public health guidelines are being adhered to. The pandemic has also caused supply chain issues that have resulted in some businesses designing and manufacturing their own components. This is something that we anticipate more organisations doing in the security sector. Axis Communications

Supply chain issue to increase complexity and risk

Supply chain issues force enterprises to order supplies months in advance, in larger quantities, and from new providers. The lack of supply will add complexity to new vendor management and qualifications as organisations adjust their purchases, and potentially standards, to support business operations. This change will introduce new supply chain security risks that could arise from software, hardware, and logistics security exposures. Attivo Networks

Hybrid working will drive the rise of ‘microbranches’ supercharged with AI automation

Even as the pandemic recedes, work-from-home is here to stay. This new normal will drive the emergence of the microbranch or ‘branch of one’. In 2022, we will see enormous growth for purpose-built microbranch offerings that combine enterprise-class Wi-Fi access with sophisticated multi-path WAN connectivity and advanced AIOps for reliability and consistent user experience. These microbranch offerings will securely extend the enterprise to the ‘branch of one’. HPE Aruba

Cybersecurity insurance in jeopardy

As if stakeholders did not have enough to contend with, their fallback risk position may simply vanish. Insurance providers may look at the bottom line and decide that — given the monumental costs of recovery and the failure of modern threat postures to allow for the evolving capabilities of bad actors — there is no sound business case for their cybersecurity products. Some insurers have already drastically increased premiums while others refuse to ensure high-risk clients, and some have abandoned the cyber-insurance market altogether.

Without more organisations taking out policies, or better cyber-hygiene across the board, it is difficult to envisage a future for cybersecurity insurance. BeyondTrust

Living with the Microsoft risk

The simple truth is that one way or another, Microsoft products are directly involved in the vast majority of cyber attacks. Threat actors invest their time and effort identifying vulnerabilities and developing exploits for the platforms and applications their potential victims are using. Microsoft has a dominant role across operating systems, cloud platforms, and applications that make it fairly ubiquitous.

As such, Microsoft will continue to be the primary focus for cyber attacks in 2022. That isn’t really a revelation. Defenders need to understand the risk of relying on Microsoft to protect them when they can’t even protect themselves. Organisations that depend on Microsoft for security will find themselves making headlines for the wrong reasons.

It is important to understand the risks and have a layered approach to defending those products and services against attacks. Cybereason

Integration rather than consolidation

Security tools specialise in different areas and comprehensive threat postures mean using multiple solutions. But there is still a need to integrate tools effectively to achieve a level of visibility that allows tight control over the digital environment. As research on this area progresses, we are discovering that the more tools that are deployed, the less effective a security team may become in detecting threats.

In 2022, expect to see a greater emphasis on integration. CISOs will concentrate on the fundamentals by using the right tools to automate basic tasks, such as upgrades and patching, while freeing up security professionals for more strategic endeavours. We will see more risk-based approaches used and integration will be used to simplify processes and workflow while increasing visibility. Qualys