Cyber Focus 2022
The last year has been unprecedented for the cyber industry – uncertainty and confusion around the pandemic; continuing lockdowns and a massive shift to remote working; huge increases in phishing, BEC, and ransomware; and attacks on critical infrastructure. As 2021 draws to a close, Business Operations Director, Kathryn Miller, takes a look at what we expect to be some of the key areas of focus for the cyber security sector in 2022.
Data privacy – the growth of data privacy laws will extend to cover more and more of the world’s population, meaning that companies will need to have the capability to deal with diverse sets of data protection legislation in different territories. There is now greater public awareness surrounding breaches and data privacy rights, and individuals are becoming more careful about what they share and want to understand what they are consenting to and how their data is stored and used.
With significant financial penalties and other damaging repercussions for those that are subject to a security breach, organisations will look to enhance their privacy controls and ease the burden by automating data privacy management systems. Companies that can clearly demonstrate robust data security measures will find themselves with a competitive advantage.
Supply chains and third-party risk – global supply chains have been severely affected by the pandemic with threat actors eagerly exploiting the situation. Gaps in the supply chain and inadequate security controls by vendors and third parties are frequently blamed for attacks and with several far-reaching and high-profile attacks this year, supply chains will continue to come under intense scrutiny.
Increasingly, organisations will want to determine vendor and third party security measures prior to awarding contracts or agreeing business deals and venture capitalists will take cyber security risk into greater consideration when evaluating investment opportunities. Expect to see the vendor management process incorporate risk assessments to understand suppliers’ security risks and privacy controls and ensure potential vulnerabilities are addressed. Supply chain breaches will also need to be an integral part of incident response planning.
Cyber Insurance – there will be stricter measures for corporate cyber insurance with policies being declined for organisations that are not able to demonstrate adequate cyber security standards. The growing prevalence and sophistication of attacks means that insurers will require companies to demonstrate greater controls and those that are deemed high-risk may have their insurance terminated or face exorbitant premiums. Cyber security hygiene will also be scrutinised in the event of an attack to determine liability and potential pay-outs.
Organisational resilience – the ability of any organisation to prepare for, adapt and respond to change and disruption will become increasingly important, as cybercriminals take advantage of rapidly advancing technology, the threat landscape evolves, and markets become more crowded and complex. Organisational resilience takes a holistic view of a business and requires Governance, Risk and Compliance to be integrated into corporate objectives. Companies that adopt this approach will benefit from strategic adaptability, proactive decision-making, agile leadership, and robust governance.
Use of new technology by threat actors – advances in technology mean threat actors are beginning to utilise deepfakes (manipulated audio or video content that can create realistic impersonations of people) in phishing and ransomware attacks. Deepfake technology uses AI and ML to create a synthetic voice or image from a small sample – often publicly available on a company website or online video – and in one such attack, an unsuspecting HSBC employee was tricked into transferring $35 million when hackers cloned a company director’s voice.
Deepfake videos have also been deployed as ransomware, depicting people in illegal or inappropriate (but fake) activities that could cause serious reputational damage. Although this type of activity is not yet widespread, threat actors now have the now the capability and intent to produce deepfake material to gain permissions and access to sensitive data, and companies will need to implement effective controls to detect and monitor new types of attacks, as well as ensure user awareness and education.
Ransomware legislation – Gartner predicts that by 2025, 30% of nation states will legislate on ransomware payments, negotiations, and fines. The exponential growth of ransomware, attacks on critical infrastructure, and the unregulated cryptocurrency market have led to calls for the introduction of legislation on a number of diverse measures including ransomware payments to be made illegal, mandating the reporting of attacks and payments, and penalties for non-compliance. As the issues surrounding ransomware legislation continue to be debated it is clear that international cooperation and extradition treaties with traditionally hostile countries will be required if hackers are to be brought to justice.
Cyber security at board level – the number of cyber security committees overseen at board level will continue to grow. With more highly experienced and qualified security professionals taking their place on the board there will be greater visibility of risk and vulnerabilities and increased scrutiny of security controls, as well as additional implications for board level reporting.
Organisations will be turning to their trusted security providers to assist in navigating these complexities next year, and so it falls to the cyber channel to be prepared to deliver that support. Keeping on top of all the changes and requirements is nigh on impossible, and so partnerships and collaboration within the channel will once again be at the fore in 2022.
As a channel only cyber consultancy, CBG’s goal is to support and enable our partners’ success by helping to bridge cyber services, business services, resource, and advisory gaps. We have continued to develop cyber and business services throughout 2021, to align with our partner’s strategic business goals for 2022. We are all ready to provide additional skills and resource to help partners fulfil demand and increase service portfolio diversification and reach, but also business development and marketing support to help drive 2022 revenue.
Find out more about our services: