Top security and risk management trends for 2022

It’s been a little quite here lately. I’ll get into reasons for that at a later date. For now - let’s focus on top security and risk mangement trends for 2022.

According to Gartner there are seven top trends leaders and organizations needs to address to protect the expanding digital footprint against new and emerging threats in 2022 and beyond. New responses to sophisticated threats, the evolution and reframing of the security practice and rethinking of technology are the three overarching trends that these challenges impacts.

The first trend Gartner brings up is Attack Surface Expansion. This seems natural - risks associated with cyber-physical systems and IoT, open source, cloud apps, complex digital supply chains, social media and more brings organizations’ exposed surfaces outside of the more typical set of controllable assets.

Complex digital supply chains was mentioned and the second trend is Digital Supply Chain Risk - as cybercriminals have disovered that attacks on the digital supply chain can provide a high return on investment. Log4j hit hard - and Gartner predicts that by 2025 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. To mitigate and avoid software supply chain attacks new techniques and practices will need to be worked on.

Identity Threat Detection and Response is the collection of tools and best practices to defend identity systems. Improved user authentication has been achieved by focusing on technology for this - but the ability to protect identity systems, detect when identities are compromised and enabling efficient remediation needs good tools and processes.

As the expecations and needs to enterprise security are maturing and more agile security is required - the scope, scale and complexity of digital business makes it neccessary to Distribute Decisions, responsibility and accountability of cybersecurity in an organization.

One of the most common reasons to data breaches are human errors, which tells us that traditional approaches to security awareness training are ineffective. This means that organizations needs to go Beyond Awareness with things like holistic security behavior and culture programs - focusing on fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization.

Driven by the need to reduce complexity, reduce administration overhead and increase effectiveness, Vendor consolidation when it comes to cloud-delivered secure web gateway, cloud access security broker, zero trust network access and firewall as a service from the same vendor will increase. This will lead to lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security.

As vendor consolidation on security products are happening the need for integration of security components is also needed. The Cybersecurity Mesh architecture helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers or in the cloud.