Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Cybersecurity in 2022 and Beyond
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Cybersecurity in 2022 and Beyond

4 years ago Tripwire Guest Authors
Cybersecurity in 2022 and Beyond

It’s that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it’s worth knowing that Gartner’s predictions come from Gartner IT Symposium/Xpo Americas, which ran virtually in October 2021. Even from the title of the event, you know that attending this event will be like playing “buzz-word bingo”! (When does a conference become a symposium, anyway?)

The key theme of discussion this year was to explore the lessons learned from the ongoing disruption and uncertainty. On their page, Gartner states that they revealed their top strategic predictions for 2022 and beyond. These are:

  • By 2024, 30% of corporate teams will be without a boss due to the self-directed and hybrid nature of work.
  • By 2025, synthetic data will reduce personal customer data collection, avoiding 70% of privacy violation sanctions.
  • By 2024, 80% of CIOs surveyed will list modular business redesign, through composability, as a top 5 reason for accelerated business performance.
  • By 2025, 75% of companies will “break up” with poor-fit customers as the cost of retaining them eclipses good-fit customer acquisition costs. 
  • By 2026, a 30% increase in developer talent across Africa will help transform IT into a world-leading start-up ecosystem, rivaling Asia in venture fund growth.
  • By 2026, non-fungible token (NFT) gamification will propel an enterprise into the top 10 highest-valued companies.
  • By 2027, low orbit satellites will extend internet coverage to an additional billion of the world’s poorest people, raising 50% of them out of poverty.
  • By 2027, a quarter of the Fortune 20 companies will be supplanted by companies that neuromine and influence subconscious behavior at scale.
  • By 2024, a cyberattack will so damage critical infrastructure that a member of the G20 will reciprocate with a declared physical attack.

These are certainly some interesting predictions, but are these the strategic issues that the majority of us are facing and should be worrying about? I believe there are other issues we should be considering, and therefore, I offer you just two predictions for 2022 which I believe we need to be focusing on right now.

By 2023, the Role of the CDO Will Become More Integral to Organizations

If you’ve not come across a CDO yet, you will. I believe in 2022 we will see the rise of the Chief Data Officer to prominence in the Board room as the value of data starts to become truly understood.

The CDO has a pivotal role in developing and accelerating a business’s use of data to become a truly data-driven organization. The CDO oversees a range of data-related functions to ensure an organization is getting the most from the data they control and/or process.

With a focus on business, the CDO understands the business’s objectives, strategy, and direction, but they focus on how to underpin that with data and use the data to achieve the organization’s objective.

They will work closely with the Chief Information Security Officer (CISO), but please don’t think this replaces the CISO, whose role is to strategically and tactically direct information security. 

Data is undoubtedly important to all organizations, but data alone is useless. It is how we apply and use data within an organization that gives it the value it has. This is why the core skills of a CDO will be business data analytics. Understanding data flows can make an organization more streamlined and efficient and ultimately more profitable by the appropriate (and legitimate) use of data.

Gartner predicts that 50% of chief digital officers without a Chief Data Officer (CDO) peer will need to become the de facto CDO to succeed. Therefore, you should be looking at your C-Suite now and asking who in the new business era do you need around the table. Do you have a CISO? Do you need a CDO?

If you think the CDO is a new role, think again. Capital One hired its first CDO in 2002, and organizations have been following in its footsteps ever since. If the importance of data is on the rise, then it makes sense that there is someone in the C-suite who is focused on it.

Third-Party Risks Rill Continue to Rise, and an Increase in the Need for Evidential Due Diligence Will Rise along with It

According to the 2021 Supply Chain Resilience Report from the Business Continuity Institute (BCI), nearly 28% of organizations surveyed reported 20 or more supply chain disruptions. It’s worth remembering that we are ALL suppliers, i.e., third parties, to someone, and we are all part of the supply chain, so it’s not a surprise to hear that executives are concerned with disruptions to the chain.

Of course, we can point to COVID as being a major contributor to supply chain disruption, but with attacks on SolarWinds, it’s clear to see that organizations need to be doing more to protect themselves against third party risks. As the BCI report states, there is a need for more comprehensive due diligence to be carried out pre-contract signing. As you might expect, the BCI report focuses on the need for due diligence around the business continuity capabilities of an organization, but this must also include contingency processes related to cyber attacks and data breaches.

Every organization should be looking at how suppliers are on-boarded, and they should put in place the right to audit the supplier. This due diligence should follow an agreed framework of risk assessing the supplier, then performing appropriate due diligence (commensurate to the risk). For example, you might not want the organization that tends your grounds to be certified to ISO27001, but the data center that houses your critical data should be. 

The time is right to start to focus on developing a robust Third Party Audit Review (TPAR) where you rank your third parties according to risk and then commit to completing an audit of them using questionnaires, interviews, and possibly site visits.

Remember that one of the largest breaches that took place in the USA in 2013 was against Target. The retailer was forced to pay customers an estimated $18 million in compensation on top of the huge financial costs of cleaning up the breach. How did it happen? Criminals used the stolen credentials from an HVAC company that supplied Target with maintenance for its heating, ventilation, and air conditioning systems.

Cybercriminals know that large organizations need the support of outside organizations, and they know that smaller organizations often can’t afford elaborate security (or ignore it due to ignorance of the risks). Unfortunately, this situation hasn’t improved much since 2013. This needs to change.

New Regulations and New Standards Will Put Pressure on Organizations’ Compliance Programs

We already know that in 2022, version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) is set for release. We also know that on 24th January 2022, Cyber Essentials is being “revamped” and is being positioned as “the biggest overhaul of the scheme’s technical controls since it was launched in 2014.” It is also widely known that the international standard for Information Security, ISO27001:2013, is due for an update and is expected to be released in 2022. Of course, we also know that the UK Government has talked about new data protection laws that may come into effect over the next couple of years and that may move us away from European regulations (like the GDPR).

This will come as no surprise to anyone operating in a Governance, Risk, and Compliance (GRC) role, but it may be a shock to the system (literally) to many others. Compliance officers will once again be in high demand, and being able to demonstrate (evidence) compliance to the standards will become increasingly important.

Therefore, it is advisable to start thinking about what compliance looks like for your organization by employing GRC processes and programs so that you aren’t simply focusing on one aspect of data protection and cyber security. Using a mixture of technical and organizational controls and systems will ensure that you are aware of these changes that are coming our way.

Conclusion

There is no such thing as the perfect plan, and many believe the future is unpredictable. However, if this were true, we wouldn’t have weather forecasts, and we wouldn’t have the list above along with the countless lists by other cybersecurity specialists and specialist companies.

The future is predictable (to some extent) by looking at the past and making some basic assumptions about what the future may hold for us. The time is right to take stock of what has gone before and make some reasonable assumptions and predictions about what our future holds, for there is no doubt that change is coming.

Finally, we would all do well to remember the words of Ebenezer Scrooge in A Christmas Carol when he met the Ghost of Christmas yet to come: “I fear you more than any specter I have seen. But as I know your purpose is to do me good, and as I hope to live to be another man from what I was, I am prepared to bear you company and do it with a thankful heart.”

We can’t fear the future, so we must perform our own horizon scanning and see what that future might look like to us less we suffer the fate of repeating past mistakes and errors.

Good luck.

About the Author: Gary Hibberd is the ‘The Professor of Communicating Cyber’ at Cyberfort and is a Cybersecurity and Data Protection specialist with 35 years in IT. He is a published author, regular blogger, and international speaker on everything from the Dark Web to Cybercrime and Cyber Psychology.

You can follow Gary on Twitter here: @AgenciGary

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Cybersecurity in 2022 and Beyond” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Compliance, Critical Severity, Encryption, Goverment, High Severity, Low Severity, Medium Severity, Privacy, TripWire

Continue Reading

Previous Time to Ditch Big-Brother Accounts for Network Scanning
Next How Tripwire Can Be a Partner on Your Zero Trust Journey

More Stories

  • Critical Vulnerability
  • Cyber Attacks

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Malware

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

12 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
  • TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
  • Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
  • AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
  • We Are At War

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT