The last year has been defined by turbulence and uncertainty, which is why many are eager to leave it behind. 2021 saw an astronomical increase in ransomware, organized cybercrime, zero-day vulnerabilities that left much of the modern internet susceptible to attack, and so much more. But there will always be time to look over the happenings of the past, so now we must look to the future. Some may be skeptical on their industry outlooks for the coming year based on the events of yesteryear, and for good reason; but that just means that we have more experience to take with us to face the challenges of the coming year. This list may not be a comprehensive roadmap for all that is to come, but we think that it covers some of the broader trends that we will see come into play in the coming year.
1. Ransomware
If there’s one thing that 2021 has taught us about the current threat landscape, it’s that ransomware is here to stay. It’s such a destructive cyberattack that it can become a doomsday scenario for businesses that are unprepared to deal with the fallout, which pushes many to pay the ransom against the advice of security experts. In our Biggest Cyber Attacks of 2021 list just about every attack on that list was conducted using ransomware. We see no indication that this will change any time soon, especially as ransomware-for-hire gangs have sprung up, creating sustainable infrastructure for them to continue their illicit activities. Businesses will need to adapt to the new threat by creating extensive ransomware prevention, detection, and response plans that minimize system downtime and promote cyber resilience without having to resort to paying the ransom.
2. Improving Vulnerability Mediation and Patch Management by Improving Visibility
Just a couple weeks before the holidays, system administrators worldwide groaned with the announcement of the critical vulnerability Log4Shell, which existed in pre-2.15.0 versions of Apache’s Log4j logging library. When such a prolific library becomes vulnerable, just about any publicly accessible service that utilizes it needs to be patched before it’s too late. Having a strong patch and vulnerability management processes has always been integral to proper cyber hygiene, but many IT departments are left scrambling when pervasive vulnerabilities emerge. A lack of visibility into what services and systems are running in your environment plagues many a security team, so we predict that many organization will take greater advantage of automation to gain a continuous a firm understanding of their operational risk management, vulnerability mediation to mature cyber performance.
3. Balancing Remote Work
Until the Delta and Omicron variants of COVID-19 made their presence known, many businesses had plans to return to the office, either with a hybrid or a fully in-person model. Today, many businesses are making moves to return to remote work, erring on the side of caution in the name of employee safety. On New Years Eve, it was reported that two of the largest banks in the United States, JPMorgan Chase and Citigroup, are encouraging US employees to work from home for the next several weeks due to the rise in COVID-19 cases. With so much uncertainty around the Omicron variant and any future COVID19 variants, it is likely that many companies will have to embrace a flexible work policy that can adapt to the needs of the moment. Evolving governmental guidance, vaccination requirements, and public health protocols will need to be carefully navigated by companies attempting to bring employees back to the office.
4. Regulation and Data Privacy Legislation
According to the National Conference of State Legislatures (NCSL), in 2021 at least 38 states introduced consumer privacy bills to their states’ legislature for consideration and 13 states enacted data privacy bills into law. Following the example set forth by California’s CCPA, both Colorado and Virginia enacted comprehensive consumer data privacy legislation, though their implementations differ. With consumers becoming more privacy conscious as more and more of their precious data is lost in large-scale data breaches, we may see further pushes for data privacy legislation in 2022 that could impact businesses that collect or process consumer data.
5.Prioritizing Talent Retention and Minimizing Turnover
The state of the cybersecurity labor market has been a hot topic in recent years, with astounding statistics proclaiming millions of unfilled security positions worldwide. The cybersecurity labor shortage, accompanied with the so-called “Great Resignation” may make talent retention difficult for those unwilling to adapt to the current demands of the labor market. High security turnover is disastrous for businesses for many reasons, such as the loss of institutional knowledge, the cost of recruiting a replacement, and the time investment required to bring a new employee up to speed in their new environment. Further issues include an overworked workforce which can lead to employee burnout, and higher turnover, exacerbating the staffing shortage.
In a recent poll conducted by Monster, the outlook is grim: 80% of workers don’t think their employer provides growth opportunities, 34% believe that the best way for career advancement is to find a job with a new employer, and 86% of those surveyed believe that their careers have stalled during the pandemic. This is a warning sign for employers to step up their game in 2022 if they want to retain their existing cyber talent, an already challenging task during a time of experienced cybersecurity labor availability, rising salary costs to meet the demand, and the increasingly remote nature of the cybersecurity industry.
We wanted to take the time to list out the top five trends we think you should keep an eye out for in the coming year. Some of this was familiar if you had seen our list from last year, but it definitely isn’t the same old story. A lot has changes in the last year, and not always for the better. But there is always room for optimism, and there are some promising trends in the industry that could foretell genuine industry improvement. We will know in time how things shake out this year, but if 2021 is anything to go by, it would be wise to go in with an open mind, a positive outlook, and to prepare for a tumultuous year.