There was plenty to keep security leaders awake at night in 2021. In fact, stories of sophisticated state attacks, data breaches and ransomware compromises appeared so frequently that there’s a danger of complacency setting in. Let’s hope security operations (SecOps) teams get the budget they need to succeed as we head into 2022. As to how they spend this money, IT security buyers will be increasingly ready to push back against “black box” AI tooling that has so far failed to meet the grand promises of marketing brochures.
As the technology landscape continues to advance at pace, it will become more important than ever to find solutions that are transparent, interoperable and trustworthy.
The past year has seen a continuation of many of the trends that shaped 2020. That is, a continued reliance on remote working and investments in cloud and digital infrastructure to support new business processes. This, of course, created its own challenges from a security perspective, expanding the corporate attack surface and rendering legacy perimeter-based approaches largely obsolete. Organisations continue to play catch-up with these tectonic shifts in the technology landscape. They may still be doing so in several years’ time.
Yet there are signs of a growing maturity in the SecOps space. The market is saturated with companies promising their AI tools as a cure-all for advanced threats. Many organisations have bought into the narrative. But increasingly in 2022 they’ll come to realise that black box solutions are sub-optimal. Not knowing how an algorithm calculated an outcome is disconcerting for defenders—there’s no proof it hasn’t missed alerts, and it can cause compliance challenges.
In 2022 we can expect more SecOps managers to hold their vendors accountable. They’ll want to know why tooling arrived at a specific result. And they’ll look for solutions to speak standardised languages like MITRE ATT&CK®, allowing greater interoperability with other products. This is 2022. We know there’s no silver bullet to security—open integration is the future.
Fatigue sets in
Another product of the past year set to influence 2022 is the barrage of media coverage around ransomware incidents. We’ve been here before. Pre-GDPR, breach fatigue was often mentioned as a negative impact of mandatory notification laws. There’s a concern that boards and possibly even senior security decision-makers will become desensitised to what is still a serious and pressing challenge. We must work harder on prioritising prevention in the first instance, and then effective detection and response that prioritises alerts to pick out attack signals from the noise. According to some reports, two-thirds (66%) of global organisations have suffered at least one ransomware attack over the past year, with average ransom payments increasing by 63%.
Would we benefit if government intervened in a robust manner in cybersecurity? We’re starting to see some signs of this with new legislation designed to create a baseline of acceptable security for IoT products. It will be interesting to see the impact of this new bill, though it may not be robust enough for some, it’s still a positive start. Could 2022 be the year the government steps in to do something about ransomware—perhaps by making Cyber Essentials mandatory for more private businesses?
We can hope.