As 2022 gets underway, we’re looking ahead to the changes, developments, and trends the coming year will bring to the cybersecurity industry and the threat landscape. To help you prepare for 2022, we recently spoke to three Barracuda executives, each with their own perspective and predictions about what the next 12 months have in store and what businesses need to be aware of to stay secure.
In this third post in the three-part series, Hatem Naguib, Barracuda President and CEO, shares his insights on the continued acceleration of digital transformation, challenges and opportunities created by the “Great Resignation,” the impact privacy requirements will have on security decisions, and ways government response to cybercrime will evolve in the year ahead.
Hatem Naguib, President & CEO
COVID-19 will continue to accelerate digital transformation for small and medium-sized enterprises in 2022. Security shouldn’t be an afterthought. It should be part of every digital transformation decision.
The COVID-19 pandemic will continue to have as much impact on businesses and the ways they use technology in 2022, as it did in 2021. The nature of the crisis has evolved, but it hasn’t ended. At the beginning of the COVID-19 pandemic, companies moved rapidly to react to the pandemic as people had to quickly shift operations to the cloud, adjust to remote work, and reimagine the way they handled digital interactions with their customers. Many of these initiatives were long-standing projects that moved to being deployed at hyperdrive speed to meet the challenges presented by the pandemic. In 2022, we will find businesses needing to continue to respond quickly to dynamic local and global conditions. Agility and flexibility have never been more of a competitive differentiator than they are now.
In 2022, companies will continue to leverage more and more technology to address these challenges. From a technology perspective, that means there will be more cloud adoption and more small and medium-sized enterprises using SaaS solutions, which in turn increases their potential attack surface. After two years of COVID-19 and accelerated attacks, security and compliance must be at the front and center of every technology decision. This will lead to more SMEs turning to their MSPs and vendors for SASE solutions and Zero Trust Access to help them secure their people, networks, applications, and data in the cloud, no matter where their people are located or what devices they’re using.
The “Great Resignation” will turn security challenges into a security crisis and create new opportunities.
Small and mid-sized companies were already short-staffed and having trouble hiring the staff they need to protect themselves from security risks. The “Great Resignation” will make those challenges even more acute, especially in the tech and healthcare sectors. This will make a tough situation worse.
As a result, in 2022 businesses will rely more on their vendors to provide not only automated tools, but also services, like XDR and MDR. Managed services providers will become a critical resource as well. Gartner predicted 40% of mid-sized companies will leverage MDR by 2024. From a midmarket perspective, companies will need a service provider to help them successfully leverage SOC / NOC / XDR capabilities and stay secure. Increasingly, only large enterprise organizations will be able to manage their security needs internally.
One interesting opportunity that comes from the great game of musical chairs is as people shift where their resources are and where they’re coming from, it creates momentum for companies to really think about the importance of diversity in the employee base as they hire people and bring them on board. I don’t mean diversity just in the traditional sense, such as gender or race, but also a diversity of background and skills.
In 2022, you’ll see more security positions filled by people who come from unexpected backgrounds or with a different set of skills. Due to the nature of the threats and the complexity of the environments, companies can’t go back to just hiring who they’ve hired before. Addressing security challenges constantly requires fresh thinking in the face of ever-changing attacks and overwhelming alerts. This is a great opportunity to bring in different perspectives, and in the cybersecurity or IT space that will play a prominent role in how companies secure themselves.
Privacy requirements will drive security decisions.
In 2022, privacy will dominate the security conversation because data is no longer something that can be leveraged with no accountability. Almost 75% of countries have some type of privacy regulation now, so all business will need to protect and enrich any data they collect from customers in a way that respects the privacy requirements customers have come to expect as default.
Having the tools in place to ensure compliance will become more important as well, especially for small and mid-sized businesses. Are your employees storing the right data in the right place? Are your suppliers protecting your data and your customers’ data? As you’re leveraging SaaS solutions like OneDrive, SharePoint, and Teams, you need understand what your teams are doing and make sure you’ve got tools to not only secure your data but to make sure you’re compliant. In addition, the past year of prominent supply-chain attacks have required businesses to ensure their supply chain of vendors are meeting security and privacy compliance requirements. We have all learned the painful way that we are only as strong as our weakest links.
In 2022 governments will get serious about working together for a more coordinated, effective response to cybercrime.
Ransomware criminal gangs are the modern day pirates of the high seas. We’re now dealing with global criminal operations that are driving ransomware and similar types of attacks, and it’s important for people to recognize the scale. Recent Barracuda research found that 70% of businesses have been hit by a ransomware attack, and that’s a staggering number.
The sophistication of the tools that cybercriminals are using has drastically changed the nature and effectiveness of these attacks. Back in 2016, a group called the Shadow Brokers stole tools from the NSA and then started leaking these tools on the internet. That was a game changer. Tools that were previously used by nation states are now in the hands of cybercriminals who are leveraging these same tools to attack corporations and individuals.
Looking ahead, we can expect that attackers will use AI and machine learning to evade defenses. As certain technologies, such as block chain and quantum computing, become more mainstream, they will give attackers unprecedented levels of anonymity and scale to drive these attacks even further. As a result, we’ll see more need for automation in how we protect against those attacks.
Now we’re starting to see governments step up and pour hundreds of millions of dollars into what are arguably military-level exercises to stop these criminal gangs. In 2022, we’re also going to see more cooperation between companies and governments to shore up defenses against attacks by these cybercriminal gangs. Having engagement between the private and public sectors increase and having vendors engage more deeply together to share information will be an important part of defending against these attacks. In the end, we have to remember we’re all in the security business. Ultimately, our job is to protect society at large from cyberattacks.
Photo: iStock / Mlenny