Introduction
Key Takeaways
As we wind down the year, 2021 delivered new challenges for companies of all sizes with cybersecurity. Just this month alone we have witnessed widespread incidents of ransomware and vulnerabilities with Log4J. These recent events reinforce the importance of building a cybersecurity program that focuses on education, vigilance, collaboration, documentation, managing vendors, and many other activities all at once. Not to mention, preparing your organization for a multitude of cybersecurity and compliance audits.
Looking ahead to 2022, I’ve thought extensively about the cybersecurity trends and tailwinds that will impact companies of all sizes in the new year. Here are the six that I think will top the charts:
Security talent shortage continues, affecting every company’s ability to build great security and compliance.
With a significant cybersecurity talent shortage (over 1.5 million unfilled security jobs in the U.S. alone), we need to change the paradigm of how companies build, manage, and report their cybersecurity programs. Software is often the best answer to this shortage. By automating frameworks, assessments, program implementation, reporting, and audits with software, we find companies reduce time, resources, and costs by 50% or more. Software also drives a highly distributed and collaborative model enabling multiple departments to contribute to cybersecurity success on one platform, particularly important with remote workforces.
Every company should consider software to do the heavy lifting when there simply aren’t enough expert resources available.
Ransomware insurance becomes scarce, forcing companies to pay ransoms on their own.
Ransomware claims grew 485% in 2020 and ransomware itself is expected to be even higher in 2021, causing insurance companies to struggle with pricing premiums and paying ransomware claims. Cyber insurance will no longer be a safety net, and many insurance experts believe ransomware insurance will be discontinued altogether in 2022, if not impossible to even obtain. Companies can change their tune by building great security and compliance programs that decrease the likelihood of ransomware attacks instead of thinking “if we’re attacked, insurance will pay for it.”
The rise of outsourced security.
With a lack of security talent and 8,000+ security tools in the market, companies are struggling to build great security and compliance programs themselves – keeping track of threats, finding the right security tools, stitching them together, and managing dozens of individual vendor SLAs. More and more enterprises—even global public organizations—are starting to outsource their security to MSSPs. These MSSPs have become experts at providing the tools and services companies need in an attractive, simple fee structure. This trend will continue to accelerate in 2022 and you need to be prepared to partner with the right MSSP.
Multiple security frameworks become the norm.
As threats increase, regulatory requirements do too. Companies will need to implement not only core frameworks that fit their industry like SOC 2 (cloud), PCI (payments), HIPAA (healthcare), etc., but also emerging frameworks like GDPR & CCPA (privacy) as well as CMMC (DoD supply chain). Additional frameworks will be introduced every year, putting pressure on organizations to quickly respond to and implement them efficiently. Considering ways to easily map any new frameworks and requirements into your program will allow you to stay a step ahead.
Sharing your cybersecurity and compliance posture with multiple stakeholders.
More and more third parties want visibility into your security program posture and data–customers, sales prospects, board of directors, auditors, insurance companies, and government agencies. There will continue to be a significant trend in 2022 to report your program to these critical third parties. The goal is to easily show any stakeholder proof that you’ve built a real and sustainable cybersecurity and compliance program and providing visibility into your program will help you in every aspect of your growth strategy.
Collaboration. Collaboration. Collaboration.
As more departments and team members participate in maintaining great security programs due to the industry staffing shortage, they will be collaborating more than ever. Platforms like Slack and Salesforce help create a central system for global teams to build, manage and report each department’s respective development, sales and marketing initiatives, and progress. Security and compliance are no different. Using a central platform ensures your programs are managed in a highly collaborative manner across your entire organization.
The New Year will likely bring several other challenges for each of our security programs, but these are the ones I believe will have the most impact. As you implement your cybersecurity and compliance goals in 2022, we encourage you to use this as a guide to help your organization’s cybersecurity compliance sing the right tune for success. From all of us in the Apptega band, we want to wish you and your team a fantastic holiday season, and we look forward to rocking with you in the new year.