Key security and risk management trends for 2022


According to Gartner, security and risk managers need to address seven major trends to protect the ever-expanding digital footprint of modern organizations from new and emerging threats in 2022 and beyond.

Security challenges lend themselves to three global trends impacting cybersecurity practices: new responses to sophisticated threats, the evolution and reframing of security practices, and the redesign of technology. The following trends will have a broad impact on the industry in these three areas.

Extension of the attack surface

Enterprise attack surfaces are expanding. Risks associated with using cyber-physical and IoT systems, open source code, cloud applications, complex digital supply chains, social media, etc. have taken the exposed surfaces of organizations outside of a set of controllable assets. Organizations must look beyond traditional approaches to security monitoring, detection, and response to manage a broader set of security exposures.

Digital Risk Protection Services (DRPS), External Attack Surface Management (EASM) and Cyber ​​Asset Attack Surface Management (CAASM) technologies will help CISOs visualize internal business systems and external, by automating the discovery of gaps in security coverage.

Digital supply chain risk

Cybercriminals have discovered that attacks on the digital supply chain can deliver a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge. In fact, Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks in their software supply chains, a threefold increase from 2021.

Digital supply chain risks require new approaches to mitigation that involve more deliberate segmentation and scoring of suppliers/partners based on risk, demands for evidence of security controls and secure best practices, shifting thinking based on resilience and efforts to anticipate future regulations.

Identity threat detection and response

Sophisticated threat actors are actively targeting Identity and Access Management (IAM) infrastructure, and credential misuse is now the primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the set of tools and best practices for defending identity systems.

Distribute decisions

Business needs and expectations for cybersecurity are changing, and leaders need more agile security in the face of an expanding attack surface. Thus, the scope, scale and complexity of digital activities necessitate the distribution of cybersecurity decisions, responsibility and accountability across organizational units and away from a centralized function.

Beyond awareness

Human error continues to be a factor in many data breaches, demonstrating that traditional security awareness training approaches are ineffective. Progressive organizations invest in holistic Safety Behavior and Culture Programs (SBCPs), rather than outdated compliance-focused safety awareness campaigns. An SBCP focuses on promoting new ways of thinking and integrating new behaviors with the goal of bringing about safer ways of working throughout the organization.

Supplier Consolidation

The convergence of security technologies is accelerating, driven by the need to reduce complexity, reduce administrative overhead, and increase efficiency. New platform approaches such as extended detection and response (XDR), security services edge (SSE), and cloud-native application protection platforms (CNAPP) are accelerating the benefits of converged solutions.

Cybersecurity mesh

The trend towards consolidation of security products is driving the integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows, and exchange data between consolidated solutions. A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security framework and posture to secure all assets, whether they are on-premises, in data centers, or in the cloud.

Previous The total borrowings of the three Future Group companies at Rs 6,475 crore
Next Mumbai Shocker: Fraudsters circulate morphed porn video to family and friends after man fails to repay loan