The 2022 emerging threat landscape: cyber security

Published: Wednesday, 17 November 2021 10:48

In the first of a series of Continuity Central articles looking ahead to 2022 and the changing threats that organizations may face, cyber security experts from DigiCert make a series of predictions.

As our year winds to a close, many of the uncertainties that shaped 2021 remain. The cyber security challenges that accompanied the pandemic have persisted, as hybrid remote workspaces have become a way of life. And through it all, the threat landscape continues to evolve, as innovations in cloud computing and other arenas open up new threats — some in unexpected areas.

To take stock of where we’re at and what lies on the horizon, DigiCert has provided thoughts from its team of cyber security experts, including Jeremy Rowley, Avesta Hojjati, Mike Nelson, Jason Sabin, Dean Coclin, Stephen Davidson, Tim Hollebeek, and Brian Trzupek…

Prediction: Supply chain, ransomware and cyberterrorism attacks will continue to escalate

The fallout from audacious attacks like the SolarWinds episode and the Colonial Pipeline breach was all over the headlines in 2021. The successful attacks shone a spotlight on critical cyber security battlegrounds — and likely emboldened hackers. Some threats in this area that are likely to thrive in the coming year include:

Prediction: Trust and identity step up in business processes

Companies in every industry have been embracing digital transformation for years, and the trend is accelerating. Research shows that the global digital transformation market is expected to grow at a compound annual growth rate (CAGR) of 24 percent from 2021 to 2028. As complex technology becomes a deeper part of every organization’s most critical processes, we predict that the use of digital signatures will increase - and will require a stronger level of trust and identity.

Prediction: The post-COVID threats will persist and evolve

Last year’s predictions included a variety of security threats that were directly tied to the COVID-19 pandemic. As the pandemic slowly recedes, DigiCert predicts that those threats will continue to remain. We are seeing increasing use of contact-less technologies in airports, retail environments, restaurants, and other public spaces - all of which are vulnerable to cyber attacks. Digital ID schemes such as drivers’ licenses and healthcare records are becoming more widely used — and also remain possible points that can be hacked.

Prediction: Post-quantum computing will challenge the security status quo

A DigiCert survey (PDF) found that 71 percent of IT decision-makers believe quantum computers will be able to break existing cryptographic algorithms by 2025. That means security organizations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography, decreasing the possibility of security breaches. But many companies lack a clear understanding of the crypto they deploy, so they will want to take proactive steps to locate all the exposed servers and devices and rapidly update them when a fresh vulnerability comes to light. 

DigiCert predicts some major developments in the PQC world in 2022, as NIST is expected to announce the winner of their effort to replace current versions of RSA and ECC encryption algorithms.

Prediction: Automation will power cyber security improvements

As organizations work to keep the lights on and scrutinize the bottom line, there will be a resulting push for efficiency in security technologies. Security teams will be asked to do more with even fewer resources. 2022 will bring an emphasis on technologies that allow organizations to do more with less, and automation will play a significant role in terms of security innovation in the New Year. A recent DigiCert survey showed that 91 percent of enterprises are at least discussing automating the management of PKI certificates. AI and ML technologies will continue to play an essential role in powering this automation.

Prediction: Cloud sovereignty will create new security demands

In an increasingly multi-cloud world, traditional perimeter-based security approaches have become obsolete. DigiCert predicts that cyber security challenges will become even more demanding as cloud services become more granular. Organizations are deploying cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls are focused on protecting sensitive, private data, and ensuring that data stays under owners’ control. 

For example, T-Systems and Google Cloud recently announced that they will build and deliver sovereign cloud services for enterprises, public sector and healthcare organizations in Germany. As more of these sovereign cloud initiatives emerge, DigiCert predicts that organizations will require an increasing awareness of regional security requirements.

Prediction: Organizations prioritizing strategy/culture of security

Finally, DigiCert anticipates organizations working harder to strengthen a culture of cyber security, led from the top. DigiCert is hearing more about employee education using phishing tests, mandatory online training and cyber simulation exercises taking place at the board level, to help C-level participants test their communication strategies and decision-making in the event of a major cyber security crisis. It’s clear that cyber attackers will continue to innovate and create more complex, insidious threats. Mitigating tomorrow’s threats will require a commitment from leadership and good communication across every organization.