As technology advances at an unprecedented pace, many businesses are aggressively accelerating adoption to maintain a competitive advantage. But there’s a big risk for those who don’t keep cybersecurity top of mind.
Gartner recently released a report outlining the Top Strategic Technology Trends for 2022 which provides valuable insight into the roadmap many organizations are using to deliver value to their customers.
As a cybersecurity and risk management professional, reports like this both excite and scare me at the same time.
On one hand, I am on board with the technological evolutions (writing this as my iPhone updates to the latest version of iOS), but I cannot help but think about the potential cyber-related risks that new technology can either introduce or exacerbate.
The Gartner report outlines three major categories for digital innovation that will occur in 2022:
- Engineering Trust
- Sculpting Change
- Accelerating Growth
Based on these innovation categories, here are some considerations and recommendations for businesses to help them keep cybersecurity top of mind as they embrace new technology.
Trusted Digital Connections
For cyber professionals, trust is a big deal. It is one of the reasons we are so adamant about performing risk assessments, penetration tests, and overall due diligence. As you might expect, the Trusted Digital Connections category contains several pros for the cyber world, including cybersecurity mesh to better secure a remote workforce, privacy-enhancing computation to protect sensitive data, and data fabric to enhance accessibility and data governance.
The one area in this category where companies should put more focus is cloud native platforms. Cloud security attacks are at an all-time high. According to a study by Ermetic, 79% of companies who participated reported having a cloud data breach in the past 18 months, along with 43% reported having ten or more breaches in the same timeframe.
Cloud native platforms are a great option for organizations who are truly embracing benefits of the cloud, especially since legacy applications were not designed to function in a cloud environment and are not easily migrated.
Given that cloud native platforms do not benefit from the traditional monolithic design, businesses should strongly consider the use of a Cloud Native Security Platform (CNSP) to ensure that security is fully integrated into their application lifecycle. This allows them to respond to threats more efficiently and automate the remediation of identified vulnerabilities.
This category focuses on speed, efficiency, and digital scale through composable applications, decision intelligence, hyperautomation, and Artificial Intelligence (AI) engineering. Each of these technologies provides numerous benefits if implemented properly, but also introduce risks that should be proactively addressed.
At this point, we have all heard that one of the biggest risks of automation and AI is job loss; a subject which is a major debate. Less discussed is the concept of bad actors using AI for malicious purposes.
Hackers are currently doing their best to weaponize AI and use machine learning algorithms to hack into networks or create sophisticated social engineering campaigns to trick victims into providing sensitive information. “Deep Fakes” are another way that hackers are attempting to use AI to imitate features of credible people and steal information from unsuspecting victims.
It sounds like something out of a James Bond movie, so what do we do about it? Luckily, in the cyber world, anything that is used for bad purposes can also be used for good.
Businesses should investigate using AI and machine learning to automate their antivirus as well as detection and response capabilities. This greatly reduces the burden on employees and lessens detection response time to almost zero.
Another practical use of AI—that is already in use today—is email monitoring for phishing campaigns. AI’s ability to detect phishing activity can automate the removal of malicious emails before an employee even knows that one was sent.
The final category in the Gartner report discusses technology that will act as accelerators for organizational growth, ranging from distributed enterprise to customer experience.
As the COVID-19 pandemic forced a large portion of America’s workforce to embrace remote work, the distributed enterprise also gave rise to an unprecedented rise in ransomware attacks due to a weakened security posture for many organizations.
Cybersecurity mesh is a great possible solution to many of the risks posed by a decentralized workforce, but many large organizations have complex IT architecture which complicates and slows the process for implementation.
This is where some of the tried-and-true fundamental elements of cybersecurity should be embraced, starting with implementing a comprehensive incident response plan (IRP). A quality IRP will help an organization detect, respond to, and minimize the impact of an attack.
In addition, organizations should use Zero Trust principles and technology to continuously verify devices, authenticate users, and limit user access to least privilege. Identify and Access Management (IAM) best practices to enforce strong password requirements, multi-factor authentication, and privileged access management (PAM) will also help verify employee identities and limit who can access critical systems or data.