Security in 2021 can best be described as a continued explosion of threats: cloud security, phishing attacks, remote work, insider threats, social media and mobile malware all dominated security teams’ time. In addition to well-publicized cyberattacks like Colonial Pipeline, JBS and Kaseya, the year ended with a bang in December with the critical Log4j vulnerability, serving as a reminder of the fragility of the world’s digital infrastructure.

Given the ongoing threat landscape, what can we expect in 2022?

The need for cyber insurance will be a bigger priority. Given the continued surge of ransomware attacks, which soared 288% in the first half of 2021 alone, the need for cyber insurance, especially in the SMB market, has never been greater. Though many industry experts argue against payouts, making cyber coverage a controversial topic, the evolving threat landscape means cyber insurance should be a top consideration as part of organizations’ cyber strategy. As such, we anticipate a booming cyber insurance industry as many organizations heed these warnings and seek to guard against ransomware attacks. Yet, in addition to cyber insurance, companies will need a designated DR or RR (Rolling Recovery) plan.

Zero trust will take on greater prominence with the continued role of the remote and hybrid workplace. Remote work will continue, with hybrid work gradually becoming the new normal – driving the need for zero trust. With the federal government mandating agencies to adopt zero-trust network policies and design, we expect this to become more common in the private sector to follow suit as 2022 becomes the year of verify everything.

Log4j will continue to be a top threat. As one of the top vulnerabilities to hit in over 20 years, log4j is not going away any time soon. Look for this vulnerability to push a new surge in hardware purchases and software replacements and upgrades as tech teams look to stay ahead of bad actors looking to continue to exploit this vulnerability.

Data security will take on even greater importance. As malicious actors seek new ways to exploit data and vulnerabilities, organizations must shore up their data protection practices. Alongside this, governments and consumers are looking to protect their data with many new laws and regulations regarding data collection and storage moving forward. Everyone will adopt privacy practices and will need to educate employees to help safeguard data while increasing their data security posture.

Cyber teams are going to be in the spotlight now more than ever. Understanding your security posture is crucial; knowing what current tools are available and what gaps currently exist in your infrastructure will help you to protect your enterprise. The need for a budget and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.

Stay up to date on all White Rock Cybersecurity initiatives through LinkedIn or Twitter.