Author: Martin McGregor, Co-founder and CEO, Devicie
There’s a lot to reflect on in 2021: We saw businesses continue to accelerate their digital transformation and deployment of solutions to address the demands of a hybrid work environment. At the same time, cyber criminals fought harder to take advantage of the expanding threat landscape. In 2021, the ACSC found a cybercrime was reported once every eight minutes, and ransomware jumped 15 per cent on the previous year.
Cyber risk has arguably never been greater, and the ongoing IT skills shortage certainly doesn’t help the situation. If 2021 has taught us anything, it’s that adaptability and a growth mindset are key to thriving in the face of adversity and change.
I’m looking ahead at what 2022 holds for the tech and IT sector, and what it means for the world, business and people.
Increased adoption of automation
No doubt automation has been around for some time now, but in 2022, we’re likely to see organisations more readily adopt automation and SaaS-based technologies.
Having previously spent big on reactive security as a defence, tech decision makers will start to question the value and effectiveness of those investments and gear their focus towards proactive security automation. They now recognise the value of automation in smoothing and streamlining workflows to drive better security and user experience. What’s more, they see the value of automation in enabling IT teams to get things done in the face of an ongoing skills shortage. The days where automation was considered a threat to jobs are well and truly over. There is simply too much work to be done in this space, and this is one area where automation really shines.
In 2022, the smartest organisations will use automation to give their tech teams their time back to focus on projects that add tangible value back into the business. IT will be liberated from the work that automation can easily take care of and have more time to flex their creative muscles to drive real innovation and competitive advantage.
Power to the people
For many, the rapid shift to a hybrid or flexible working environment has given employees more power than ever.
Work-life balance has become an imperative for many employees who have now experienced the flexibility afforded by a hybrid or remote workplace. Now, the pressure is on organisations to provide their staff with a flexible, human-centric culture that puts their people ahead of its profits. This also extends to providing a positive and secure employee working experience across their devices, regardless of their location. For example, used strategically, automation can unlock productivity, ensure ongoing security and compliance, accelerate time to market and transform the employee experience.
The organisations that successfully put their people first will have no trouble retaining and attracting talent, which is incredibly important at a time when skills are in such high demand.
Cybersecurity skills consolidation
The rising costs of hiring skilled IT workers combined with the ongoing skills shortage is likely to result in a consolidation of skills within MSSPs and tech agencies. This in itself contributes to rising hiring costs and creates fewer opportunities for the direct recruitment of skilled resources.
Organisations will increasingly subscribe to security practices rather than hire new talent to build out their own security functions. For many organisations, this is the only feasible solution because the skills in demand are too expensive and hard to find.
Sheriffs on demand
Defending against cyber criminals is akin to the Wild West. Criminals are at large, almost impossible to track and are often outside of law enforcement’s jurisdictions. While the law is unable to address these problems, businesses are left to hire their own ‘sheriffs’, otherwise know as a security team. But for now, cyber crime is too big for every business to build their own security team. There simply aren’t enough sheriffs to go around. It therefore makes sense to work with cybersecurity businesses that have a deeper pool of resources and capabilities than to go at it alone. Partnering with these specialist teams can allow us to subscribe to sheriffs on demand, so we can augment our skills and capabilities to drive positive outcomes at scale.
Ransomware as a Service
No doubt in 2022 we’ll see cyber criminals continue to exploit the COVID-19 pandemic by targeting remote workers on their devices.
In the early days of ransomware, attackers were somewhat reliable when it came to data recovery, but this is no longer the case. More ransomware and phishing attacks are being executed ‘as a service’. This trend will likely continue, potentially allowing more unscrupulous actors that have no intention or even capability of allowing recovery of data.
Businesses that fall victim to an attack will have less confidence about regaining access to their systems even after they pay the ransom. And as attackers up the stakes on their demands, cyber insurance providers will increase their premiums or, worse, remove coverage for ransomware altogether.
Meanwhile, countries will likely introduce new legislation around restricting organisations from paying ransom in the first place. While Australia does not yet have such legislation, there have been recent developments in this space, including the mandatory reporting of ransomware incidents for organisations with a turnover of $10 million or more.
In 2022, paying ransom is no longer a viable option. The only option is to build and maintain robust security defences and recovery capabilities.
More privacy regulations and implications
Privacy has gained a lot of attention in recent years, and it’s likely that there will be more fines and convictions for businesses that fail to adapt to new regulations effectively.
If organisations continue to be breached, the law will eventually step in and enforce more stringent and rigid regulations that could potentially hurt business. Those that take a proactive stance about implementing security controls around data privacy are ultimately contributing to a greater cause by allowing the industry to design solutions the way we want to, rather than being tied down by inflexible regulations.
Smart companies are already noticing the change in consumer confidence regarding privacy and safer financial transactions, and are communicating the practices they’ve adopted to secure sensitive data to their customers.
Wrapping it up
It’s worth noting the importance of people, relationships and partnerships. Security is a thankless gig, particularly in today’s volatile climate. So in 2022, let’s appreciate the challenge our security and privacy experts have ahead of them, and make sure they’re supported.
Allow them the time to automate solutions and to use their creativity to solve problems, and when they raise a risk you don’t understand, demonstrate a little trust. We can’t understand everything, and cybersecurity evolves fast, so let’s use these challenges to build better, safer and more trustworthy internet businesses – we can’t do it alone.
Here’s to creating a better future.