This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.
George Gerchow, CSO at Sumo Logic:
Future of security departments
Having IT teams report into security departments is a model that will definitely start gaining traction in the industry. By 2030, 50% of the industry will be operating this way. With the tech sector leading the way, this will affect companies everywhere - from FinTech to healthcare. With all organizations trying to become software companies, it’s time for them to behave like one.
My hope is that by 2040 security departments don’t even exist anymore. What this means is that organizations will have security programmed into their entire systems so that everyone follows the best security practices and behaves in a secure fashion. With more and more hygiene in security, this concept is going to grow and eventually happen.
Anticipated areas of security targets
Health and wealth will always be top targets of attacks. Not just FinTech or healthcare companies specifically, but since health and wealth are what matters most to humans, cybercriminals will hit us where it hurts. One example of “health” is the PII data that is being collected as employees enter company campuses. How is that data being retained and secured? What does the privacy around that data look like? Lastly, what about the security of the actual devices themselves? There’s going to be more uncertainty as campuses open up and cybercriminals will continue to attack all of that. In terms of “wealth,” this means attacking us where our money resides. I wouldn’t be surprised if the stock market is a top target in the coming years.
Security integration with enterprise’s strategic digital projects
Organizations are still struggling with what it means to not have a defined perimeter any more. The old security models are not suitable, but they are still used to create strategies and responses to business risk. At the same time, these companies are pressing ahead with digital transformation projects, trying to grow their applications or services. This means that CISOs and IT security teams still don't have a seat at the table, and security is still being bolted on as the last step in the process.
I’m happy to have seen a ton of innovation in recent years, most of which accelerated due to the COVID-19 pandemic, but all this work around designing and deploying new applications or services takes place without considering security. Still, not enough people realize the detrimental impact this has on so many levels. Developers are so concerned with availability and speed, but the focus for 2022 and beyond instead should be on building a secure and available service from the start. If it’s not secure, you have nothing.
In the next year, the leadership teams at organizations will start to wake up to this. Management boards are becoming more security conscious due to the hype around ransomware and extortion, which forces them to care about security problems. While they won’t dive into the details, they will want to keep their operations secure and ensure any new implementations that will grow the business don’t bring in new problems. They realize that if they don’t build security seamlessly throughout, they’re going to encounter serious problems as they try to scale.