Entrust share their security trends predictions for 2022.
Since the pandemic hit, bad actors have prayed on the vulnerability of organizations moving to remote working models and IT departments have worked tirelessly to overcome the challenges. In turn, technology companies delivered new and improved technologies to support the changes.
1. A move from attacks on infrastructure to attacks on individuals
While attacks on system vulnerabilities continue to be a staple of nefarious activities, there’s been a renewed focus on attacks against individual employees via mobile devices. The upturn in BYOD and IoT devices will create further headaches for IT departments in 2022. Authentication will be a huge challenge and passwords will be combined with other authentication methods like smart cards, three-factor authentication, and biometrics in order to improve security.
2. Solving complexity with simplicity
In 2022 we will see ‘packaged’ solutions aimed at simplifying security and enabling digital transformation. Examples include:
- Seamless Travel — Cybersecurity technology is being developed to address specific issues and problems caused by COVID-19 and this will continue in 2022. New integrated solutions for seamless travel will replace long lines at customs with secure remote identity verification via smartphone. Such solutions will make travel easier and more contactless, and allow border control agents to focus on handling exceptions and possible risks. The global pandemic has spurred an urgent requirement for remote and touchless services replacing manual and high-touch self-service processes. Next year is forecast to demonstrate the value of digital travel documents, e-Passports and electronic travel authorizations to enable safer and more seamless travel for post-pandemic recovery.
- Hybrid payment solutions — Bundling existing physical card issuance technologies with secure digital capabilities to offer a best-in-class hybrid issuance solution, supporting the full payment customer experience. With growing concerns over identity theft and approximately 80% of mobile banking consumers being concerned about fraud, we’re seeing that consumers are starting to prioritize improved technical and functional capabilities of products and services when choosing their banks, pension providers and other financial services (1). Traditional financial firms simply won’t survive the economic and logistical upheaval caused by the global pandemic if they continue operating the way that they are. According to the Keeper’s Security UK Census Report (2), financial firms suffered an average of 60 cyberattacks over the last year which is expected to increase in 2022. As customers become more aware and technology becomes more advanced, 2022 will be the year we combat threats and outdated tech and grow our infrastructure in even more unique ways.
- Enhanced certificate lifecycle management — With cyberattacks occurring at a higher rate than ever before, enhancing Certificate Lifestyle Management capabilities will offer a secure, central point for IT to control certificates, encryption keys and crypto.
3. zero trust
Zero-Trust is an approach where you trust nothing, verify everything related to users and devices, assume the network is hostile and only give entities the least privileged access – the minimum permissions they need to fulfill their function. This framework is predicted to become essential in stopping identity from being exploited through various avenues in 2022, including compromised secrets, compromised data perimeters and lateral threats. Entrust’s 2021 report released in September, Securing the New Hybrid Workplace revealed an increase in identity proofing technology that verifies someone is who they say they are, with 51% rolling out one-time password technology and 40% utilizing biometric authentication. The report also revealed that 36% are using mobile identity verification that provides users with a credential on their mobile phone to be granted access to something within the organization.
4. Protecting health-related data
An emphasis on data sharing is set to be prevalent in the health industry, with the rise in health-related apps leading to a crack-down in how health data is handled. The Federal Trade Commission (3) recently announced more stringent measures for enforcing the notification of data breaches from these apps, and the measures are beginning to spark conversation about what types of health data the rule should apply to.
- Targeted ransomware The single largest 2021 trend and issue It’s widespread with active participation by nation-state attackers. It’s like ransomware has replaced the data breach because of no requirement to find someone to monetize the data
- Rise of automated hacking, such as phishing Integrating AI with cybersecurity To improve efficiency and limit human errors organizations are leveraging automation and machine learning to detect, respond and prevent cybercriminals from access to their networks and data (Peter Galvin)
- Cloud is also potentially vulnerable Automation and integration softwares Insider threats – Remote working data risks Intensifying threat landscape Bad actors are getting increasingly sophisticated and it’s becoming more and more difficult for users to discern valid communications from credential-stealing attacks – reference the recent MS Sharepoint attack. (Jenn Markey) Nation-state attacks with very real national security implications… In response, governments are starting to get serious about the cybersecurity defense (think Biden EO) (Jenn Markey) Hybrid/multi-cloud environments Cloud migration can take 10+ years for large enterprises, adding cost, complexity and risk. That’s 10+ years of trying to provide seamless security and a seamless user experience across disparate solutions (Jenn Markey)
- Securing home office environments – Hybrid work is here to stay How to keep secure? Clean up bubble gum & duct tape of the last 18 months? Who is responsible? Need updated policies. What happens in multi-person households where 2+ people are remotely on shared infrastructure? (Jenn Markey)
- Organizations will continue to spend money on the wrong things they believe will keep them secure Organizations continue to spend disproportionally on perimeter security vs spending on zero-trust capabilities, strong identity and encryption (Peter Galvin)
- Account takeover increased dramatically as financial institutions pivoted to remote identity verification, exposing unprepared infrastructure and business processes (Andy Cease)
- Card Not Present Fraud continued to grow an elevated clip as the pandemic pushed what were previously in-person transactions to mobile and e-commerce channels (Andy Cease)
- Increase in digital identity proofing tools The use of physical and digital identity proofing is likely to increase as more organizations adopt a hybrid workplace and consumers need to verify themselves. Banks and credit unions will rapidly adopt mobile account sign-up and onboarding experiences.
- Remote work attacks The hybrid workplace seems to be here to stay, opening up possibilities for attacks on unsecured platforms
- Zero-Trust With many companies adopting a hybrid work model, zero-trust approaches are likely to be implemented to verify the identity of employees working from home to protect company data (Anudeep Parhar)
- Banking Banks will aim to make the customer experience on their website and app simpler and more user-friendly. Contactless payment is likely to continue to rise in popularity around the world. Mobile payments will continue to grow, and novel tokenization tools come online – including token hubs and controls.
- IT growth Organizations are likely to invest in their IT department to develop new and more efficient ways of managing customers, employees, and devices. This is likely to create security risks as significant changes to an organization usually take years to successfully and safely implement
- User awareness Companies or employers actively taking steps to improve their cybersecurity
- Machine learning Using AI to predict and prevent cyber attacks
- Mobile device attacks Mobile devices are more likely to be targeted by hackers
- Ransomware attacks Attacks are often carried out through phishing that locks data in return for a ransom payment Cloud security and network vulnerabilities Network vulnerabilities can lead to data leaks
- Broad adoption of MFA for consumer use cases – cite Amazon example (Jenn Markey)
- Data privacy concerns go supernova, increased regulation – always a hot topic, but travel and health credentials will add fuel to the fire – whether for the workforce, consumer or government use cases. As well, this is likely to drive new compliance regulations across jurisdictions to protect individual privacy (Jenn Markey)
- MSP adoption skyrockets – IT skills shortages, complex hybrid/MC environments, continued business uncertainty (Jenn Markey)
- Time to get serious about critical infrastructure protection – Proliferation of IoT devices and connections in-between continues at an exponential rate. Many/most of these devices were never architected with security in mind. This has huge implications for the electrical grid and other utilities, along with sectors like healthcare where IoT devices have been/are being widely deployed. Machine identities, code signing, key management, etc. (Jenn Markey)
- Easier and simpler solutions Expectations are for easier and simpler solutions that continue to improve their security posture – as-a-service, Automation, APIs, the overall manager of crypto resources, cloud and mobile-first focus (Peter Galvin) Examples of simpler solutions:
– Seamless Travel – Entrust will soon announce a new integrated solution for seamless travel, replacing long lines at customs with secure remote identity verification via smartphone. This solution will make travel easier and more contactless, and allow border control agents to focus on handling exceptions and possible risks.
– Hybrid payment solutions – Bundling Entrust existing physical card issuance technologies with Antelop secure digital capabilities to offer a best-in-class hybrid issuance solution, supporting the full payment customer experience.
– Enhanced certificate lifecycle management – With cyberattacks occurring at a higher rate than ever before, Entrust is enhancing its Certificate Lifestyle Management capabilities to offer a secure, central point for IT to control certificates, encryption keys and crypto.
- 5 cloud computing trends you need to consider
- SolarWinds IT Trends Report 2021: Building a Secure Future
- Snow Software on cybersecurity trends and challenges in 2021
- Contact centre automation is one of the main trends in CRM today
- Increased complexity (cloud, on-prem, hybrid, private cloud) Still a lack of consistent encryption used across the enterprise, continuing skill shortage, proliferation of identities both machine and people (Peter Galvin) More privacy regulations In the US we will see more state vs. federal (Peter Galvin)
- More government investment in and attention to cybersecurity at all levels – it’s become apparent that cyber is the new battleground and whether it’s the safety of water treatment facilities or the integrity of the energy sector, the public (and by extension government) is vulnerable (Jenn Markey)