Ben King, the CSO for EMEA & APAC at Okta share’s Okta’s security predictions for 2022.
Organisations jump to better security as ransomware rises
Over the course of the pandemic, ransomware gangs have developed increasingly polished operations that have moved on from being opportunistic, to being as-a-service utilities available to any enterprising criminal. Not only that, but criminals can access these services for very little money. At a lower price, the technology isn’t necessarily sophisticated, but it often doesn’t need to be to reach the desired goal, especially when run at scale.
Organisations have had no choice but to pay attention to this, and we will see leaders move beyond basic security hygiene in 2022. Consumers will expect more organisations to provide them with the option to use phishing resistant multi-authentication. Patching vulnerabilities once they have been disclosed is also important, as well as ensuring that security defences cover cloud and on-premise infrastructure and assets. Going beyond basic security will help organisations see greater engagement from end-users and customers. Increasingly, trust will be at the forefront of how brands market and sell their products and services, and heavily influence how B2B and B2C purchasing decisions are made in a fluid and competitive online marketplace
Zero-trust to grow – particularly with the finance sector
Security issues continued to be a source of anxiety for the financial sector in 2021. In October, The Bank of England surveyed bankers and others in the financial sector, finding that 75% were worried about cyber attacks. Therefore, in 2022, there will be a sustained investment in zero-trust as we continue to see new vulnerabilities and sophisticated malware arise. Mindful of ever growing breaches reported in the media, the industry will come to grips with an ‘assume compromise’ mindset.
Recent history has only shown the pace of change in security to be accelerating, both in terms of attack surface and threat landscape. The affiliates who operate ransomware-as-a-service don’t care who they’re attacking. Some target organisations for multi-million dollar payouts, but others want a few thousand. Anyone can be targeted, and smaller fintechs and SMEs more generally need to be aware that attackers are not just going for the big banks, and large campaigns can have significant collateral damage beyond initial targets
Advantages from a zero-trust transformation are as difficult to quantify as any security transformation, so it can be hard to reflect in a traditional cost-benefit analysis. The benefit is best quantified as reduced risk, as good security will offer fewer major incidents as hard data points, as well as better visibility of the ‘near misses’. This can be proven effective via external audits, red and purple team exercises, as well as driving compliance and regulatory-driven requirements for an organisation. In 2022, the world will still be grappling with vendor compromises and an expected long tail of log4j vulnerability as organisations seek visibility and assurance of supply chain exposure and remediation.