Ransomware attacks, attacks on critical infrastructure, and supply chains dominated the news in 2021. The experts say all this would continue in 2022, though the attacks will be more sophisticated and frequent. While state actors engage in cyber warfare, the attacks will also get more personal – expect to see attacks on high net worth individuals. Team CISO MAG tracks security trends throughout the year and frequently consult experts for their opinions.
The one thing organizations should never do in 2022 regarding their cloud security and compliance program:
- Never forget that you may outsource the work but never the risk. The increasing pace of security exposures, scarcity of cybersecurity professionals, and technology sprawl demand organizations that exceed their capacity. In 2022, we’ll see enterprises suffer the consequences of breaches because they trusted an outsourced provider and failed to verify and govern.
By Dr. Joel Fulton, Co-Founder, and CEO of Lucidum
How organizations can prepare themselves for the onslaught of data privacy and cybersecurity mandates on the horizon:
- Plato, cribbing from the Bible, wrote, “Good people do not need laws to tell them to act responsibly.” Based on recent decisions and behavior by organizations who should have known better, the rise of strict, one-size-fits-all security and privacy mandates is inevitable. Many act as though they need laws to tell them how to act responsibly with other’s data.
- Rather than be surprised by sudden regulatory requirements with jet-fuel deadlines, be well-prepared by adopting ethical data handling practices now – and verifying them. Shockingly, few significant breaches result from zero-day vulnerabilities. Nearly all come from shadow IT, rogue cloud, zombie user accounts, and poor patch management.
Where organizations should focus compliance efforts in 2022:
- Focus on hygiene and good practice, make it your expertise, and reward your team for foundational excellence. You’ll never be caught flat-footed by a mandate – and avoid expensive, embarrassing breaches.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.