Security Trends For 2022 - The Need For Talent & Cloud Migration

It’s been another challenging 12 months in cyber security with several major breaches during an already turbulent year. 
 
We saw the damaging ransomware attack on Colonial Pipeline, one of most high profile security stories of the year. The attack shut down a 5,500-mile-long pipeline on the east coast of the US, fueling fears over risks to critical infrastructure and global supply chains. 

 
In May, we saw President Biden sign an executive order designed to tackle the nation’s cybersecurity issues head-on, including supply chain security, and, perhaps the most important order of business, a call for government agencies to adopt a zero trust approach.
 
It’s also been the year of crypto currencies, deepfake technology and growth in fraud and scams associated with the pandemic.
 
As we look ahead to another 12 months in the industry, we focus on two trends for 2022.

1. Impact Of The Talent Shortage 

Microsoft  announced a partnership recently with community colleges around the US to provide free resources in an attempt to help end the shortage in cybersecurity professionals by 2025. The question is whether this shortage of readily available talent will impact the security industry over the next year or so and how technology can help to mitigate this. 
 
In the immediate future, the talent shortage will remain a problem. We have found this ourselves. It is getting better, but more investment is needed. People are recognising that security is an interesting and lucrative career, but there aren’t enough people and I think there will always be a struggle to keep up with growing demand. 
 
Look at it from a technology perspective, and it stands to reason that if there are less security incidents to manage, there is less need to recruit new talent into the industry and the impact of the talent shortage will be greatly reduced. 
 
We need to give them the tools that they were hiring services to do in the first place. The shortage is not going away any time soon so solutions need to be built around it. Better solutions will mean fewer incidents.
 
We need automation of solutions and automatic remediation. These tools will need to adapt to changing environments and to be built with a more holistic approach in mind, off-premises, on-premises, in the cloud and in a hybrid environment as work models evolve. 
 
All of this falls under the umbrella of zero trust, and this is the blueprint that businesses should be using as the building blocks to robust security. 
 
2. A Move To The Cloud Will Finally Happen 

While other industries moved operations to the cloud some time ago, there has been some hesitation to shift away from on-premises operations for security leaders. 
 
With the increase in sophisticated threats coming through as many employees work remotely, security leaders can no longer depend on legacy systems for protection, but instead need to shift to cloud native solutions. Factors, such as the increase in ransomware attacks, may influence more security leaders to finally move to cloud based solutions. 
 
But what will drive people and businesses to move to the cloud is the need to do security better. It stands to reason that if they need to improve their approach with security then the cloud is almost certainly going to be the way to go.
 
We are also seeing the pendulum beginning to swing in the favour of the user experience. The emphasis is on how you can carry out your job without negatively impacting the workflow processes and the device choice for the end user. Users must be able to work as and when they expect to and as fast as usual, but security is still implemented. 
 
This points all to the cloud because you need that scalability, you need that global view, device coverage, and you need to be in between the end user and the cloud services that they are accessing. 

Mark Guntrip is Senior Director, Cybersecurity Strategy at Menlo Security

You Might Also Read:

Cyber Security In 2022:

 

« Are Remote Contractors A Cyber Security Risk?
Education Should Focus On Cyber Security »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

QuantumCTek

QuantumCTek

QuantumCTek is a Chinese pioneer and leader in commercialized quantum information technology (QIT).

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

Synechron

Synechron

Synechron is a leading global digital consulting firm, providing innovative technology solutions for business.