As our year winds to a close, many of the uncertainties that shaped 2021 remain. The cybersecurity challenges that accompanied the pandemic have persisted, as hybrid remote workspaces have become a way of life. And through it all, the threat landscape continues to evolve, as innovations in cloud computing and other arenas open new threats — some in unexpected areas.
To take stock of where we’re at and what lies on the horizon, DigiCert’s team of cybersecurity experts, including Jeremy Rowley, Avesta Hojjati, Mike Nelson, Jason Sabin, Dean Coclin, Stephen Davidson, Tim Hollebeek and Brian Trzupek, take a closer look at what they expect to see next year:
Prediction: Supply chain, ransomware and cyberterrorism attacks will continue to escalate
Prediction: Trust and identity step up in business processes
Prediction: The post-COVID threats will persist and evolve
Last year’s predictions included a variety of security threats that were directly tied to the COVID-19 pandemic. As the pandemic slowly recedes, we predict that those threats will continue to remain. We are seeing increasing use of contactless technologies in airports, retail environments, restaurants, and other public spaces — all of which are vulnerable to cyberattacks. Digital ID schemes such as drivers’ licenses and healthcare records are becoming more widely used — and remain possible points that can be hacked.
Prediction: Post-quantum computing will challenge the security status quo
A DigiCert survey found that 71 per cent of IT decision-makers believe quantum computers will be able to break existing cryptographic algorithms by 2025. That means security organisations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography, decreasing the possibility of security breaches. But many companies lack a clear understanding of the crypto they deploy, so they will want to take proactive steps to locate all the exposed servers and devices and rapidly update them when a fresh vulnerability comes to light.
Prediction: Automation will power cybersecurity improvements
2022 will bring an emphasis on technologies that allow organisations to do more with less, and automation will play a significant role in terms of security innovation in the New Year. A recent DigiCert survey showed that 91 per cent of enterprises are at least discussing automating the management of PKI certificates. AI and ML technologies will continue to play an essential role in powering this automation.
Prediction: Cloud sovereignty will create new security demands
We predict that cybersecurity challenges will become even more demanding as cloud services become more granular. Organisations are deploying cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls are focused on protecting sensitive, private data, and ensuring that data stays under owners’ control.
Prediction: VMC trust and identity will change the face of email marketing
According to a study by Wpromote, 31 per cent of B2B marketers were making brand awareness their top priority for 2020. We predict that organisations will increasingly adopt Verified Mark Certificates (VMCs) to build their brand equity and strengthen trust.
As part of a cooperative initiative with the Brand Indicator Message Identification (BIMI) initiative, VMCs certify the authenticity to display a logo to email recipients right in their inboxes before a message is opened. They are enforced by Domain-Based Message Authentication Reporting (DMARC) security.
Prediction: Organisations prioritising strategy/culture of security
We anticipate organisations working harder to strengthen a culture of cybersecurity, led from the top. We’re hearing more about employee education using phishing tests, mandatory online training and cyber simulation exercises taking place at the board level, to help C-level participants test their communication strategies and decision-making in the event of a major cybersecurity crisis. It’s clear that cyber attackers will continue to innovate and create more complex insidious threats. Mitigating tomorrow’s threats will require a commitment from leadership and good communication across every organisation.