There are 9 ways cybersecurity could change in 2022

MFA will become more imperative as bot attacks increase against APIs. Andre Durand, CEO of Ping Identity, predicts that the CISO will play a larger role.

Image: kerly chonglor/Shutterstock

Ransomware attacks and other cyberattacks have seen a dramatic increase in the last year, which has made it clear that cybersecurity must be taken seriously. With the U.S. government’s initiatives, and those of other parties, there is a growing awareness that cybersecurity must be addressed to protect vital areas of society. What will this renewed security focus look like in 2022? Andre Durand, founder of Ping Identity, offers his view with nine cybersecurity predictions.

SEE: Security incident response policy (TechRepublic Premium)

Cybersecurity will be an ESG issue

ESG (environment social and governance) allows investors and others to assess businesses using more socially conscious standards. Durand says cybersecurity will be the fourth responsibility of ESG corporations due to increased investments in security to protect society.

Durand states that “the digital economy has been very important for years but the pandemic shifted even larger parts of our economy towards the digital world.” We need to have the right digital identity safeguards. If we don’t, online chaos and fraud will reign, severely limiting our economic growth. The government must place the same emphasis on digital security and enforce to the same level as how physical safety laws are managed today.

MFA will become a global mandate

Duran states that multi-factor authentication (MFA), will be needed to secure logins and protect sensitive information. It is not only required in the United States, but all over the globe. MFA is just one of many steps needed to improve security. It should be used in key sectors, such as banking, healthcare, utilities and banking. MFA will be demanded by consumers to secure their data. Businesses that fail to do so will find it increasingly difficult to compete with them.

Bad bot tsunami

Durand says that malicious bots can impersonate humans and pose a threat to customer-facing system. These automated attacks could lead to account fraud, account takeovers, credential stuffing, and account hijacking. Sneaker bots may be able to purchase limited stock of a product and then resell it at an inflated price.

Traditional security methods are not sufficient for combating bots. Fraudsters have learned how to stop them. Artificial intelligence and machine learning can be used to distinguish between a bot and a human being. Durand claims that such tools exist already. This technology analyzes factors such as speed, navigation and pressure on touchscreens to identify bots.

Zero Trust authorization will be the focus.

Authorization will become more important in order to make sure that the right people have access. This is similar to Zero Trust.

Durand says that while it has been trending in this manner for many years, the corporate perimeter was destroyed by COVID. This made Zero Trust authorization even more crucial. Durand says that while there are many benefits to a 
Biden Administration recently issued an executive order

We will see private companies mandate certain cybersecurity measures in order to do business together.

SEE: Identity is what replaces the password: What software professionals and IT pros should know (TechRepublic)

Digital wallets on the rise

Durand states that people will store more verified information about themselves on their smartphones. For example, the government will issue IDs that can be used to access digital wallets offered by Apple and Google. This will allow them to keep their true identity. For greater privacy and control, other types of identity information will be shared by the user.

There are pros as well as cons to digital wallets. They can be used to verify the identity of users in financial transactions and business transactions. The downside is that a person may be at risk if their smartphone is stolen or lost. A device with no power due to an exhausted battery will not work when you try to present your digital IT. Also, any digital verification that involves connectivity will fail without cellular or Wi Fi.

Attacks on shadow and zombie APIs

Because they are often hidden, unprotected, and unknown, shadow or zombie APIs can pose a security threat. Durand estimates that more than 90% of all attacks will be on APIs by 2022. These shadow APIs can be dangerous for companies that do not have the correct security and API controls.

Convergence in IT and OT

As IT teams are responsible for protecting physical devices, information technology and operational technology will come together. This will lead to interoperability between IT & OT and a convergence in technology to determine who can get into a building and access key applications. Organizations will have to meet the same security standards for all vendors involved in this process.

The focus on identity shifts to the user experience

Even with security changes, user experience needs to be prioritized. Durand states that customers don’t care much about the technical processes behind the scenes. They want an easy digital experience that allows them to access their accounts and make purchases. Companies that offer seamless user experiences to consumers will be preferred over those that don’t.

Rise of CISO

Durand says that cybersecurity will become a more important focus for corporate boards. More people will report directly the CISO to the board and the CISO to the board. A Gartner forecast predicts that more boards will establish a dedicated cybersecurity committee before 2025.

Durand states that CISOs are able to clearly identify the risks facing the business and offer solutions to minimize or eliminate them. The office of the CISO is a way to keep employees informed and fluent about security risks that could affect the company and their own safety. It is possible to have the CISO at an appropriate level within the company and ensure that critical security risks are being addressed quickly.

Also, see