2022: An evolving cybersecurity landscape

As we move to the conclusion of 2021, CEO John Vestberg takes a look at the cybersecurity trends he sees developing in 2022. Some new, some heard before but remaining just as vital, organisations are facing an avalanche of cyber threats which are placing data and reputations at risk.

1. Keeping your cloud safe and sound

When thinking about business infrastructure, what’s the first thought that comes to mind? Buildings, utilities, phone lines? All the basic things that an organisation often requires to remain operational. Now, imagine being told that those items are to be relocated to somewhere far away where they can be accessed by others.

It seems a strange situation that few would be OK with, but that’s exactly what’s happening when organisations utilise public cloud networks, particularly those delivered by US- or Chinese-based providers. When data is held within data centres on their soil, it’s then under their sovereignty.

For example, in the US, this means data is under the jurisdiction of the Patriot Act, enabling law enforcement access for the purpose of foreign intelligence and international terrorism investigations. While in China, ‘The Cybersecurity Law of the People’s Republic of China’ has raised issues around IP theft, with data possibly falling into the hands of local competitors or the Chinese government. Either way, it means data possibly being accessed by parties it wasn’t meant for.

Additionally, housing data in data centres a few thousands of kilometres away makes you vulnerable to cyberattacks within those regions and you’re not close should something go wrong physically. So, while the public cloud can offer financial benefits, when not adopted correctly – i.e., through a European provider – it generates far greater risk.

2. Consolidate and increase visibility into your security posture

With ever-evolving cybersecurity threats, as a CISO, answering the question “how well protected are we right now?” can be challenging. Being able to evaluate your security posture and, better yet, be in a position to patch where there might be shortcomings is crucial to ensuring that an organisation remains protected at all times.

Central to this is consolidating your security architecture. In doing so, this helps protects against all IT attack surfaces – cloud, endpoints, networks and mobile devices – as they all share the same robust prevention technologies. It also provides clear visibility and control over how and where data is held, the systems that are in place to protect it and any potential threats or vulnerabilities it may be subject to.

And with the ‘work from anywhere’ trend set to stay, it’s important for organisations to have this central view. Perimeters for protection continue to broaden and be tested, and criminals are targeting business critical data, such as is the case at Volvo and Twitch.

3. Maximising your 5G security measures and staying protected

By 2027, it’s predicted that almost half (49%) of all mobile subscriptions will be 5G. That means over the next few years, we’ll see rapid adoption as networks evolve to carry the new spectrum while ceasing supporting for the older ones.

5G doesn’t simply have an impact on consumer mobile usage, however, it is going to revolutionise how organisations operate. It will enable greater innovation in IoT, AI and Edge deployments, for example, with many of its other potential use cases not even thought of yet.

To keep up with the demand, network operators must evaluate their own infrastructure to understand if they can deliver 5G seamlessly and, critically, safely. Cyber criminals are rubbing their hands together because the more complex networks required to support 5G – as well as the huge amounts of data that will flow through them – is an opportunity for them to launch more attacks across numerous touchpoints.

Therefore, network operators need solutions that can protect the entire network, from the edge via the core and all the way to the internet or other operators. Not only will this limit the impact of a breach across the overall network through network segmentation, but it also greatly reduces CapEx and Opex through the ability to scale as capacity demand increases.

4. Limiting the likelihood for human error

The situation at IKEA provides an example of how phishing attacks are used as a potential avenue into corporate accounts and networks. What makes the ongoing events there more concerning is that attackers are utilising a reply-chain approach, meaning they’re sending their bait emails within compromised, legitimate email chains.

Phishing emails can already be hard to identify from authentic messages, but when sandwiched within legitimate chains, being able to spot them becomes more challenging and it requires employees to never drop their guard.

The human factor in any cybersecurity setup is often the weak link so it’s imperative that employees are educated to remain vigilant, particularly when working remotely. This is achieved through ongoing cybersecurity training delivered to all, not just those in the IT team. Cyberattacks can come from any vector, at any time, meaning defending organisations is truly a team effort.

Finally, it’s also critical that the actual training materials are regularly reviewed and updated too. Criminals are always evolving tactics so if you’re learning from content that’s even a year out of date, your network is vulnerable.