The Information Security Forum (ISF), the foremost independent, nonprofit cybersecurity association with nearly 500 corporate members, today identified four pervasive threats organizations need to be prepared for in the New Year.
The ISF sees a number of organizational threats on tap for the foreseeable future, including more disruptive cyberattacks like ransomware, an expanding attack surface brought on by work-from-home arrangements combined with the adoption of edge computing and 5G cellular networks. The ISF also identified as a societal threat a “digital division” that is undermining diversity and inclusion.
Threat 1: Cyberattacks
Major cyberattacks are increasing, crippling organizations and government, triggering ripple effects across supply chains and critical infrastructure. No longer an exclusive issue for IT, cybersecurity is a strategic imperative for boards and government officials, given the ransomware attacks against the likes of Colonial Pipeline and JBS, the world’s largest meat producer.
Threat 2: Technology on the Edge
Adoption of edge computing can create a number of different points of failure and organizations may lose benefits associated with traditional security controls. 5G will provide a game-changing platform for businesses and consumers, but the pervasive connectivity and additional speeds will likely cause a broader attack field for bad actors.
Threat 3: The Never Normal
Established security solutions are no longer fit for purpose in the new world of the ‘never normal’, thanks to a constantly shifting security landscape. Winners and losers will be differentiated by how quickly they can adapt agile security strategies that must move in sync with these continually changing security conditions.
Threat 4: The Digital Division
The pandemic accelerated the digitalization of human interaction, e-commerce, remote working, and online healthcare and education. With this rapid expansion, a widening digital gap may worsen societal fractures. Progress towards digital inclusivity is threatened by growing digital dependency, rapidly accelerating automation, information suppression and manipulation, gaps in regulation and gaps in tech skills and capabilities.
Mitigations recommended by ISF analysts include:
- Promoting resilience by reprioritizing critical assets that have changed in value; continually improving breach response capabilities.
- Emphasizing GRC initiatives in flagging regulatory changes that might have negative impact on security efforts.
- Ensuring supply chain integrity by establishing alternative operating procedures for partners who no longer meet security obligations.
- Staying mindful of employee well-being in light of social isolation and potential insider threat actors.
Zero trust is another strategic security model organizations will need to embrace for 2022.
“Zero trust requires organizations to rethink endpoint security, access management and the moving and sharing of data. It’s about ensuring critical assets are protected, irrespective of where they might be located. Organizations will need to reexamine their government processes, their risk assessment and their risk planning.”
ISF Threat Horizon Reports
Each year, the ISF releases their latest ISF Threat Horizon series of reports, aimed at both senior business executives and information security professionals. These reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future. For more information, please visit the ISF website.