Digital security predictions for 2022

Newsroom -

November 18, 2021

The last two years have been marked by fraud, data leaks, and security breaches, due to the increase in the number of people online and using digital services during the pandemic. In addition, the economic instability in Brazil and throughout Latin America has generated concerns, leaving everyone more sensitive and unstable.

Companies are increasingly concerned with the security of computers, servers and electronic systems. The change of part of the employees to the home office model has also contributed to this attention on the part of companies.

Knowing the cybersecurity trends for 2022 is one way to look for solutions to make environments safer for everyone. After all, we know that cybercriminals are always on the lookout for gaps left in systems in order to break in and use information in harmful ways.

Check out seven predictions from DigiCert security professionals. Check out seven predictions from DigiCert security professionals.

1 – Supply chain attacks, ransomware, and cyberterrorism will continue to rise

The fallout from audacious attacks like the SolarWinds episode and the Colonial Pipeline breach was all over the headlines in 2021. The successful attacks illuminated three key cybersecurity battlegrounds – and likely emboldened hackers. Some threats likely to thrive in the coming year include:

• Supply chain complexity and vulnerabilities increase. The SolarWinds breach was based on malware in a software update that went undetected. However, protecting software is not easy in fast-paced DevOps-driven organizations. This is because most workflows are all about shipping results quickly, rather than security by design. As development processes and the device supply chain become more complex, the attack surface will only increase. The good news is that best practices, such as code signing, can help companies embed security at every stage of the development process. They can take control of development and confirm the integrity of code before it progresses through the development cycle and reaches customers and production environments. Awareness of the dangers of key sharing and code inspection throughout each stage of the development cycle, as well as preventing tampering after signing, will go a long way to protecting code. Setting up a software bill of materials (SWBOM) can also provide visibility into the origin of code by tracking all the components that make up a software application.

• Cyberterrorism encourages bad actors. Cyberterrorists have demonstrated their potential to cripple infrastructure in events such as the attacks on the Colonial Pipeline and the Oldsmar water treatment plant in Florida. The Florida incident may have had serious consequences, as the attacker was attempting to poison the city’s water supply. New opportunities are emerging all the time, limited only by the imagination of attackers, and high-profile technology environments, such as private space launches and elections, can be inviting targets. Public and private organizations that are vulnerable to spectacular cyberattacks need to redouble their focus on a zero-trust approach to security.

• Ransomware will continue to expand its reach. Ransomware attacks impacted a wide range of industries in 2021, including healthcare organizations, technology companies, automotive manufacturers, and even the NBA. Like cyberterrorist events, ransomware attacks often attract a great deal of press coverage, which can further embolden the evildoers in search of publicity. We predict that ransomware attacks will continue to increase, especially as the use of cryptocurrencies expands and makes ransom payments harder to track outside the banking system.

2 – Trust and identity, enhance business processes

Companies across all industries have been embracing digital transformation for years, and the trend is accelerating. Research shows that the global digital transformation market is expected to grow at a compound annual growth rate (CAGR) of 24% from 2021 to 2028. As complex technology becomes a deeper part of every organization’s most critical processes, we predict that the use of digital signatures will increase – and will require a stronger level of trust and identity.

• The stakes are growing for digital signatures. We predict that more workflows will be associated with digital signatures, in sectors such as financial services, real estate, healthcare, and education. Digital signatures are also useful for organizations with hybrid working, to integrate or support remote employees. The stakes are growing as digital signatures become more widely accepted, and a recent lawsuit in Austria / Switzerland invalidated a €3 billion settlement because it used the wrong digital signature.

Long a leader in the deployment of eSignatures, Europe is updating its eIDAS regulation, learning the lessons of the COVID-19 pandemic, to enable high-quality remote validation of signatories’ identities by qualified trust service providers. In addition, new proposals will dramatically expand the use of government-issued electronic identity to facilitate international interactions. These changes are part of an ongoing trend to restore control of identity to citizens rather than private companies.

• Identity and trust empower IoT and beyond. For data-driven use cases like IoT, trust is more important than ever. Devices like health monitors, industrial control devices, home security systems, and vehicle sensors all rely on the integrity of their real-time data to support processes and decisions. As the adoption of 5G technology accelerates, we will see increasing convergence in IoT and 5G applications – which may attract more attacks. PKI remains a robust and proven method for ensuring trust in IoT environments.

Last year’s predictions included a variety of security threats directly related to the COVID-19 pandemic. As the pandemic slowly subsides, we predict these threats will continue to exist. We are seeing increased use of contactless technologies in airports, retail environments, restaurants, and other public spaces – all vulnerable to cyberattacks. Digital identification schemes such as driving licenses and health records are becoming more widely used – and also remain potential points that can be hacked.

3 – Post quantum computing will challenge the security status quo

A DigiCert survey found that 71% of IT decision-makers believe that quantum computers will be able to break existing cryptographic algorithms by 2025. This means that security organizations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography, decreasing the possibility of security breaches. But many companies don’t have a clear understanding of the cryptography they deploy, so they will want to take proactive steps to locate all exposed servers and devices and update them quickly when a new vulnerability surfaces. We anticipate some major developments in the PQC world in 2022, as NIST is expected to announce the winner of its effort to replace the current versions of the RSA and ECC encryption algorithms.

4 – Automation will drive cybersecurity improvements

As organizations work to keep the lights on and examine the bottom line, there will be a resulting drive for efficiency in security technologies. Security teams will be asked to do more with even fewer resources. The year 2022 will bring an emphasis on technologies that enable organizations to do more with less, and automation will play a significant role in terms of security innovation in the new year. A recent DigiCert survey showed that 91% of enterprises are at least discussing automating PKI certificate management. AI and ML technologies will continue to play a key role in developing this automation.

5 – Cloud sovereignty will create security demands

In an increasingly multi-cloud world, traditional perimeter-based security approaches have become obsolete. We anticipate that cybersecurity challenges will become even more demanding as cloud services become more granular. Organizations are deploying cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls focus on protecting sensitive and private data and ensuring that data remains under the owners’ control.

For example, T-Systems and Google Cloud recently announced that they will build and deliver sovereign cloud services for the enterprise, public sector, and healthcare organizations in Germany. As more sovereign cloud initiatives emerge, we predict that organizations will require increasing alertness.

6 – VMC’s trust and identity will change the face of email marketing

It’s not easy to stand out in a hectic marketing environment, but new technologies are emerging that can help marketers make a lasting impression. According to a study by Wpromote, 31% of B2B marketers were making brand recognition their top priority for 2020. We predict that organizations will increasingly adopt Verified Brand Certificates (VMCs) to build their brand value and strengthen trust.

Part of a cooperative initiative with the Brand Indicator Message Identification (BIMI) initiative, VMCs certify authenticity to display a logo to email recipients directly in their inbox, before a message is opened. They are enforced by DMARC (Domain Based Message Authentication Reporting) security.

By using DMARC-protected VMCs, marketers not only strengthen their brand and improve open rates by up to 10%, but also show customers that they care about their privacy and IT security and are taking proactive steps to help minimize risk.

7 – Organizations prioritizing safety strategy / culture

Finally, we anticipate organizations working harder to strengthen a culture of cybersecurity, led from the top. We are hearing more about educating employees using phishing tests, mandatory online training, and cyber simulation exercises that take place at the board level to help C-level participants test their communication and decision-making strategies in the event of a major cybersecurity crisis. It is clear that cyber-attacks will continue to innovate and create more complex and insidious threats. Mitigating tomorrow’s threats will require leadership commitment and good communication across all organizations.