Cybersecurity: 12 trends and threats for 2022

1. Cybersecurity mesh

Cybersecurity requires a flexible and configurable architecture that allows different components to work together. This platform approach is what research firm Gartner christened “cybersecurity mesh”. Yves Lemage of Fortinet says, “Creating a single ecosystem of best-in-class security solutions, including connectivity and applications, creates better overall protection against cyberattacks.”

2. Zero-trust security

The motto behind zero-trust security is “never trust, always verify.” Jesper Olsen of Palo Alto Networks says, “It comes down to continuously validating every digital interaction and never assuming that authentication or access to devices, applications or workloads is conclusive. Zero-trust provides an opportunity for companies and organizations to properly rebuild their security network from the ground up.”

3. Shift from DevOps to DevSecOps

“Given the unprecedented influx of cyber threats, it’s advisable to include security even during the development process of new applications,” Wouter Vandenbussche of Proximus believes. “In this way, DevSecOps forms a logical extension of a DevOps approach. Just as you bring development and operations together, you also integrate security into the development cycles. That brings network management and its security together in an integrated way. That’s why looking for an internal or external party to cover the entire security aspect is a good idea.”

Nico Sienaert, Business Group Lead Security at Microsoft Belgium and Luxembourg

4. Cloud-proof security architecture

More and more companies are embracing the cloud. The Covid-19 pandemic and telecommuting have further accelerated the shift to the cloud. According to Steven Heyde of Trend Micro, “Malicious organizations are developing strategies to access cloud applications and services. That requires an integrated architecture that’s set up according to the visibility, scalability and accessibility of the cloud.”

5. From cybercriminal to criminal organizations

The days of cybercriminals trying to lure victims with emails in poor English and with poorly rendered company logos are long gone. Nico Sienaert of Microsoft says, “Cybercriminals today are much more organized and thoughtful. For example, they analyze the financial situation of the companies on their radar in advance and consider how much an attack might be worth. Hackers also prepare their attacks meticulously. They often hang around inside their victims’ IT environments for quite some time before actually striking.”

Yves Lemage, Manager System Engineering BeLux at Fortinet

6. Attacks via Linux systems

Yves Lemage of Fortinet expects more attacks to come through the Linux open source operating system. “Linux used to enjoy great popularity, primarily for back-end applications such as databases and web applications. Today, the use of docker systems for applications in the cloud is increasing. These docker systems are mostly based on Linux technology. In addition, Microsoft is making a subsystem for Linux available in Windows 11. All this makes Linux systems attractive prey for hackers.”

7. Importance of visibility

Steven Heyde of Trend Micro says, “IT networks are becoming increasingly complex and open. The number of users and devices is constantly increasing. Therefore, it’s important to gain visibility across applications, users and systems and networks. This allows you to prioritize risks and map out critical accesses.”

Jesper Olsen, Chief Security Officer Northern Europe at Palo Alto Networks

8. Passwordless future

Hackers don’t break in, they log in, so they need passwords. Nico Sienaert of Microsoft says, “Part of the solution is multifactor authentication. Face or fingerprint recognition or a code generator are used in addition to a password before access is granted. But we want to go even further. Microsoft is aiming for a world without an underlying password, for example by combining facial recognition with a code generator in an authenticator app. Anyone who has a Hotmail or Outlook address can already do this. Microsoft wants to extend this to the business world.”

9. Attention to Governance, Risk and Compliance (GRC)

Most companies and organizations have to comply with a wide range of standards, laws and guidelines around data security, quality and disclosure. An overarching process provides the necessary oversight and matching support to set up the designated procedures. Wouter Vandenbussche of Proximus: “GRC stands for governance, risk and compliance. It’s about identifying all risks, mitigating them and managing them. With a sophisticated approach, you help the business to further develop and launch new projects. With the growth of telecommuting and work independent of time and place, GRC is becoming even more important.”

10. Data privacy: globalization vs. localization

Countries or regions strive to encourage local industries to secure their citizens’ data. “One of the reasons for this is the open nature of the cloud,” says Jesper Olsen of Palo Alto Networks. “So cybersecurity teams need to expand their legal expertise in response to more complex use of the cloud and the additional security measures that come with that.”

Steven Heyde, Regional Director Benelux at Trend Micro

11. Deepfakes

In addition to new threats such as killware, where hackers target life-critical processes and devices in hospitals, Nico Sienaert of Microsoft also expects a rise in disinformation via so-called deepfakes: fake videos or messages that are almost impossible to distinguish from the real thing. “They can be used in many ways to manipulate opinions and inflict reputational damage,” Sienaert says.

12. Supply-chain attacks

The number of supply-chain attacks is growing. Smart targeted attacks with ransomware, for example, don’t just affect one company or organization, they impact the entire ecosystem. A chain is only as strong as its weakest link. Therefore, companies explicitly choose their new suppliers or partners based on how they have set up their cybersecurity. This keeps them resilient and ensures business continuity at all times.