Budgets Point To Where Security Priorities Are Heading In 2022

Businesses are gearing up for another bumpy year of cybercrime. An ongoing barrage of phishing and ransomware attacks, third-party breaches like those involving Log4j and SolarWinds and the surge in remote work are but a few of the many reasons why almost 80% of security leaders still lack confidence in their cybersecurity posture. In response, a majority of them are planning to significantly boost their cybersecurity spend on infrastructure and outsourcing. Here are the top four areas where cybersecurity leaders will invest in 2022.

1. Cybersecurity Outsourcing

According to Gartner, Inc. (via CSO), organizations are expected to invest $77 billion in outsourcing of security services in 2022, making it the largest area of cybersecurity spending across all categories. An IDG study found that 62% of organizations have already outsourced (or are planning to outsource) over the next 12 months. There are a number of reasons why businesses are increasingly outsourcing security services.

Boost capabilities. Security analytics, alerting, network and endpoint monitoring, cloud monitoring, threat hunting, penetration testing and vulnerability assessment are examples of functions that may be difficult to perform in-house.

Address staffing shortages. There is a massive scarcity of cybersecurity talent available, and existing staff is feeling burnout. In times of high demand, recruiting and retaining talent comes at a premium; therefore, more and more businesses are turning toward outsourcing.

Resources, expertise and technology. Building in-house security operations requires vast amounts of investment. Security requires high expertise, making it nearly impossible to be competent at everything. Additionally, regulations are increasingly mandating organizations to validate their security posture and strategy from independent third parties.

2. Location-Independent Security

The explosion of cloud technologies and applications, BYOD, IoT and remote work has permanently altered the corporate perimeter and created thousands of new vulnerabilities for most organizations. Identity is the new corporate perimeter requiring security teams to apply a heightened focus on identity management, authentication and authorization. Organizations must switch from traditional password protection to requiring more than one form of verification (i.e., multifactor authentication) and, eventually, moving forward to a zero-trust environment. Zero-trust technologies are a top spending priority for CISOs in 2022.

3. Evolution Of The Security Organization

According to a study by Deloitte, cybersecurity oversight has become one of the most important topics in the boardroom today. As boards hire more directors with cybersecurity expertise, conversations shift to risk management and value instead of health and performance. The growing scrutiny and accountability of cybersecurity are making leaders drive investments in technology, tools, resources and services that provide metrics and proactive insights on overall risk, posture and culture of the organization. In addition to this, risk management will become a key factor in business deals, vendor contracts and M&A activities by 2025. This will also drive further investments in security.

4. Evolving Technologies

As the threat landscape and attack surface evolve, organizations will spend more on emerging and maturing technologies. As noted in the CSO article, some of the technologies driving these investments are identity and access management, third-party risk management, real-time intelligence and zero trust.

Since the onset of the pandemic, more and more businesses have also increased their use of cloud technologies, prompting the need for incremental investments in cloud security. Identifying evasive malware, sifting through a large number of alerts generated by multiple security controls and correlating that data can be a near-impossible task for humans. The need for automated detection and response, which can identify and correlate attack vectors, becomes another important reason for additional investments.

Top Cybersecurity Priorities Over The Next 12 months

Security: As data becomes the new oil, the advent of 5G technology brings forth an era of hyperconnectivity. With thousands of devices connected to the corporate network, cybersecurity leaders know they must get better equipped at protecting sensitive and confidential data in 2022.

Preparedness: A cyberattack is no longer a question of “if” but “when,” and 2022 will be no different. Leaders will have to continuously monitor the threat surface and consistently improve their ability to respond to unexpected cybersecurity incidents and other unanticipated business risks like the pandemic and other disruptions.

Awareness: With Covid-19 continuing to haunt businesses, remote work is here to stay — and with it are concerns around security awareness and hygiene. Since a vast majority of attacks rely on human deception and manipulation, people can be trained to become front-line workers against major threats like phishing and ransomware. That’s why security awareness training is a major area of focus for cybersecurity leaders in 2022.

Expect the cyber risk landscape in 2022 and beyond to be broader and more complex. There will never be enough budget or resources to cover all contingencies. Risk managers and security leaders must get creative in their approach — to do more with less but never compromise. A small security lapse can result in big consequences.

This article was originally posted on Forbes Technology Council >