Security compliance predictions for 2022

Edward Tuorinsky is the Managing Principal of DTS, a Service-Disabled Veteran-Owned Small Business, that provides information technology and management consulting services in the areas of program management, governance, strategic planning, organization advancement, business process efficiency, software development, system integration, and learning enhancement solutions. Tuorinsky shares his 2022 predictions about security compliance, increased cyber posture, making investments in security, and adding policies to mitigate threats.

Cybersecurity awareness is at an all-time high yet breaches continue. Organizations know they need to do more to reduce their risk, meet regulatory requirements, and most importantly, meet customer and stakeholder demands. That means 2022 will be a year where organizations in both the private and public sectors will be forced to increase their cyber posture by taking steps to modernize, making investments in security, and implementing policies to keep pace with threats.

Security compliance predictions for 2022

Three areas that will receive the most attention include:

1. Government

Government data continues to be an attractive target for bad actors. Expect to see compliance frameworks like the Cybersecurity Maturity Model Certification (CMMC) evolve and be mandated for contractors and others that feed into Federal agencies. Also, look for more specific “how-to” guidance from the Cybersecurity & Infrastructure Security Agency (CISA) and National Institute of Standards (NIST) for agencies themselves. With plenty of notice that significantly more robust security is needed, we expect Federal, state, and local governments will spend the money necessary to raise the bar on security.

2. Mobile

Mobile phones will get even smarter and more secure. Known threats, including ransomware by text and attacks on mobile operating systems like iOS and Android, will be addressed. Also look for add-on security patches that boost bring-your-own-device policies at work and school, SIM cards to be used as tokens for two-factor authentication, and apps that offer authentication of photos and videos created via a phone.

3. Critical Infrastructure to Small Businesses

In 2021, CISA-issued best practices around nine cybersecurity goals establishing a minimum level of cybersecurity posture across 16 sectors, many of which include private businesses whose critical infrastructure supports national defense, lifeline sectors (i.e., energy, communications, transportation, and water); or where the failure of control systems could have impacts to safety. This year, we expect these standards to become controls that businesses need to comply with, under super-short timelines to implement.

While the CISA guidelines are intended for those organizations that potentially have impacts on critical U.S. infrastructure, they are also a prescription for all small- and mid-sized US businesses. Meeting cybersecurity standards help protect the economy, personal investments, and customers and employees.

As a business reading this prediction, where do you go from here? To start, we recommend using the CISA guidelines as a checklist to identify vulnerabilities and areas that need to be strengthened. Begin with training and awareness, and establish an incident response and recovery plan. The planning, testing, and integration to support these goals will undoubtedly be time-consuming and require ongoing costs. However, they are just a fraction of the cost of a breach or ransom. If you don’t have the expertise for implementing the technical configurations and logical controls necessary, look to a consultant who can get you up to speed in a few weeks.

Who we trust, at work and in our private lives, is a hot topic for 2022 as physical and digital lines continue to blur. We’re expecting lots of headlines, but also some solutions, as a result.