Infosec in 2022 and Beyond: Evolving Challenges and Opportunities

Follow-up to the OnCon Icon Awards, Alejandro and the infosec team at UDT, examine the evolving challenges and opportunities in the industry to help businesses anticipate the future of cyber crime

The following exploration of the infosec landscape comes after the OnCon Icon Awards 2022 held last June, where the Top 100 Information Security practitioners were honored for their contribution to the growth of the professional community. UDT’s VP for Risk and Information Security, Alejandro Mijares, was among the Top 50 Infosec Leaders recognized for inspiring business innovation by advising clients on data, infrastructure and risk management strategies.

As an important follow-up to the OnCon Icon Awards, Alejandro and the infosec team at UDT, examine the evolving challenges and opportunities in the industry to help businesses anticipate the future of cyber crime.

Widespread Cyber-Attacks

Cyberattacks increased 125% globally in 2021, with evidence suggesting a continued uptick through 2022, according to The World Economic Forum’s Global Cybersecurity Outlook report. As threats accelerate, leaders must urgently devise a more strategic approach to cyber risks.

While cyber-attacks have become more widespread and pervasive as the report suggests, their mechanisms haven’t evolved all that much in recent years. Phishing remains the most common and established technique targeting vulnerable customers and employees. The rise of remote work has effectively “loosened” controls due to the growing failure to enforce security protocols outside of the workplace.

This observation led the team to conclude that changing behaviors is just as important as applying security technologies in reducing the incidence of attacks.

Getting Down To Basics

Do SMEs have the basics of information security covered?

SMEs are particularly vulnerable to cyber attacks because their IT is focused on running the business and not on information security. The functions of information confidentiality, integrity and availability, which are essential to running a business of any size, go out the window when resources are tight. A vast majority of SMEs believe that an attack “won’t happen to us anyway”. They assume safety despite not getting the basics right.

An investment in information security and data protection could potentially prevent 80% of attacks. If SMEs recognize this, it could mean long-term success in an increasingly challenging digital landscape. This is an area where infosec professionals can deliver real business value.

Increasing Complexity

With the advancements in IT coupled with the growing onslaught of cyberattacks, ensuring information security has become increasingly difficult. Companies are turning to a variety of solutions to secure their highly distributed architectures. In other words, adding more complexity on top of complexity. This sets digital transformation back rather than forward and results in a widening exposure to threats.

For example, security and identity deployments consist of multiple tools that often are not fully integrated. In some cases, there are multiple tools that may duplicate supporting functions. Operating these tools requires many separate dashboards, multiple policy administration points and maintaining many ad hoc integrations. Now you have too many separate tools with too many separate dashboards.

The challenge facing infosec is integrating these stand-alone tools to work together in complementary ways and improve overall security posture by standardizing the way the tools interconnect.

Expanding Roles and Scope Of Work

In the advent of digital transformation, information security was considered an add-on business function. Gone are the days when information security professionals were mere advisors in support roles. Companies now realize that adding security as an afterthought leads only to more security failures.

Today, infosec practitioners are the tip of the spear in cyber defense. They are essential strategists who have greater sway over business decisions. Information security professionals now have to lead with a wider scope of responsibilities within the organization.

And as these responsibilities grow, information security professionals will be more deeply involved in the accomplishment of business goals, including setting the future direction for the company.

Influencing Best Practice

For information security to be successful, everyone who is part of the organization should take the responsibility of maintaining security policies and protocols. Simply telling employees to care more about security will not be enough to ensure it. Forming a habit for creating and upholding policies to maintain security is paramount.

This means information security professionals should proactively influence best practice and help members across the board to adopt a security-first mindset.

By helping them remember that each person in a business has some information at their disposal, and attackers have become adept at targeting small entities, including individual employees, to accomplish their sinister goals, will encourage everyone to take information security more seriously.

CISO-As-A-Service

Engaging an award-winning Chief Information Security Officer (CISO) with the experience of a business strategist is now within reach of organizations of any size. The right CISO is critical to an organization’s security resilience and ensuring the organization maintains regulatory compliance.

UDT offers a unique service to the cybersecurity field: Chief Information Security Officer as a Service (CISOaaS). This service provides a client with the necessary expertise to navigate the changing cybersecurity landscape without needing to hire an entire team.

What are some of the benefits of CISOaaS?

No need to hire someone full time
Leverage expertise from a pool of former CISOs
Provide oversight and management of day-to-day activities
Provide insight on reporting and cyber events
Fill gaps in key strategic security components

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.