To kick off the new year, we’re sharing our thoughts and predictions on what could shape the global cybersecurity landscape in 2022.
We interviewed industry leaders from our four key geographies – the UK, Asia and the Pacific (APAC), North America and Europe – to understand key developments in each region across the country. over the past twelve months, and what we might expect in the coming year and beyond.
Three key themes were evident in the four regionsâ¦
1. Governments are taking a much more hands-on approach to regulating and legislating cybersecurity and resilience
There seems to be a broad consensus among policymakers that the free market approach to providing secure and resilient infrastructure in the digital age has – so far – failed. As such, our interviewees see governments in their respective regions becoming more interventionist, introducing a growing number of seemingly strict regulations that organizations must adhere to. In some cases, there has also been a shift from outcome-based regulation to more prescriptive regulation, potentially indicating the lack of maturity of regulated entities in understanding what they need to do to achieve required outcomes.
These trends are particularly evident when it comes to securing critical infrastructure, with the EU expanding what constitutes critical infrastructure, the UK introducing flagship telecommunications security legislation, and governments in the Asia and Pacific region. taking steps to better protect their critical infrastructure. Meanwhile, in and out of the United States, the Biden administration is leading the global charge to improve supply chain security.
One area that could go against the grain, according to global research manager Jennifer Fernick, is decentralized finance (DeFi). As Jennifer and global CTO Ollie Whitehouse point out, DeFi’s value is stored digitally, making it particularly vulnerable to cyber theft on an unprecedented scale. Poor cybersecurity and resilience could be devastating for DeFi companies. As a result, we could see a market-driven, upward push for higher safety standards, in stark contrast to the regulatory-driven approach we’ve seen elsewhere.
In this context, organizations need to understand how laws and markets evolve in the jurisdictions and sectors in which they operate, and what steps need to be taken to comply with new regulations, protect their organization, and ultimately continue. to operate efficiently. This could be particularly difficult for companies operating on a global scale, especially those that own or operate critical infrastructure, because, while the overall goal is broadly the same for each jurisdiction, the way in which regulators want them to operate. organizations achieve it differs. As such, organizations may be better advised to design a plan that is cost effective while meeting all of the global requirements.
2. Global cyber rhetoric does not necessarily correspond to protectionist reality
There is no limit to the number of international declarations of intent, trade agreements and treaties agreeing to cooperate and collaborate to develop and adhere to an agreed set of standards in the digital borderless sphere. However, our interlocutors note a very different reality in their regions, where recent government action suggests an evolution towards inward-looking and protectionist policies. NCC Europe / Fox IT Managing Director Inge Bryan highlights the focus European policymakers have placed on digital sovereignty, while Ollie highlights new laws in the UK that give the government more power to intervene in foreign investments and acquisitions in key UK sectors. In Australia, as Regional Director General Charles Spencer points out, the government’s flagship Critical Infrastructure Security (SOCI) law, first introduced to manage national security risks posed by foreign investment in critical infrastructure, has been further strengthened. Meanwhile, in the United States, the Senate proposed the “CHIPS for America Act” which, if introduced, would see the launch of a massive program of government grants to support American production of semiconductor chips and reduce the country’s dependence on foreign supply chains.
Organizations operating globally face the challenge of looking beyond the rhetoric of what governments are saying on the global stage, and understanding and navigating the reality on the ground in the jurisdictions they operate. . To help organizations and achieve better security outcomes, nation states must balance their protectionist approaches with the need to work closely with their allies to achieve a coordinated response to cyber risks. This should involve going beyond high-level commitments to more clearly define which areas of digital policy require a truly comprehensive response, and those which are so fundamentally tied to the survival of a nation that nations will take charge. individually, while coordinating with their allies (eg through international treaties).
3. The value of security and resilience is on the rise
The increase in ransomware attacks, along with unprecedented digitization, connectivity, and technological advancements that present new and evolving security challenges, have led to an increase in the perceived importance of cybersecurity and software resiliency. in North America and the Asia and Pacific region. At the same time, wary of the increase in ransomware attacks and the growing sophistication of attackers, insurers have reportedly cut back on the coverage they offer customers.
Meanwhile, there is not enough cyber skills in the world to meet today’s challenges. This reinforces the need for increased investment to attract and train new talent. Industry partnerships with education service providers, diversity and inclusion strategies, and a focus on transferable skills all have important roles to play in making the cybersecurity industry more open and accessible.
These factors combine to increase the value of security. Indeed, while organizations must be prepared to invest more in cybersecurity and software resilience than they have done so far, they are increasingly seen as essential catalysts for a responsible and sustainable business. in the modern era. As the industry matures, however, organizations need to be reassured that better quantification of ROI will be available, which will give them confidence and justify investment decisions.
Views from around the world
Click below to read the interviews in full
âAs more countries realize that ransomware poses a threat to national security, I hope we will see a proactive and concerted response from governments. European intelligence services must join forces with their allies to develop truly coordinated and proportionate defensive and offensive cyber operations. Failure to do so will leave Europe massively exposed.
âExpect to see a much more hands-on and offensive approach to cybersecurity and software resilience from the UK government. We will see the UK’s new National Cyber ââForce, the new home for offensive cyber operations, become fully operational. My prediction for 2022 is that the Force will undertake the first UK government-led offensive operation against ransomware. “
âI am captivated (and concerned) by the security implications of the ongoing development within the AI ââresearch community of large language models. They are evolving rapidly and we are moving closer to a “codeless future” where tools using large language models replace traditional coding and application development. However, there are inherent security risks associated with using such tools, which requires a deep and serious research effort on the part of good faith security researchers, so that we better understand what is possible, before attackers don’t. This looming safety issue is not on the radar of policymakers, but it will be soon. “
âIn Australia and South East Asia, the focus on securing critical infrastructure and increasing the pool of skilled talent will dominate political agendas. The focus will be on reopening the region, and centralizing R&D, higher education and international cooperation to build vibrant and secure economies could be a factor. “