Each December, security experts like to predict which themes will be prominent in the coming year. Such predictions often focus on which attacks will happen more frequently or which vendor solutions are more likely to be successful.
I’m proud to participate in the annual ritual. For my predictions below, I’ll draw on the extensive interactions I’ve had with AT&T business, government and consumer customers in the past 12 months.
My predictions cover a wide range of territory: consumer security concerns, work-from-home habits, network support for cloud computing, wireless security policies and security skills training. Each prediction derives from trends that I’ve seen emerging during our day-to-day work helping our customers work to secure their resources.
1. Increased consumer and small-business focus on cyber – including ransomware
At AT&T, we have the privilege to interact daily with millions of consumers and small businesses. Such intimacy allows us to understand their priorities in areas like network dependency, application usage and internet access. Over the years, we’ve seen the gradual adoption of cybersecurity as a priority, especially with increases in ransomware and identity theft. This is good news.
Next year, I expect to see this trend accelerate. Sadly, more attacks, especially from nation-state actors, are now automated. This can lead bad actors to increasingly target any size company or infrastructure with exploitable vulnerabilities. We expect the trend of smaller businesses being targeted with attacks to continue, and we’ll be working with those who want to protect against the growing threat.
2. Continued security support for work-from-home
When COVID-19 hit in 2020, the management and operations teams at AT&T mobilized quickly to help provide sufficient capacity to support the expected surges in work-from-home activity. While the pandemic was obviously unexpected, and while the decision to work from home increased at an unprecedented rate, the good news was that the shift to more flexible arrangements had long since begun.
My view is that the desire for individuals and groups to work flexibly will not only continue, but it will advance in speed and scope. With advances in 5G wireless services and broadband fiber deployment by AT&T and others, it is inevitable that workers will see the value in expanding their hybrid lives. This will require our AT&T security team to be ready in 2022 – and we look forward to the challenge.
3. Improved recognition of the role of the network in zero trust
My third prediction is directed at the expert cybersecurity community around the world. This includes practitioners tasked with protecting networks, as well as vendors and others who are charged with supporting this objective with new technology, advanced tools and novel techniques for cyber defense. This year, the community has become very interested in taking steps toward zero trust – a framework in which nothing is trusted and everything verified. This will be an important design concept in 2022.
As enterprise CISOs and their IT security staff begin to implement zero trust-based infrastructure, with emphasis on secure device-to-app session management, they will begin to truly appreciate the vital role the network plays in enabling such modern access infrastructure. The ubiquity of cloud-resident apps to any user with a device, in virtually any location, will be the centerpiece. AT&T is proud to support this foundational aspect.
4. Growing attention to wireless security requirements
Every enterprise security team in every industry can easily point to the myriad functional and assurance policy requirements guiding user access. Security policies, in fact, are the most mature and common aspect of enterprise protection programs, and this will continue into 2022 (which is good news for governance, risk and compliance programs and platform vendors).
But one area where security policies have tended to be lacking is wireless access. Certainly, some enterprise teams have developed requirements for prominent use-cases such as local Wi-Fi access or acceptable use of mobile apps. With zero trust networks and the emergence of 5G infrastructure, however, wireless security requirements will need to be developed more fully, especially for smart edge computing that can include wireless as a desired SD-WAN route.
5. Continued challenges with the cybersecurity skills gap
While our industry has made some gains in the closing of the massive cybersecurity skills gap, the reality is that most enterprise customers report to us a continued challenge. They have a hard time finding excellent staff who have the right set of security skills and who are available to work at the desired salary levels. This nagging skills gap makes the difficult task of protecting enterprise infrastructure even more difficult.
My final prediction is that in 2022, this problem will sadly continue for CISOs and their teams. Hopefully, human resources partners will work closely with senior security leadership. Together, they need to maximize training for mid-career individuals, optimize recruiting of young graduates with computer science degrees and help drive better quality-of-work packages considered valuable to cybersecurity staff (e.g., flexible work, lots of training).
Regardless of whether my five predictions are perfectly accurate, I am 100 percent certain of this: Our security team at AT&T will be ready and eager in 2022 to help our customers with their ongoing and emerging cybersecurity challenges. We had a wonderful year in 2021 working with our customers on security issues, and I’m proud that we’ll have the opportunity to continue in the coming year.