To gain an insight, Digital Journal caught up with VigiTrust CEO and founder Mathieu Gorge.
According to Gorge, a good place to begin is with an appreciation of how cybersecurity has evolved and how sophisticated cyberattacks have become. He considers: “If the evolution of cybersecurity has taught as anything it’s that security is a journey and not a destination.”
This means: “Technology, tactics, and processes are constantly in flux and every year brings a new threat, a new tech, and new methods of compliance. The new year ahead will be no different than years past.”
Consequently, Gorge says: “Cybersecurity will undergo changes, some big and some small.
We can expect some new executive orders in the U.S., not just around critical infrastructure, but also around minimum benchmarks for large enterprises’ security around health information and credit card information.”
The analyst also predicts: “I also think we’ll see 5-10 states try to put something like California Consumer Privacy Act (CCPA) into action in 2022. I don’t know if they’ll succeed, but I’m sure there will be a push. There will also definitely be a push for a federal privacy mandate, just as with previous administrations, but it takes time.”
Internationally, there are also activities to be mindful of says Gorge. He notes: “We will see a lot of activity around China’s Personal Information Protection Law (PIPL) and how it is implemented. China is not likely to tolerate businesses that break the rules, and consequences could be quite significant — ranging from high fees to the suspension of business licenses. The global impact is going to be huge.”
Shifting continents, Gorge says: “We expect a lot of activity in Africa, specifically sub-Saharan Africa. There are lots of new security clusters being created there. The new privacy regulations in Nigeria, Kenya and South Africa are like the European General Data Protection Regulation (GDPR)’s cousin. We’re seeing a global trend of GDPR becoming the basis for other regulations, which is quite interesting.”
Heading out of the European Union, Gorge adds: “I believe we’ll see issues related to Brexit and the transfer of data in and out of the UK, because the agreements need to be renegotiated.”
What does this all add up for cybersecurity? Gorge recommends: “I believe that in 2022, cybersecurity will see more development and integration with artificial intelligence (AI) and this will be fuelled by the various attack vectors and the cybercriminals’ determination to bypass endpoint detection and response (EDR) and anti-virus solutions.”
As a case in point. Gorge puts forwards: “We’re already seeing the European Union Agency for Cybersecurity (ENISA) and several security institutes and working groups in the US (including NIST) issuing guidelines around AI and the ethics of AI. It can be used by the bad guys to make their attacks more powerful and by the good guys to stop and predict their attacks.”
Weighing this up, Gorge explains: “Either way, there’s an ethical issue behind it At some stage, the machine will make a decision based on its own intelligence, rather than what humans want. We’re a long way away from Terminator: Rise of the Machines, but not far away from issues that will be brought to the courts in the US and EU.”
Resisting cyberattacks is not only about technology for the human factor also needs to be considered says Gorge: “I also think that the concept of building a security awareness culture globally is getting traction. We saw way more activity in October this year for Cybersecurity Awareness Month in the US, Europe, Africa, and APAC than any other year. People are looking for new ways to interact and make their training more memorable and more fun – probably due to COVID-19 and teams not being together”
This situation has made things a little uncertain, Gorge explains: “We unfortunately can’t predict what will happen from a COVID perspective, but hybrid work will continue. As an industry, we need to work on that hybrid model because, at the click of a button, we may need to go home or back to the office, and our access to the systems and data must be ready to go with the right processes and training in place.”
However, we can gain insights by tracking. By this Gorge means: “Observing the direction that the cybersecurity industry is going, more and more companies will need to focus on automating tasks such as compliance. As these legislative arms branch deeper into businesses of all sizes, automation will become a necessary component. By using tools to automate certain tasks like compliance with PCI, these organizations will be able to focus more on business-related functions as they deal with evolving tech and evolving threats.”
In conclusion Gorge tells us: “The new year will be exciting for the cybersecurity industry as it always is, and the new additions of technology and processes will certainly push the industry to be better at protecting consumer data. Through the benefits of AI and automation of day-to-day work, organizations will be in the best position to defend themselves against an attack or deal with waves of new cyber policy that the world will undoubtedly see.”