As our lives grow more digital each day, we're witnessing an exponential growth in data collection and data breaches. This is especially common among financial institutions and entities with large, complex and legacy infrastructures.
Here are some things I expect to trend in 2022.
Put MFA on everything then make it invisible
Multi-factor authentication (MFA) is on its way to becoming a global mandate. As we work diligently to hold our ground and advance against the global threat landscape, we will see more government and industry consortias begin to mandate the use of MFA to combat authentication fraud. Just as quickly, driven by a new kind of fatigue, MFA fatigue, we will see companies leverage risk signals to reduce the burden of MFA prompts.
Cybersecurity Becomes an ESG Issue
Security in our digital systems isn't just good business, it's paramount for a functioning digital society. Compromised data and a lack of trust that companies will keep our personal information secure impacts more than just technology, it tears at the fabric of trust in our way of life. There is growing recognition that cybersecurity is a social pillar of a responsibly functioning society, akin to the responsibility to look after our environment, social and governance (ESG) issues.
Bad Bot Tsunami
Automated, brute-force bot attacks regularly overrun customer-facing systems, and the problem is growing. We must leverage AI and machine learning to detect and protect against bots impersonating humans to create new accounts or attempt account takeovers. Zero Trust, after a decade of focus on authentication, will continue to drive a shift to authorization. Identity is more than just certainty about the individual seeking access. It's also about authorizing appropriate access for each legitimate user.
The Rise of Digital Wallets
Users will continue to store verified data about themselves on their phone—taking back control of their personal data and enabling more convenient digital transactions. We expect more movement in this direction as more individuals demand it and more organizations offer apps like ShoCard that securely store digital state and federal IDs, vaccine verification cards, proof of insurance, vehicle registration, employee badges like those provided by Apple and Google to their workforces and much more. Securely storing more personal data digitally will extend to other types of identity data, giving individuals more privacy and control over how their personal information is shared and used.
Attacks on Zombie and Shadow APIs
The industry expects more than 90% of attacks in the coming year will focus on APIs. Salt Labs' State of API Security Report reveals a 348% increase in API attacks in the first half of 2021 alone. For organizations without adequate API governance, controls and security, this is the weakest link. Zombie APIs that are not properly retired and shadow APIs that exist outside of an organization's official security processes make things easier for bad actors. They can simply direct an attack on the access points they know no one is paying attention to.
IT and OT Converge
Information technology and operational (physical) technology will collide and IT teams will assume responsibility for OT security. That means there must initially be interoperability between IT and OT. That's followed, ultimately, by eliminating redundant technologies and converging siloed systems to better control who gets permission to set foot in a building and who is granted access to apps. Modern physical security systems will be integrated with cybersecurity networks. They will communicate to better thwart outside threats along with any posed by current or former employees. This will centralize, streamline and improve the efficiency of organizations' comprehensive security stance.
The Rise of CISOs
Corporate boards are increasingly concerned with cyber risk, as attacks and breaches can compromise revenue, stock price and a company's very existence. This will lead boards to demand more frequent updates and detailed accounts of risks and mitigation efforts to protect the organization. The chain of command will shift, with identity leaders reporting directly to the CISO. The CISO, in turn, reports to the board. Gartner predicts more than 40% of boards (compared to just 10% now) will have dedicated cybersecurity committees in direct contact with CISOs by 2025. Given growing threats, cybersecurity professionals would be wise to push for board/CISO collaboration to happen faster and more broadly.
Identity Focus Shifts to Experience
In 2022, we will see a growing focus on improving the end user experience. More and more individuals and organizations recognize no-code, low-code identity orchestration as the way to enable agility and ensure extraordinary end-user experiences. Connecting everything means UIs are faster and easier to build, manage and change. This eliminates disjointed, siloed user experiences, reduces friction and ensures superior, consistent end-to-end customer experiences.
We've had a physical global marketplace for decades. The ongoing integration of that with our digital world and the escalating battle against bad actors continues. Efforts to protect data and improve the user experience must keep up, at minimum, and ideally will lead the way to a safer, more secure and friction-free world. Those of us at the forefront of these efforts embrace this challenging opportunity.