2022 Predictions: Businesses will need to focus on zero trust and a security talent shortage

In May 2021, President Biden signed an executive order designed to tackle the nation’s cyber security issues head-on, including supply chain security, incident detection and resilience to threats. But arguably, the most important order of business is the call for federal agencies to adopt a zero trust approach.

Reports also suggest that the Pentagon will formally launch a new office dedicated to expediting the adoption of this new zero trust security model.

This comes off the back of a series of damaging cyber attacks in the last 12 months, including a ransomware attack on the Colonial Pipeline, one of most high profile security stories of the year. The attack shut down a 5,500 mile fuel pipeline on the east coast of the US, which carries 45 per cent of the fuel used on the east coast.

Of course, this isn’t just a government (or supply chain) problem; it’s something that affects every sector in every part of the world – it’s universal. The question is whether we will start to see the private sector now shifting their mindset to models based on zero trust and to zero trust-first security strategies? If so, what will they need in order to do this effectively?

The US government calling out widespread security failings is a good thing and will almost certainly force others to change their ways and move more quickly. Companies may start to realise that they have to look for an alternative approach. I hope the fact that there is an emphasis and urgency by government on implementing zero trust means that organisations will recognise it as the blueprint to follow.

I expect to see a directive from government around implementing a zero trust strategy, which in turn will be followed by industry bodies and then organisations.

The impact of the talent shortage in security

Microsoft has announced a partnership recently with community colleges around the US to provide free resources in an attempt to help end the shortage in cyber security professionals by 2025. The question is whether this shortage of readily available talent will impact the security industry over the next year or so and how technology can help to mitigate this.

In the immediate future, the talent shortage will remain a problem. We have found this ourselves. It is getting better, but more investment is needed. People are recognising that security is an interesting and lucrative career, but there aren’t enough people and I think there will always be a struggle to keep up with growing demand.

Look at it from a technology perspective, and it stands to reason that if there are less security incidents to manage, there is less need to recruit new talent into the industry and the impact of the talent shortage will be greatly reduced.

We need to give them the tools that they were hiring services to do in the first place. The shortage is not going away any time soon so solutions need to be built around it. Better solutions will mean fewer incidents.

We need automation of solutions and automatic remediation. These tools will need to adapt to changing environments and to be built with a more holistic approach in mind, off-prem, on-prem, in the cloud and in a hybrid environment as work models evolve.

All of this falls under the umbrella of zero trust, and, as we mention above, this is the blueprint that businesses should be using as the building blocks to robust security.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.