Critical Infrastructure (CI) / supply chain targeted   

(state-sponsored, cybercriminal gangs) with ransomware and malware attacks.

CI is a high-profile target for both geopolitical and economic considerations for hackers.

This critical infrastructure includes defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking, and finance.

Protecting critical infrastructure Industrial Control Systems (ICS), Operational Technology (OT), and IT systems from cybersecurity threats is a difficult endeavor.

They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies.

Protecting the critical infrastructure supply chain in IT and OT systems will be a public and private sector priority. A special concern for the supply chain is third-party risk and their partners’ visibility in the chain.

Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools.

Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms. 

Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges.

The public and private sectors are currently facing challenges from a cybersecurity talent shortage.

A report from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. And 2022 is not showing any signs of improvement in hiring.  

The Internet of Things (IoT) will pose a growing cybersecurity risk.

IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.

IoT incorporates physical objects communicating with each other, including machine-to-machine and machine-to-people. It encompasses everything from edge computing devices to home appliances, from wearable technology to cars.

IoT represents the melding of the physical world and the digital world.  They differ from conventional computers as they are highly specialized and usually small, both in physical size and computing capacity.

A cybersecurity challenge of IoT is the lack of visibility and the lack of ability to determine if a device has been compromised and not performing as intended. The increased integration of endpoints combined with a rapidly growing and poorly controlled attack surface poses a significant threat to the Internet of Things. Protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices. It will only worsen in 2022 as connectivity grows.