2021 was a busy year for cybersecurity professionals with a big spike in attacks, both in terms of volume and severity. As we look ahead to 2022, Daniel O’Neill, Global Security Leader for MDR Operations at Bitdefender shares his expert insights into what we can expect for the coming year.

With four in ten businesses having reported a cybersecurity breach in the UK over the last 12 months, organisations are preparing themselves for when, not if, they will be attacked by malicious actors.

In this environment, CISOs and cybersecurity teams need to be on constant alert and keep their fingers on the pulse for the latest developments to protect their organisation.

Some key trends to look out for are outlined below.

More public and private sector collaboration

As cyberwarfare and attacks against infrastructure increased over the years, government organisations have needed to develop security expertise and powerful countermeasures.

So, it’s no surprise that threat actors are now widening their focus to softer targets in the private sector. After all, why go after a country’s secrets – that you’re realistically unlikely to get – when you can have just as much disruptive impact on a nation by bringing down a large bank, energy supplier or healthcare provider?

This means businesses and private sector organisations will have to adapt their approach and be more proactive in “hunting” for anomalies that could indicate the presence of an adversary in the environment. If you are not looking for it, how would you know it could already be in the environment?

The sheer pace and scale of life-changing technological advances coming out of the business world means that all government bodies will have little choice but to work more closely with the private sector. We saw the comments from the head of MI6 , making it clear his intention to increase partnerships with tech firms.

So as public and private now face the same cyber threats, it’s only logical that they  work more collaboratively to defend the nation’s strategic intent and business interests.

Knowledge sharing in the cybersecurity space must be a two-way street. There is a lot that businesses can learn from public sector cyber defence experience, and vice versa, as methods for detecting and responding evolve with the latest technologies and proactive monitoring, early detection and rapid response to minimise the impact of a cyber-attack.

Just as cybercriminals are sharing lessons, tactics, techniques and capabilities amongst themselves and developing skills to move from one target to another, cybersecurity professionals across public and private sectors need to collaborate and learn from each other to combat today’s ever-growing threats.

Building upon initiatives led by the likes of the UK National Cyber Security Centre, and sharing information openly, helps to fight the stigma associated with getting hacked. Accepting that it can happen to any organisation, private or public, and promoting better intelligence-sharing will help protect companies against future attacks.

This level of transparency can disrupt criminal activity and, in some cases, lead to arrests. Recently the Department of Justice announced the arrest of two members of the ransomware gang REvil and the recuperation of $6.1m. This milestone event involved the assistance of private companies – including Bitdefender.

Expect to see plenty more public and private sector cooperation in the cyber space next year.

Cyber moves into the C-Suite

2021 saw CEOs really sit up and take note of cyber risks, following a wave of ransomware attack headlines in the media. Cyber jumped to second place in the list of biggest threats to business growth among CEOs, so it’s no surprise that tougher board-level questions are being asked of CISOs. It is a surprise that some CISOs are still not talking directly to, or indeed are part of, their company’s board though. Communication is vital. A lack of interaction between CISOs and boards significantly contributes to the success or failure of a cybersecurity programme at any level.

In an age where data access and availability are essential to business operations, it is crucial that cybersecurity is front and centre in the minds of senior leadership. This is only realised if the CISO has direct lines of communication into the highest levels of leadership. At the same time, being on the board would give the CISO visibility into the wider goals of the business and ensure that security incorporates business goals and objectives. This can only be achieved if the CISO has a seat at the “top table”.

2022 is the year that serious businesses will begin to realise this.

Closing the cyber skills gap

A shortage of adequately skilled cybersecurity professionals, coupled with the security complications brought about by a sudden and adoption of flexible working practices, is leaving many organisations more vulnerable. In the absence of talent in the labour market, there is a business-critical need for all organisations to upskill internally as a matter of urgency.

At the moment, unless an organisation has experienced first-hand the impact of a breach, many companies treat cybersecurity training as an annual “check box” exercise.

Businesses need to get a lot more serious about building cyber skilled teams, and cyber aware cultures, within and across their organisations. This means robust and continuous programmes of skills training and development for all members of staff, not just those in security teams.

However, the business world cannot do it alone. The cyber threat is now a society level problem. Everybody needs to become more cyber aware, and especially to prepare those getting ready to enter the workforce. That means government initiatives to create a stronger skillset in the younger generations and placing more emphasis on cybersecurity training in schools and further education.

By providing these initiatives at an early age, not only will it attract more talent and diversity within the UK’s cybersecurity workforce, but it will also instil a heightened awareness for a range of cybersecurity threats that people could be susceptible to at an early age. A vital skill when considering one-third of children have full access to mobile phones, tablets and computers.

Look out for more of an emphasis on cybersecurity skills development in both the business world, and across the education system, over the next year.

Ultimately, 2022 offers an opportunity for a better understanding of cybersecurity threats and risks – from a CISO sharing learnings with peers to employees better adopting cybersecurity training measures. What’s clear is that to stay ahead of hackers and reduce the risk of an attack, cybersecurity professionals must continuously innovate and communicate to protect their organisation’s defence.