1. Internal protection

According to the report, 44% of security incidents in 2021 were the result of a weak human firewall, or employees who unintentionally facilitated a cyber breach, by falling victim to such things as phishing scams. In 27% of cases, unpatched software was to blame, while misconfigured services or systems accounted for 26%.

Given that the vast majority of workplaces were still remote in 2021, this trend makes sense. Home offices simply don’t offer the same protection as the traditional in-office setup—there’s no one to consult if you get a suspicious email, and it’s easier to overlook a critical software update. Even within traditional in-office set-ups, phishing emails are becoming more sophisticated, making it easier for individuals to unknowingly click if they don’t know what to look for.

To overcome these risks, a growing number of organizations plan to bolster spending in employee security and awareness training. This type of training can not only help employees identify red flags when opening emails, but educate them on the importance of locking computers when they step away, implementing multifactor authentication requirements, avoiding unsecured networks and using strong passwords.

2. Stringent segmentation

When a cyber breach occurs, it can quickly infiltrate your high-value systems—that is, unless you take steps to strengthen the divisions between these systems.

In 2022, many organizations plan to do just that. They recognize that, at this stage in the game, a breach is all but certain to happen. However, if you take steps to contain it, the damage can be dramatically reduced.

Not only are companies allocating more of their cyber budgets to thoroughly map the potential spread of a breach—and flag pertinent infrastructure vulnerabilities—but they’re also investing in new security tools, like zero trust. According to the IDG survey, 52% of respondents plan to research or pilot zero trust technology in 2022—a security tool that essentially replaces implicit trust of elements, nodes and services with stringent authentication and authorization processes.

3. External support

As cyber threats become more prevalent and complex, they’re exceeding the capabilities of internal IT departments, causing 49% to consider outsourcing some of their security functions (and 13% to outsource all their IT security functions over the next 12 months).

In most cases, this investment will seek to strengthen existing outsourcing efforts. Today, 38% of companies already rely on third party vendors to conduct evaluation services (e.g., penetration testing, risk assessments and security audits), while 33% outsource network monitoring efforts, endpoint and cloud, and security analytics. Companies plan to add to this over the next 12 months through things like behaviour monitoring and analysis (29%).

A critical step forward

If you’ve decided to enhance your cyber posture in 2022 and beyond, MNP can help. Our multidisciplinary team has the skills, expertise and experience to support you on your journey—however far along you may be. From vulnerability and cyber risk exposure assessments, to strategic and tactical planning support, we’re here for you every step of the way.

Want to learn more or to find a trusted cyber advisor? Reach out to us — we would be happy to chat.