The American company Gartner is the market research leader in the IT sector. Their reports and predictions help you stay prepared in a constantly evolving sector. Discover with us the essential elements of their report on cybersecurity.
Major trends in cybersecurity in 2022
1. Expanding the attack surface
In the wake of the health crisis, telecommuting has become more the norm than the exception. According to Gartner, 60% of knowledge workers telework, and 18% have no plans to return to the office. It's a new way of working that requires new digital logistics, a logistics that multiplies the angles of attack and therefore presents new risks for companies.
On this point, Gartner recommends thinking outside the box, going beyond traditional cyber monitoring, detection and response methods, in order to deal with a growing attack surface.
2. The cybersecurity network
Representing both a necessity arising from the expansion of the attack surface and an extension of the zero-trust model, the concept of cybersecurity meshing is a new conceptual approach to cyber architecture. Its aim is to extend corporate security by creating control perimeters at the level of each individual wishing to access a corporate asset.
Gartner predicts that by 2024, companies adopting this type of architecture will reduce the financial impact of security incidents by an average of 90%.
3. A need for global awareness
The human factor remains the major cause of the success of most cyber attacks on businesses, whether through error, misuse or social engineering. According to a Verizon study, 82% of data leaks are caused by the human factor.
Gartner sees this trend as evidence of the ineffectiveness of corporate cyber awareness programs, and recommends investing in changes to corporate culture to create more secure ways of working.
Cybersecurity predictions for 2025
1. Ransomware legislation
A real nightmare for businesses, the activity of ransomware groups has not diminished in France. According to a 2021 survey by Sophos, 73% of French organizations were hit by ransomware in 2021, and 34% decided to pay the ransom. To pay or not to pay is a choice that is still in the hands of executives today. That could change, however.
Indeed, by 2025 Gartner estimates that 30% of nation-states will legislate payments and negotiations relating to ransomware, compared with less than 1% in 2021, bearing in mind that in France AXA had already started the march in 2021 by refusing to insure victims of ransomware.
2. Cybersecurity as a lethal weapon
Cybercriminals' main motives for attack are usually extortion or business paralysis. However, in recent years, cyber attacks on operational equipment have become increasingly frequent and disruptive. In sectors such as energy or healthcare, these attacks can have catastrophic consequences.
Thus, Gartner advises security leaders in security and cyber risk management to prioritize this aspect of attacks over that of data theft. Indeed, according to them, by 2025 cybercriminals will have succeeded in weaponizing operational technology environments to cause human casualties.
3. Towards a global culture of cyber resilience?
According to Gartner, by 2025, 70% of CEOs will mandate a culture of organizational resilience to survive the simultaneous threats of cybercrime, catastrophic events and political instability.
The health crisis demonstrated that traditional risk management plans are not effective in the face of large-scale disruptions. Gartner's prediction shows that executives are increasingly seeing cybercrime not as an IT department responsibility, but as a risk management one. Gartner thus recommends rethinking the technical cyber stack in favor of organizational resilience capable of dealing with risks more serious than data leaks.
