Why 2022 Should be a Year of Cybersecurity Optimism

2021 has been a year that few in the cybersecurity world will miss. From coping with the ongoing effects of the COVID-19 pandemic to emerging trends and threats in the world of ransomware, the last 12 months have been incredibly taxing for the cybersecurity industry, both professionals and everyday individuals alike. And as a result, many fear that 2022 will be just as hectic, or worse. But this doesn’t have to be the case.

There is no shortage of “scary” statistics and perceived reasons for pessimism when it comes to the cybersecurity outlook for 2022. It is true that we have a lot of really bad days in the cybersecurity world (such as dealing with the Log4j vulnerability in the middle of the hectic holiday season, for example). These bad days can make us as an industry want to sound as many alarm bells as possible. Unfortunately, after years of the cybersecurity industry relying on FUD—fear, uncertainty and doubt—the fact remains that vulnerabilities and threats continue to be a staple of everyday life. But that doesn’t mean that we should just give up—it just means that a tweak in approach is necessary.

The cybersecurity threat landscape gets more and more sophisticated every day. And while it is incredibly important for people to know what the landscape looks like, the situation is not nearly as hopeless as it may seem. For example, according to IBM, 95% of cybersecurity breaches involve human error as a major contributing factor. So, despite how insurmountable the news cycle may make cybersecurity seem, if we can do a better job of demystifying cybersecurity and make it more accessible to the public we can make a real dent in cybercrime. So, how can we make this happen? What it really comes down to is combating FUD.

With that in mind, here are a few ways that the cybersecurity industry, businesses and individuals can work together to capitalize on the untapped positive potential we possess in 2022.

Catching More Bees with Honey

For decades, the messaging around cybersecurity has been grounded in scare tactics and the negative outcomes of a breach. But what about the positive and proactive steps that can be taken to prevent a breach from happening in the first place? All too often, the narrative around cybersecurity relies on trying to scare people into doing the right thing. However, with cybercrime up by 600% during the COVID-19 pandemic—and likely to grow—it has never been clearer that FUD doesn’t sell, doesn’t influence boards and doesn’t change end-user behavior.  

Instead, people are looking for hope, convenience and peace of mind. And the good news is that many of the most effective tactics we have available—including password managers and MFA—check off both the convenience and peace of mind boxes. All we need to do now is add hope. Companies and their marketing teams need to shift to a “can do” narrative that allows individuals to feel empowered and supported—not fearful and overwhelmed. This type of “wholesome” and positive messaging has done wonders for other industries in terms of driving adoption for years. For example, car ads don’t say, “Buy this car or you will be miserable and unsafe driving your old one!” Instead they say, “Buy this car and you’ll feel great driving it!” while highlighting that model’s safety features. This subtle tweak in messaging can help to reset people’s perception of cybersecurity and help to underline exactly what they stand to gain by taking simple steps.

Sussing Out Shadow IT

Ask a security professional what keeps them up at night, and they’ll likely say, “The things I don’t know about because I can’t protect against them.” Shadow IT is just that kind of problem that won’t go away. A whopping 80% of employees admit to using SaaS tools at work, in many cases without IT’s approval. Needless to say, this can have hugely negative consequences on a business’s cybersecurity posture.

The first step is admitting that you have a problem. Quantify and qualify the problem; measure it and consider writing a risk assessment, if appropriate. Then, formulate a plan to get the problem under control. This means having clear guidance and protocols in place for tools adoption and procurement and pairing these with adequate safeguards for each. In other words, no more “administrator-less” downloads from the web. Leverage your training and awareness manager to craft an employee communications campaign, educating employees on your procurement and third-party risk policies.  

Embracing Shared Responsibility

Cybersecurity is all about shared responsibility, communication and collaboration. Yet, for decades the fear of retribution from bad actors has precluded businesses from actively and openly engaging with their customers with regard to cybersecurity.

Someone wise once said that the best defense is a good offense. And this is certainly true in cybersecurity, as companies that take proactive steps in their cybersecurity are the bane of bad actors’ existence. But for all of the investment in tools and talent, without the help of customers, businesses remain just as vulnerable as ever. Luckily, driving engagement with consumers is incredibly straightforward. For example, instead of relying on customers to do their own research, businesses can easily deliver guidance directly to their customers’ inboxes. Moreover, businesses can use this shift in communications as a key cog in building trust and loyalty.

Simply put, the time has come for businesses to put cybercriminals on the back foot. And by shedding its fears over bad actor backlash, and building deeper security connections with consumers, 2022 could finally be the year when the tables get turned.

The time has come for the cybersecurity industry to make the move from reactive to proactive. By shifting towards a more proactive and empowering approach, 2022 could finally be the year where businesses are able to create a more proactive, positive stance in the face of cybersecurity threats.

Avatar photo

Lisa Plaggemier

Lisa Plaggemier is Interim Executive Director at the National Cyber Security Alliance.  Lisa is a trailblazer in security awareness and education, and is a prominent security influencer with a proven track record of engaging and empowering businesses and their employees to protect themselves and their data.  Lisa has held executive roles with the Ford Motor Company, CDK Global, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. 

lisa-plaggemier has 1 posts and counting.See all posts by lisa-plaggemier