A new year, a new COVID variant and a whole lot of new challenges

It’s not surprising that many of us have the same feeling – the year 2021 went by quickly. Logic states otherwise but two years of working from home and then a hybrid workplace approach has meant that our interactions with other people are still minuscule as compared to what we had in December 2019. But our interactions in the cyber world with unknown actors have grown manifold. The global business cycles took a massive hit when the Coronavirus reared its head in 2020 and the reverberations are still there, although we’ve seen businesses recover to a certain extent. Unemployment, shutting down of businesses and loss of lives, are the key numbers that we had been hearing for an awfully long time.

In this melee, there were a few who profited from the state of confusion that reigned supreme across the world. The vulnerable, in search of monetary help, fell prey to clickbait scams which resulted in their remaining savings being wiped off by scheming cyber criminals. Enterprises bore the brunt of increased cybercrimes and ended up paying a hefty price for not securing their vital assets the way they should have. A utility company’s network going down for a week owing to a ransomware attack is just one of the many known and unknown instances of cybercrime taking hold in the cyber-verse. Add to these crypto frauds with fly-by-night crypto exchanges sprouting up quickly and vanishing even more quickly.

As a cybersecurity professional, I have a wishlist for 2022. It’s a simple wishlist but one if it were to come true, would bring about a much safer and more inclusive global scenario.

1. Focus on the larger cybersecurity footprint

Enterprises as still waking up to the fact that cybersecurity is not just a checkbox that must be addressed. Increased awareness has meant that every contract was given out to a prospective vendor also has a cybersecurity audit of the vendor’s technology and data ecosystem. This is not limited just to connected devices, but also to the flow of data from one entity to the other and one person to a group of persons. Identifying the chinks in the armor is extremely important to ward off a cyber-attack and the big names across industries as finally taking the issue of cybersecurity with seriousness. More enterprises need to focus on a larger cybersecurity footprint in 2022 and by the looks of it, this is a wish that I see being fulfilled to a certain extent – it’ll just be a small step, though.

2. Focus on diversity in corporate boardrooms

I have written extensively about women in cybersecurity and it’s something that I believe, will bring in better talent to a field that requires more due diligence, finer analysis and proactive defence mechanisms. If you’re a woman, you’ll know that this comes naturally to us. Whether it’s coming from the responsibilities of running a household or as a working mom, we get these things better.

The corporate boards should take notice of the fact that a woman in cybersecurity brings two talents to the board – diversity and knowledge of cybersecurity, something that needs to be a board mandate. It’s a long road but with more women CEOs taking positions in global corporations, women in cybersecurity will surely be on the board and not just as presenters of cybersecurity threat scenarios, but as decision-makers.

3. Focus on keeping our children safer

A more connected world that’s accessible from a simple mobile device is also a more dangerous world for our kids if the checks are not in place. The number of online predators is only going to grow, in part owing to the absence of enforcement of laws meant to protect children, especially in developing and poor economies. A migrant crisis, for instance, could be a hunting ground for such predators.

It is the responsibility of streaming and social media platforms to ensure that predators are identified through better use of artificial intelligence and machine learning and that the redressal mechanism to flag a potential predator are in place, involving law enforcement agencies, for quick action. Cybersecurity doesn’t just end in our workplaces, it is a reality in our personal lives as well.

4. Focus on protecting strategic assets such as in the oil & gas industry

As we move to more renewable and sustainable means of generating power, the expanse of defining critical energy assets for a nation and for enterprises increases substantially. A malware or a ransomware attack can bring the energy supply chain down and can have catastrophic repercussions globally. It’s not sci-fi, it’s a fact.

The role of cybersecurity professionals is to ensure that such scenarios don’t play out in the real world and that the fragile global financial ecosystem, in wake of the COVID-19 pandemic, doesn’t break down through acts of cyber terror. Protecting strategic assets for the oil & gas industry and for the upcoming and lesser-regulated renewables sector is of prime importance from not just an operational point of view, but also from a global financial perspective.

Hope you stay safe and secure in the real world, as well as in the reel world. How cybersecurity is going to pan out in the metaverse is something to be seen.

Author: Deepa Seshadri, Partner, Deloitte India