In 2022, nations and organizations around the world will continue working to protect customer data against hackers and accidental breaches. From new international regulations to artificial intelligence, here is a look at how cyber compliance is shifting priorities.
We often associate a new year with fresh hopes and optimism. While this is wonderful, we must not forget that each new year also brings new threats due to the ever-changing landscape of technology, tactics and processes. As long as tech is in flux, methods of compliance will follow suit. After all, security is a journey, not a destination.
Cybersecurity has evolved rapidly, and, along with it, cyberattacks have become more sophisticated. Governments around the globe are trying to crack down and stay ahead. We can expect that to continue in 2022. Some of these changes are big and some are small, but all will have an impact.
The United States Is Making Patchwork Changes
In 2020 and 2021, we saw an enormous spree of hacks. From SolarWinds to Azure, the attacks felt relentless. Over $500 million dollars from the Build Back Better agenda is earmarked for the Cybersecurity and Infrastructure Security Agency (CISA) to help state and local governments. In 2022, we can expect the U.S. federal government to implement new executive orders concerning the ways that large companies maintain the security of healthcare and credit card information.
On the state and local level, we will see more states trying to implement something like the California Consumer Privacy Act (CCPA). Massachusetts, New York and a few other states have active bills. While I am not sure that all these proposals will become law, they do signal a growing desire to strengthen data privacy. It takes time.
More Countries Are Protecting Their Citizens
International compliance standards are changing quickly. The European General Data Protection Regulation (GDPR), which went into effect in 2018, set off a global trend. Privacy regulations are popping up in Nigeria, Kenya and South Africa that look a lot like GDPR.
However, the most impactful new privacy regulation may be from China. In the fourth quarter of 2021, China’s Personal Information Protection Law (PIPL) went into effect. Considering the country’s hard line on certain rules and regulations, there will likely not be much flexibility for businesses that don’t comply.
The impact on international business relations will be massive. 2022 is when we will really see the effects of this law on operations. Some of the most significant consequences will include high penalties and license suspensions. Meanwhile, Europeans still must negotiate how Brexit will impact GDPR.
Artificial Intelligence Integration
Recently we’ve seen the European Agency for Cybersecurity (ENISA), the U.S. National Institute for Standards and Technology (NIST), several security institutes and other working groups issue guidance around the use and ethics of artificial intelligence (AI). It’s important to note that AI can empower both good guys and bad guys. Hackers and other criminals can execute more powerful attacks that bypass antivirus solutions and endpoint detection responses. However, cyber professionals and governments can also use AI to predict and stop those attacks.
For these reasons, I believe that in 2022, we will see increased integration of AI. Don’t worry; we are not on the brink of a world run by robots. However, we are likely to see other issues brought up in U.S. and EU courts, including AI bias, security and the ongoing need for human monitoring.
Ultimately, It Comes Down to Us
Cybersecurity Awareness Month has taken place in October since 2004. However, I noticed more activity in Europe, Africa and the Asia-Pacific region this year than ever before. If we are to successfully fend off cyberattacks, we cannot simply rely on well-meaning policies and the latest cutting-edge technology. Human habits must be factored into the equation. That’s why it’s heartening that the concept of building a culture around security awareness is picking up steam on a global level.
The fact is that, although COVID-19 itself is unpredictable, hybrid working environments are here to stay. As such, workers need the ability to access their information from anywhere at any moment. Companies need to provide this kind of flexibility while ensuring they have the proper procedures and training ready to go.
Organizations are automating compliance-related tasks for two key reasons, in my view. The first is that legislative bodies are asking more of companies of all sizes, and the only way for them to manage new compliance tasks is to automate certain functions. Similarly, the second reason for more companies to automate processes is that the ever-increasing volume of digital data exchange has exponentially elevated the risk of hacking, and so, security teams are ramping up automation in some areas, like PCI compliance, so they can direct resources to monitor emerging threats.
2022 will be an exciting year for the cybersecurity industry. Truthfully, I say that every year because of the pace of innovation. Cutting-edge technology and processes will motivate the industry to become better and more efficient at protecting consumer data. There’s no shortage of impending attacks or upcoming policies designed to stop them. But through artificial intelligence, automation and good old common sense, organizations can better position their defenses.
Mathieu Gorge is the CEO and founder of VigiTrust, providing Integrated Risk Management (IRM) SaaS solutions to clients in 120 countries across various industries. Mathieu helps CEOs, CXOs and boards of directors handle cyber accountability challenges through good cyber hygiene and proactive cybersecurity compliance programs. In 2021, the French government awarded him the rank of Knight of the National Order of Merit (Chevalier de l’Ordre National du Mérite) for his work for the French-Irish bilateral trade and in cybersecurity.
