This is some text inside of a div block.
Glitch effect

Hot Takes and Cyber Predictions for 2022

Contributors:
Special thanks to our Contributors:
Glitch effectGlitch effectGlitch effect
Glitch banner

The new year brings new beginnings, new perspectives and a whole trove of new trends to look out for. 

We recently hosted our first Tradecraft Tuesday episode of the year and things got a little… heated. Our founders (Kyle, Chris and John) shared their hot takes and predictions for 2022, and they added a bit of extra 🌶 spice 🌶 to it.

Without further ado, here are the things we wish will happen this year (but let’s be honest: they probably won’t). As you read through this recap, note the hint of sarcasm in each of these—they were made to be controversial and a little tongue-in-cheek. 😈

1. Vendors will fix their rebranding/SKU mess and make offerings understandable

Can we take yet another Microsoft Defender renaming? I doubt it. 

Our hope for this new year is that vendor offerings will be straightforward so you know exactly what you’re buying and what the other options are. After all, how can you build the best stack when you’re confused about what’s in it? When you have to pair SKUs to get the full managed security offering, that’s when you know something is not right.

We realize this will take some time and effort from all vendors, so this one is for all you vendors out there: Please add “make our SKUs easier to understand” to your list of resolutions!

2. We will finally move on from on-premises-focused security stacks

If there’s anything that 2020 and 2021 taught us, it’s that remote work works. It seems like it’s here to stay, which means the general workforce will be working from home or their local Starbucks (watch out for those shady WiFi networks) and they’re no longer protected by the perimeters of the office. 

Very few offices are remoting into their home stack and still protected by whatever the on-prem solution is. You just don’t see that, and maybe it’s because of manageability and cost. 

Before the shift to remote work, the cost of securing a network was typically based on how many offices you needed to secure, and it didn’t matter if you had 500 or 50 PCs included. But now, the cost has changed to per endpoint. The edge now includes everywhere your devices roam to—although it might cost more, it’s worth the protection at every endpoint.

3. IT departments will enable auto-updates on the basis of risk vs. reward

I’ll let the founders take this one:

4. SMB IT/security teams will mature their security operations and adopt enterprise metrics

Of all of these predictions (snarky or not), we really hope this happens.

As IT budgets become tighter every year, more are opting for free or bundled security software—but the long-term cost could end up being greater than you’d think. To fix that, we need to start having conversations that address the massive gap that exists today between aligning security and business goals.

Every IT or security team should be measuring metrics to prove that you’re doing and securing what you said you would and even justify asking for more budget. Some of these metrics could include: 

  • Total Cost of Ownership (TCO)
  • Mean Time to Detect (MTTD)
  • Mean Time to Respond (MTTR)
  • Mean Time to Contain (MTTC)
  • Recovery Point Objective (RPO)

Defining and measuring metrics is a lesson we can take from the enterprise world. By doing so, you can get a good baseline, see how to raise that bar and also show your worth as a security provider.

5. Technical folks will finally learn the differences between security offerings 

This one might happen after the SKUs get simplified. There are so many different acronyms and security offerings out there. Between AV, NGAV, EDR, MDR, XDR, etc. it’s hard to keep track of which flavor of security is right for you.

To get some clarity, we should start demanding more from our education and more from our vendors. This is especially important if you need to think about “how do I check this box appropriately?” for insurance or compliance purposes. 

This is important because it boils down to your own offering. If you’re truly going to offer high-end security services, you first need to understand what your stack includes (and maybe what it doesn’t) and you should be able to explain that to your customers.

• • •

These are just a few of our spicy predictions for 2022, and there are plenty more where these came from. You can go and watch this episode in full—and be sure to check out past episodes or register for our upcoming episodes of Tradecraft Tuesday!

Share

Sign Up for Blog Updates

Subscribe today and you’ll be the first to know when new content hits the blog.

By submitting this form, you accept our Privacy Policy
Oops! Something went wrong while submitting the form.
Huntress at work
Threat Analysis
Threat Analysis
Cybersecurity Education
Cybersecurity Education