What does next year have in store for the cybersecurity industry? The “Top Five Cybersecurity Predictions for 2022” webinar presented by Steve Piper, CISSP, Founder & CEO of CyberEdge overdelivers and gives us TEN predictions for the coming year. The webinar, moderated by Brandon Dunlap, Leadership Partner, Security & Risk Management at Gartner, opens by covering the good, bad and ugly of 2021 and then moves to an engaging cybersecurity forecast for 2022. In the presentation, Steve mentions his regret in limiting the title to just five predictions, and expands upon the list by adding five honorable mentions. Top Five Cybersecurity Predictions for 2022 1 – The Overall Volume of Successful Attacks Will Decline 2 – IT Budgets Will Rebound

2022 Predictions for the Cybersecurity Industry and Advice for Newcomers or Those Working for Small to Medium-Sized Businesses By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, CISM, BCS CITP, and Richard Nealon, CISSP-ISSMP, SSCP, SCF, CISM, CISA As long-time information security professionals and (ISC)² Community Champions, we have experienced the way cybersecurity employees engage and work with one another continue to adapt in response to changes in the workplace and world at large. In 2021, we experienced a rapid evolution to these interactions. Like us, you may be wondering, what will 2022 look like for information security professionals? We have several predictions and topics of concern for the cybersecurity industry in the coming year, from overarching fundamentals to

Global C-suite executives are confident in their organizations’ preparedness to handle a ransomware attack, according to a newly published (ISC)² ransomware study titled, “Ransomware in the C-Suite: What Cybersecurity Leaders Need to Know About What Executives Need to Hear.” Although confident, C-suite executives express a strong willingness to invest in technology and staff to improve defenses—signaling that now is an opportune time for cybersecurity leaders to proactively address their organizational readiness with the executive team. In response to several high-profile cyberattacks this year, (ISC)2 commissioned a survey of 750 C-level executives across the United States and the United Kingdom to provide cybersecurity professionals with deeper insights into how C-suite executives perceive their organizations’ readiness for ransomware. This data underscores the

The end of the year is a good time to reflect on the past 12 months and create a plan to improve in 2022. Like years past, 2021 revealed more of the same for the cybersecurity industry—more breaches, bigger ransomware attacks, higher stakes. Some of the most disruptive cyberattacks occurred this year, such as JBS Foods, Kaseya and Colonial Pipeline. These attacks received global attention and spotlighted the need for even more attention on cybersecurity best practices. To help CEOs around the globe better understand cyber risks and how to make their businesses more secure, (ISC)² conducted an online poll of 200 cybersecurity practitioners, whose roles range from cybersecurity leadership to cybersecurity team member, and asked them a simple question:

Martin R. Okumu lived through the ransomware attack on the City of Baltimore in 2018, which affected 90% of the municipality’s applications. As the then-director of IT infrastructure for the city, he learned a lot of valuable lessons about defending against and recovering from a ransomware attack. On Tuesday afternoon, he shared those lessons with (ISC)² Security Congress 2021 attendees during a virtual session. He is now the Chief Information Officer for the City and County of San Francisco. In many ways, Okumu said, Baltimore was not prepared for the attack. The city did not have a cyber incident response team (CIRT), or well-defined plans for activating an incident response, or how to handle communication and escalation. These are elements