When looking back to the beginning of 2020, we can agree that the world is now in a very different place. The COVID-19 pandemic has swept across the world, bringing about changes that have impacted the way we live currently and will for years to come. By looking back, we can better understand what to expect in the year ahead.
1. Remote work
From a business standpoint, most strategies had to be quickly reworked and adapted to cope with the challenges that enterprises faced due to the pandemic, mainly with employees working from home. Unfortunately, these working conditions have exacerbated the overall cyber risk staff pose to enterprises. Humans have long been described as the weakest link in cyber defenses, attributed to many of the issues associated with cyber risk, including business email compromise, accidental data exposures, and social engineering. With many people now working at home, they are certainly more vulnerable to a cyberattack due to operating away from the defense perimeter and using personal devices to access sensitive corporate information.
The best way to protect your organization from the so-called human element is so minimize the amount of unprotected data that employees have access to, without hindering their ability to do their job. Many tasks and analyses can be carried out on tokenized data, which looks and behaves like real data, but actually consists of randomly generated values so even in the event of a successful phishing attack, you have two advantages. First, the amount of exposed data is kept to a minimum and second, the attackers won’t immediately realize they’ve stolen nothing but bogus data, which can buy your organization critical time to detect the breach.
2. Rapid adoption of cloud based services
The pandemic has also accelerated the adoption of digital services and agile ecosystems, like cloud technologies, which have allowed businesses to function considerably faster and more efficiently. Whether this is storing, processing or shifting data across services, or leveraging machine learning as a service to gain new business insights, troves of sensitive data are being accessed and transferred by organizations and their remote workers in various ways.
The danger here is twofold – on the one hand a culture that focuses too much on business speed and agility may lead to the neglect of security concerns, while on the other hand, cloud security is too often seen as a matter of switching on default security settings from the CSP, rather than having a holistic approach that protects the data itself before it even enters the cloud environment.
Yes, most organizations have implemented some kind of cloud security strategy, but these have been unable to match the rapidly evolving threat cycle that now includes the expanded ecosystem of many businesses. It has already become unsustainable for some, with security teams struggling to manage this growing attack surface. Ideally, data-centric security should be factored into any cloud deployment from the outset, rather than being bolted on after the fact. While the latter approach is still feasible, it is considerably less safe and more expensive.
3. Continued fallout from the SolarWinds and FireEye breaches
To make matters worse, major IT and cybersecurity companies SolwarWinds and FireEye have fallen victim to compromise and high-profile exposures, leaving over 18,000 organizations and their partners vulnerable. Data breaches have seemingly become synonymous with the daily news cycle and given the breadth and scope of these recent incidents, we’re at a point where it feels like we’re battling against two pandemics: a physical one and a digital one.
To counter this, attention must be directed to protecting the key asset for enterprises - sensitive data - and this can be achieved through a data-centric strategy. By understanding sensitive data (through discovery and classification), organizations can adequately secure it using tokenization and encryption technology that protects the data at the earliest point of collection by the company, rather than focusing on the perimeter that surrounds it. This focus also alleviates the pressures and concerns enterprises have regarding their mounting privacy responsibilities, which brings us to our next point.
4. Additional scrutiny from new data privacy regulations
With more privacy regulations forming and the increased scrutiny that surrounds large enterprises and their ethical use and handling of sensitive data, achieving data security and privacy compliance will become the driving force for not only regulatory bodies, but also businesses themselves if they want to maintain trust of their customers. It can no longer be viewed as tick-box exercise and instead should be addressed up front in all business decisions, especially as data moves into cloud environments. In this regard, data security is an enabler in that it prevents cloud deployments, data analytics, and other IT projects from being stopped in their tracks by risk and compliance officers due to the involvement of unsecured or potentially unsecured sensitive data.