Three Trends to Guide Your Data Protection Strategy in 2022
With the number of data breaches setting new records, consider how these three trends can guide you to a safer 2022.
- By Kevin Curran
- December 1, 2021
Data breaches reached an all-time high in 2021. The Identity Theft Research Center found that by September 2021, the number of data breaches had already surpassed those of 2020 by 17 percent. The 2021 Data Breach Investigations Report from Verizon found that phishing was present in more than a third (36 percent) of breaches, which means this kind of attack continues to be a threat to corporate email -- and potentially more so as employees work far removed from corporate network perimeters.
With 2021 expected to be a record-breaking year for data breaches, data breach protections are going to be a key consideration for many organizations as we head into 2022.
Here are three trends that data and analytics professionals should pay attention to in 2022 – and why.
Trend #1: Data protection policies will be re-evaluated and changed in light of remote work
The radical increase in remote work has necessarily led to the proliferation of mobile devices needing access to the corporate network. This, in turn, has led to new security risks as users install potentially malware-infected software and expose company data to foreign networks, including those of their friends and family. IT security teams must not overlook the fact that these devices belong to the employees. That means the standard rules and mandates for enforcing new updates may simply not work, requiring a re-evaluation of current data protection policies.
Trend #2: Zero trust will take on greater importance as part of data protection strategies
Traditional security models mistakenly assume that any elements within the network can be trusted. In contrast, zero trust operates on the assumption that no user, internal or external to the network, can be trusted by default.
Zero trust is far more than a buzzword -- it is quickly becoming a necessity. IDG's 2020 Security Priorities Study found that 40 percent of survey respondents were actively researching zero trust technologies (up from 18 percent the prior year). Another 23 percent said they planned to deploy zero trust in the coming year. Adoption of this technology has increased in 2021, but many more companies have not yet taken advantage of it.
We will definitely see growth in 2022. One of the reasons that a zero trust security model is a necessity today is that enterprises no longer tend to host data in-house but rather on a variety of platforms and services that reside both on premises and off. This means many employees and partners access applications through a range of devices in multiple geographical locations.
The standard model of security is no longer appropriate for today's complex networks. Zero trust models are more relevant and powerful, particularly in this time of widespread remote work.
Trend #3: Encryption will be used by far more industries
Encryption technology is becoming more widespread, and this will continue. Highly regulated industries such as finance and healthcare have been early adopters, but encryption can and should be used by far more sectors -- and must be a part of data protection policies. More organizations will adopt the technology once they realize that encrypted data is useless to criminals and that encryption is practical and could solve many of the issues surrounding data privacy. This is especially true as more companies must grapple with regulations such as GDPR, which specifically requires organizations to incorporate encryption to protect consumers' data and to mitigate the risks associated with data transfers.
Next-gen encryption technologies such as encryption-as-a-service (EaaS) will make encryption far more accessible to more organizations. [Full disclosure: I work for an EaaS provider.] With EaaS, organizations can freely access and use their data without having to reveal their encryption keys or data content to anyone, which strengthens their data security profile. Using a service also enables huge scaling capabilities without compromising performance. As more data moves to the cloud, a key cybersecurity point for EaaS is that organizations do not always have to disclose their decryption keys, which is typically required by cloud service providers.
Protecting What's Yours
Cybercriminals jumped at the opportunity presented by the shift to remote work in 2020 and doubled down in 2021, making it a record year for data breaches. As regulators increase pressure for organizations to secure their data, it is helpful to know the trends and technologies that will help safeguard distributed corporate networks that now lack a true perimeter. Remote work is changing data protection policies; zero trust and encryption are becoming necessities as tools against the onslaught of attacks.
Take these three trends into account as you create or strengthen your cybersecurity strategy against these ever-increasing breaches that threaten your organization's data.
Dr, Kevin Curran is a co-founder of Vaultree, provider of an encryption-as-a-service solution that enables businesses of all sizes to process fully end-to-end encrypted data. He is a professor of cybersecurity, executive co-director of the Legal Innovation Center, and group leader of the Cyber Security and Web Technologies Research Group at Ulster University. He sits on the advisory group of the UK Cyber Security Council and the Northern Ireland Civil Service Cyber Leadership Board. He’s also a senior member of the IEEE and a fellow of the British Blockchain Association (FBBA).