The year 2020 earned its place in the history books for a lot of reasons, few of them good. However, as the world comes out the other side armed with lessons learned, we now know where the cracks are—and we are committed to fixing many of them.
How 2020 Impacted Data Security
For the sake of brevity, we’re going to leave the social and economic implications of 2020 to the experts and explore how the events of the year brought a lot of data protection issues to the surface, including:
- Pandemic-themed ransomware/phishing
- Insufficient security infrastructure for remote workers
- Consumer intolerance for data breaches
- Critical weaknesses in data protection and cybersecurity for healthcare, manufacturing, and other critical infrastructure industries
One of the biggest drivers of data security issues in 2020 was the rapid adoption of digital transformation initiatives. Even before the pandemic, the way people and businesses interact with the world was changing quickly. But COVID-19 accelerated digital transformation worldwide as many businesses were forced to adapt to a remote work and commerce environment to survive.
Employees now access company applications and data from outside the secure perimeter of the office using mobile devices and personal computers. Many of the resources employees need in order to be productive and collaborative now live in the cloud instead of on-premises behind a firewall.
This new way of working is likely to continue at some level for the foreseeable future as some regions continue to battle high infection rates and companies that realized significant cost savings from sending employees home to work decide to make the move permanent.
In fact, it is unlikely the world will ever go back to the pre-pandemic status quo, so businesses are finding ways to adapt and adopt security policies and procedures to address today’s risks.
7 Data Protection Considerations for a Post-2020 World
Data protection is a broad subject, covering everything from accidentally deleting a sales report to implementing international consumer privacy regulations. To tighten up our focus a bit, let’s look at seven significant data protection topics we will hear a lot about in 2021 and beyond.
1. Growth of Worldwide Consumer Data Privacy Regulations
By now, Europe’s General Data Protection Regulation (GDPR) is practically a household name, but other regions and countries have been slower to implement similar regulations. This appears to be changing: California is rolling out its California Privacy Rights Act, and governments in Brazil, Singapore, Australia, and even China begin enforcing or amending data privacy and protection laws.
2. Critical Infrastructure Protection
A recent cyberattack on the city water supply in Oldsmar, Florida, is a scary example of how criminals are targeting critical infrastructure industries in addition to healthcare and manufacturing.
Security analysts believe the Oldsmar attackers got in through TeamViewer, a remote access program widely used by IT professionals to support remote workers. Fortunately, the attack was suppressed before the poisoned water reached the area’s residents.
3. Mobile Device Security
The world is collectively obsessed with mobile devices, which has huge security implications for businesses of every size. Technically, any device that can access your network or data is an attack vector. With many employees using personal and shared devices for work, it is crucial to identify, secure, and monitor each and every endpoint.
4. Third-Party Risk Management
Just because you take cybersecurity seriously doesn’t mean your vendors do. And if they have a data breach, you probably have a data breach.
The onus is on you to do the appropriate due diligence when working with a third party to ensure they follow cybersecurity best practices and risk mitigation protocols. If you aren’t sure, don’t be shy about asking a vendor to complete a security assessment.
5. Support and Security for the Remote Workforce
Remote workers have exponentially increased the attack surface for businesses around the world. The initial transition to remote work was abrupt and messy for many organizations, but a year in, hopefully most IT teams have a solid security and support infrastructure in place.
With many companies offering permanent remote work options, and RDP and FPN being two of the more popular attack vectors, IT teams will need to develop and be able to support a long-term strategy to protect sensitive data and applications being accessed by a highly distributed workforce.
6. AI and Machine Learning
Artificial intelligence and machine learning are both the boon and the bane of IT security. These technologies are ideal for cybersecurity initiatives because they allow security solutions to adapt to and eliminate new and evolving threats.
But cybercriminals also know how to harness the power of AI. Today’s attackers are using AI-driven malware to learn and exploit user behaviors, to gather data for targeted spear phishing scams, and even to destroy data.
7. Response to New and Evolving Cyberthreats
When it comes to data protection, being proactive is key. Cybersecurity is a moving target, and you can never assume that what works today will also work tomorrow.
It is crucial to create and implement a data protection strategy that anticipates cybercriminals’ changing tactics and technologies. For best results, investing in a flexible, scalable data protection solution should be a core part of that strategy.
After 2020, few people would take a bet on what to expect for the coming months and years, so we have to be ready for anything. Make securing your company’s data, applications, and systems a high priority. Download What's Next? Data Protection in a Post-2020 World for more ways to mitigate risk in these unusual times.