As the dust continues to settle and businesses return to normal, many companies are finding that critical, sensitive data has been left exposed and are on a mission to take back control. Here are four key reasons why 2021 will be the year of data-centric security.
Trend 1 - CISOs will gain control of their overexposed data
Companies that took shortcuts to keep businesses up and running will seek to clamp down on their overexposed information. To start, CISOs should be asking specific questions such "What new vulnerabilities are present in the network? Do we have data where it shouldn't be? What is this data worth? Should we invest in protecting this data, or allow it to remain freely accessible and take the risk?"
Organisations will double down on data governance to secure their enterprise information across all on-prem and cloud data stores. Companies will increasingly assess the importance of different datasets and prioritize the likely consequences should that data be successfully exfiltrated. In 2021, organisations will start to gain control over their data and restrict access to only those who need it.
Trend 2 – Data security will be the first line of ransomware defence
New superbugs are emerging weekly, such as the re-invigoration of Emotet. These ransomware strains are continually evolving at a pace that signature-based endpoint detection and response software can't keep up.
Organisations are working off the assumption that they will be attacked. To help reduce the damage, they should be taking a data-centric approach to secure their most sensitive files. When attackers strike – often with planned, targeted, and customised attacks – companies must have already the taken proactive steps to lock down critical information to reduce the damage attackers can do significantly.
Trend 3 – Evolving privacy legislation will keep data front of mind
Expect new legislation to be implemented that includes more severe consequences for organisations found responsible for the loss of personal data. To get ahead of the new rules, companies will turn to data-centric security to limit the chances that hackers will exfiltrate personal data by restricting access to these files.
Australia does not presently have legislation equivalent to the European Union's General Data Protection Regulation (GDPR), which sets guidelines for collecting and processing personal information and imposes penalties for companies that breach the rules of up to €20 million or four percent of annual global turnover.
Australia currently has the Notifiable Data Breach (NDB) scheme, and organisations regulated by APRA are subject to APRA234, which requires them to meet specified cybersecurity requirements. It is predicted that by the end of 2021, the government will revisit and update legislation on data privacy and personal information.
Trend 4 – Automation will make the impossible seem possible
Security is a challenge companies cannot hire their way out of – even with substantial resources, the talent gap will remain a formidable hurdle in 2021. Companies will increasingly turn to automation to reduce access and watch their data for signs of compromise and suspicious activity.
For example, the average employee can access over 17 million files – that's millions of files exposed to everyone in the organisation. Industries like finance and healthcare have regulatory needs that must be addressed quickly and at scale -- automation in a fraction of the time it typically takes to perform by hand. Automation will also help your security and IT staff keep on the lookout for threats around the clock.
Understanding data and limiting access is key
The number-one priority for many organisations in 2021 will be to understand the basics of their data and work towards achieving best practices in data governance. This shift in emphasis towards a more data-centric security approach is becoming critical to combat cyberattacks' increasing sophistication. By limiting employee access to sensitive files, organisations can significantly limit the damage caused by a cyberattack.