So much has changed in the past five years—a lot of which was utterly and completely unimaginable beforehand. But armed with half a decade of hard-learned lessons, we can look ahead to the next five years better prepared for the unexpected.
As the world continues to connect through technology, one area where changes must be diligently monitored is data protection. Globally, we generate and store massive amounts of data daily, and we’re not slowing down.
Why Data Protection Needs to Evolve over the Next 5 Years
According to Cybersecurity Ventures, by 2025, the world will store 200 zettabytes of data, and half of that data will be stored in the cloud. So with that much data out there—and more on the way—we have to ensure that data stays secure. The first thing we need to do is understand the threats we are protecting data from both now and in the future.
Cybercrime has been around as long as there have been computer systems to breach, but as technology gets more complex and ubiquitous, cybercrime is becoming more sophisticated, targeted, and destructive.
For a little perspective, security experts predict that global cybercrime damage will hit $10.5 trillion annually by 2025, compared to $6 trillion in 2021. And if the recent onslaught of ransomware attacks against healthcare organizations and the massive SolarWinds breach are any indication, future IT security teams are in for a bumpy ride.
Widespread Introduction of 5G
Love it or hate it, 5G is coming to a network near you—and it is bringing a bunch of new security issues with it. 5G connectivity is fast, so we can expect to see an IoT boom over the next few years as companies release new devices and technologies designed to take full advantage of 5G capabilities.
Unfortunately, in the race to be first to market with their shiny new toys, many technology providers will skip critical steps that ensure these devices are secure, which is going to leave the new generation of 5G-optimized smart devices vulnerable to attack.
Shortage of Cybersecurity Professionals
At a time when organizations need all hands on deck to combat the surge in cyberattacks and manage the vast array of other direct and indirect security threats, there is an alarming shortage in the number of skilled cybersecurity professionals.
There was already a marked shortage in cybersecurity skills prior to the pandemic, but in 2020, the mass shift to remote work caused many IT teams to re-allocate responsibilities, leading to an even wider gap in security coverage. According to one recent study, 70 percent of cybersecurity professionals think their organization has been negatively affected by the skill shortage, and 58 percent think there is more the organization can do to counter the impact.
Accelerated Digital Transformation
COVID-19 forced many companies to speed up digitization and digitalization to facilitate business continuity and productivity. In many cases, this rush to get business applications and functions into the cloud and accessible to all employees introduced new and unexpected vulnerabilities.
For example, some organizations found that once data was in the cloud, visibility into where the data was stored and managed diminished. This lack of visibility and centralization is an open invitation for increased ransomware and other cyberattacks.
How Data Protection Will Change over the Next Five Years
Based on the new and evolving threats IT security teams will face in the next few years, data protection strategies must evolve as well. Here are a few of the changes we already see on the horizon:
Machine learning will play a huge role in cybercrime detection.
Cybercriminals are smart, so they constantly change tactics and technology to evade the latest cybersecurity technology.
Going forward, machine learning will be used to analyze data to employ and adjust cybersecurity algorithms. Professionals can learn from the data and make improvements before a new threat finds a vulnerability.
Artificial intelligence will both increase cyberattacks and protect against them.
Criminals can harness the power of artificial intelligence as much as the good guys can. So while we will see advances in AI-powered cybersecurity—such as biometric authentication, automated security policy development, and behavioral analytics—we will also see more weaponization of AI technology.
AI makes malware faster, more adaptable, and harder to detect, so malicious apps can potentially hide within a system for years, learning how and when to launch an attack to maximize impact. AI also makes it easier for cybercriminals to launch attacks that can defeat CAPTCHA, personalize email phishing, and even get past biometric authentication.
Remote workers will prompt increased security.
It is pretty clear that remote working is here to stay, so IT teams are working on new strategies to increase security for remote workers. Some of the key improvements include:
- New security policies
- Identity and access management
- Security awareness training
- Increased cybersecurity spending
More countries will enact data protection laws.
Although the process of enacting data protection regulations got off to a slow start, we can expect the pace to pick up over the next five years. In fact, Gartner predicts that by 2023, 65 percent of the world’s population will have its personal information protected by privacy regulations, up from 10 percent in 2020.
And studies show that remote work is driving much of the interest in new regulations. Reliance on personal devices, third-party collaboration tools, and productivity applications placed data security front and center, which lit the fire for increasing data protection initiatives in 2021 and beyond.
Organizations will bridge the gap in skilled cybersecurity workers.
As mentioned above, the lack of skilled cybersecurity workers is taking its toll. With fewer candidates in the hiring pool, organizations are getting creative to meet their cybersecurity needs.
This is another emerging application for artificial intelligence, but for those organizations lacking the budget for new AI technology, there will be a push to locate new and underutilized talent pools, including women and minorities, and a new interest in training and certification for existing IT team members.
After all we saw in 2020, it is hard to feel confident predicting the future of data protection, but we have a responsibility to try.