Strong and comprehensive security must become accessible to companies of all sizes, noted Cynet's Tubin. "There are a lot of great technologies out there, but acquiring, integrating, managing, and orchestrating them all requires a Herculean effort and a very large budget. The security industry must simplify and consolidate its offerings as it’s getting way to complex."
And, it is not only the largest companies that are facing an existential threat from data security breaches. "There remains a common belief that the greatest security vulnerabilities exist in large enterprises," added Trottier at Devolutions. "However, today we are seeing mounting evidence that SMBs are now an attractive target. For these smaller organizations with fewer resources, breaches can be devastating and unfortunately, some may not survive a cyberattack. Historically, most of the cybersecurity software solutions on the market have been targeted to enterprises. This is beginning to change as the market for securing SMBs grows and demands new solutions that are robust and scalable—yet easy-to-deploy and more affordable. This includes privileged accounts monitoring, vaulting passwords, and other sensitive data, and providing ongoing end-user training on phishing, safe web browsing, mobile device security, and other key topics."
Individuals as well must accept the burden of data security.
A new report from global digital consultancy Publicis Sapient and IPSOS found that nearly half of U.S. survey respondents (46%), and more than half (61%) of global participants do not know what companies do with their data. The report polled from the U.S., Australia, France, Germany, and the U.K.
"As we become more and more comfortable with data and 'customs' around it, we as individuals and as a society need to take responsibility for our data footprint and its consequences," said Kobakhidze of ZL Technologies. "There is still a need for technological and regulatory tools that empower the individual with regards to their data, but we may be on our way there, led in part by privacy regulations."
What to Expect in the Next 5 Years
Looking into their crystal balls to see what may lie ahead over the next 5 years, industry experts see a range of possibilities. One thing that is certain, however, is that the combination of cloud, WFH, and regulatory mandates is ratcheting up the pressure, they say, and to improve data protection, security will need to be baked in earlier in development processes and automation will need to be embraced. Ai, too, will be a double-edged sword, increasing security risk but also enabling new tools for data protection.
"Everything will be cloud, and unless you work for a cloud company you may never see a server again," said Lyons. With this trend, responsibility for the security of cloud services will become more shared and it will be a partnership with customers rather than a tit-for-tat via legal and contracts, he said, adding, "Cyber insurance will follow suit."
The user-data privacy aspect of the massive shift to work from home during the pandemic may also become an issue for companies, suggested Kobakhidze. "2020 was expected to be a crucial year for privacy regulations, with CCPA and GDPR rulings scheduled to bring repercussions for the tech industry. However, due in part to the disruption caused by the shift to remote work, many privacy considerations were either completely removed from the conversation or set aside in the background," he noted. "Many of these remote-work solutions may be breaching user privacy by reporting on activity to the enterprises’ leadership teams, especially those solutions that have to do with user collaboration. Such data points might be necessary in the age of remote work management, at least in such turbulent times as we have today. As things cool down over the next year, data privacy and employee activity mining will bubble up to the top of cybersecurity topics."
In terms of best practices, security will need to come earlier in the development lifecycle, stated Moolchandani. "Just as developers and operations professionals become more involved in security processes, security personnel in turn will develop enhanced cloud skillsets and become more embedded in development initiatives."
There will also be more integrated security offerings and much more automated security workflows, said Tubin."Companies cannot continue the approach of working with dozens of security vendors supplying dozens of security technologies, so we’ll see more platforms that consolidate and unify multiple technologies. We’ll also see more automation of repetitive and specialized manual tasks to allow security specialists to focus on more strategic tasks." In the future expect more outsourcing of security to managed detection and response service providers that have invested heavily in an integrated technology stack and have highly skilled expertise, Tubin noted. "This will take the burden off of companies that just don’t have the time, skills and budgets to provide the level of security required today."
AI and machine learning will also come to the rescure adding capabilities not currently possible but also posing new threats to data security as well. "AI is very topical and is the marketer’s dream phrase, but we’re really just scratching the surface of its potential," said Jensen. "We’ll look back and see remarkable gains, not only in the use of ML and AI as a means to detect and defend against threats, but we will see threat actors using these same tools to learn how to more effectively attack organizations. The 2020 cloud threat report indicated that the #1 use case for AI in the next 2 years will be fraud detection, followed by detection of unauthorized traffic."