CYBERSECURITY RAMPS UP
Behind all the good news and promises of AI is a growing threat that will be seen in the year ahead: AI-powered cyber-threats. “These advanced threats, capable of adapting and evolving rapidly, extend beyond traditional IT environments, targeting smart devices, IoT networks, and critical infrastructure,” said Aron Brand, CTO at CTERA.
AI will defend against AI, however. “The relief lies in integrating AI into cybersecurity defenses within storage systems,” said Brand. “By employing machine learning, these systems can proactively detect and neutralize cyberthreats in real time, shifting from a reactive to a proactive defense strategy.”
In 2025, “Expect business leaders to recognize that though it is not always possible to prevent a cyberattack, they need a fully tested plan in place,” said Dale Zabriskie, field chief information security officer at Cohesity. There will be greater efforts to “better protect and recover their information and systems in the face of cyber events.”
Over the past year, “We have witnessed ransomware attacks increase in sophistication, persistence, and frequency across industries, without an end in sight,” Zabriskie continued. “We should expect bad actors to continue ransomware campaigns and cyberattacks that often stifle a company’s ability to continue operating effectively. We are faced with two options: regularly evaluate the ability to defend against cyberattacks or risk losing business-sensitive information.”
The key is for businesses to “strengthen incident response and recovery,” said Zabriskie. “Strengthening cybersecurity principles and continuing to test them throughout the year allow leaders to trust that their practices are solid, robust, and capable of defending against emerging threats and bad actors looking to prey on vulnerabilities.”
NEW COMPLIANCE PERSPECTIVES
Cybersecurity and compliance will also complete their inevitable convergence in the year ahead. “Both security and compliance teams will focus on improving communication and collaboration by sharing information on emerging threats, updates to compliance/regulatory requirements, and security incidents,” predicted Alev Viggio, director of compliance at Drata. “Security teams will invest in solutions that support both security and compliance efforts.”
The coming year will see increased regulation from governments across the world, especially when it comes to data security and privacy. “As regulatory penalties become steeper and organizations increasingly prioritize adherence to new and existing compliance frameworks, security and compliance teams will work to align their objectives,” Viggio said. “Both will recognize that they have a critical role to play in protecting the organization’s infrastructure and data and minimizing security risks.”
AI may also pave the way for greater transparency in data environments. It’s notable that up to now, despite years of audit and compliance work, “We continue to witness year after year increases in data breaches and exposures from non-compliant and compliant organizations alike,” said Terry Ray, SVP of data security of Imperva.
There are emerging initiatives “aiming to introduce risk measures and models into the daily routines of data security and compliance engineers,” Ray added. “We can anticipate the public availability of these models—and into 2025, consumer reaction and demand will dictate whether they lean solely toward security controls and activities, or if they evolve further into security and regulatory datapoints to be used within traditional GRC [governance, risk, and compliance] models. I predict this will be the beginning of a sorely needed collaboration between data security practices and data compliance requirements, ultimately helping to eliminate the loss of regulated data within compliant organizations.”
STRONGER STORAGE
As data explodes by geometric progressions each year, the challenges around storage will grow more intense. In the year ahead, this challenge is going to come to a head, with a need for greater lifecycle management, predicted Steve Costigan, field CTO EMEA at Zadara. “Data is being stored in many different systems, including closed-source database management systems or open source equivalents, structured and unstructured.”
All these systems “hold important data, and they all need protection and lifecycle management,” Costigan continued. “The more systems, the more this extrapolates into risks around security, patching, operating, backup, and recovery on tighter and tighter budgets. With a universal skills shortage, this leads to business challenges around data management.”
Protecting stored data “is only going to become more challenging as the move toward a cloud-native delivery model emerges, including using containers to build, access, manipulate, and destroy systems to meet business goals using automation,” Costigan added. “It is this automation that provides the ability to drive data-driven outcomes, utilizing AI and machine learning models to keep organizations ahead. But there must be accountability driven with data lifecycle management. If the automation has no value, delete it, because it may have value to a bad actor who puts it into the public domain.”
The year ahead promises to be one of great challenges and great opportunities for data managers and professionals.
New technologies and methodologies will surely emerge, security perimeters will be challenged, and business expectations will evolve. Businesses will rely on them to recommend, design, build, and put game-changing data technology solutions into production.