What will 2022 bring us when it comes to data security?

With 2021 reporting what will likely be a record number of data breaches, how will we - as people, governments, and companies - fight back in 2022?

The year 2021 has already reached one unwanted milestone, and it is not even over yet. As of October, the number of data breaches had already surpassed the total for 2020 by 17%, according to an Identity Theft Research Center (ITRC) report. Specialists expect 2021 to be record-breaking when it comes to data compromises, with phishing and ransomware two of the most popular tools among hackers, the ITRC said.

With millions affected and cybercrime reaching industry-like levels of sophistication, 2022 will certainly bring more challenges to the world of data security. At the same time, the pandemic has made remote work a massive part of our lives - and the trend is not going away soon, with several companies now adopting hybrid models of working as offices reopen worldwide. This brings further challenges, and professionals will now have to adopt more advanced tools for data security for their own homes. 

What will be the tools that companies will adopt to protect data? What part will governments play in the changes? What changes will we see in the technology going forward? 

To talk about these and other issues, we spoke with Dr Kevin Curran, co-founder and advisor of Vaultree.

 

Question: There is no end in sight for the waves of data breaches, ransomware attacks and security issues. How can companies face the upcoming challenges and what types of tools and resources could they adopt?

Curran: Undoubtedly, the responsibility for data security threats is broadening, and most companies could benefit from hiring a dedicated person to deal with cyber safety, such as a chief information security officer (CISO). At the same time, Senior IT management staff need to have a better and more holistic understanding of the issue. These professionals will be vital in identifying threats, mitigating risks and building specific plans to better deal with data safety matters.

We will also see a broader approach within companies, with cybersecurity training becoming mandatory for every business, as it should. Companies need to understand that it only takes one uninformed employee clicking on a phishing link or not updating their software to open the doors to hackers.

So, cybersecurity will become more common knowledge, with recurrent and inclusive workshops in the professional environment. There are very simple ways to make your company safer, but workers need to be aware of that. However, we are still not sure if companies will create "fire drills" just yet. It may come further in the future.

Question: Do you believe that encryption technology will play a more significant part in data safety for companies?

Curran: Definitely. Encryption technology is becoming much more widespread. We do have the early adopters, with industries like finance and health already making use of that. However, as hackers target more broadly, the technology spreads as a defence for more types of companies.

Encrypted data is useless to criminals. We already have resources such as searchable encryption that can be extremely practical and could solve many of the issues we will face in 2022.

Question: It's common to talk about how remote work will keep being a significant security factor. With almost two years of the model already in place, what sort of changes will we see? And what can we expect from the resumption of office work and adoption of hybrid models?

Curran: One thing we might have to deal with as people return to the offices is that they might go back to the corporate networks after almost two years with their personal devices. They've spent too long on those, and now companies will need to re-examine data protection policies and consider new tools so that they don't lose control of their system to that. 

We talk a lot about the issues with work from home, but the opposite, the return to the office, will also bring many new challenges. These personal devices belong to the employees, and the traditional mandates and enforcing tools might not work. So corporate governance and frameworks will have to adjust. 

Question: What will be the role of governments considering, especially, the issues with data privacy and tech giants?

Curran: I believe regulations are perhaps inevitable in the future. The good news is that we already have some practices and rules like the European General Data Protection Regulations (GDPR) that address privacy and data security. It already enforces some necessary regulations concerning data being stored and used by the companies, not only the tech giants. 

Similar sets of rules are being debated in several countries, and we might see headlines concerning that in the upcoming months. The UK will adhere to a mirrored version of the GDPR, and it's likely we will see more governments adopting similar or even identical regulations. It's important to mention that governments have suffered from not being able to keep up with new threats and technologies. Understandably, laws and regulations tend to take longer to formulate than a line of malware code. However, this does not exempt public institutions from the responsibilities they must have regarding this topic. At the same time, it does make it even more critical for companies to evolve quicker, adapt, and adopt protective technologies, especially when it comes to cryptography. We have seen how governments reacted to previous ransomware attacks in 2021: they left the companies to deal with it. 

Companies had the choice to pay hackers, or look for government agencies' help and wait weeks or months to try and recover essential data. As we saw in cases like meatpacker JBS or Colonial Pipeline, many giants in different sectors end up having to pay ransoms. Strong governments worldwide are also held hostage by those attacks, and despite philosophies such as "we don't negotiate with terrorists", end up with speeches that sound more like "they are private companies and can do what they want". Meaning: pay up and avoid supply issues.

This is the world we live in now, and if the laws are confusing and companies are left as "private entities" to deal with these threats, then they need the technology to defend themselves, especially when it comes to keeping data protected with cryptography.