In 2018, a combination of market forces and legal factors will make reliance upon traditional perimeter defenses and anomaly detection capabilities a losing cybersecurity strategy.
With the average breach now costing $3.6M according to a Ponemon Institute study, big companies may or may not be able to weather these storms, but many smaller businesses will simply never recover from catastrophic data losses. The perils of tarnishing a brand’s reputation, the erosion of trust from customers and considerable losses in revenue will begin to overcome the apathy some C-level executives have had about adopting data protection.
Here are five predictions regarding the future of protecting private or sensitive data:
1. Organizations will spend more on an advanced, data-centric approach to security
While network defenses will still receive the lion’s share of the security budget, more consideration will be given to a defense-in-depth strategy where data is also protected. Market penetration of advanced data-centric security implementations such as Data Loss Prevention (DLP) and Data-centric Audit and Protection (DCAP) solutions will rapidly increase.
2. Increasing regulations will make data privacy a key initiative
More regulations with broader-reaching implications, stricter mandates and the threat of heavy fines (GDPR, PCI, HIPAA/HITECH, NYDFS 23, NYCRR 500, etc.) mean companies are increasingly willing to go beyond being simply compliant with the minimum technical requirements in order to avoid repercussions of preventable breaches. For many C-suite executives, this evolving regulatory environment will be the reason why they embrace data-centric cybersecurity investments in 2018 (and beyond).
3. Increased interest in the private control of encryption keys
With 49% of mid-size companies considering hybrid data storage environments including cloud storage, we will see an clear need for data protection solutions that offer organizations private control over the location and management of encryption keys. When third-party vendors are involved – as they are in most hybrid solutions – the ability to protect the data itself in the event of an exploit becomes critical to avoiding humiliating and costly breaches.
4. More of the known and stolen zero-day exploits will be released by cybercriminals
This is already raising the awareness that even large and midsize organizations can be breached as bots, worms and other sources of malware automatically discover networks and assets. Breaches of tier-one organizations were revealed rather publicly and globally in 2017, thereby demonstrating that it’s not always planned attacks against high-profile companies that result in such breaches.
5. An increased role for managed service providers
For managed services providers, data protection capabilities will become an integral component of a security services technology stack. Businesses of all sizes are currently battling tougher and more insidious cybercrime, all with less resources and tighter budgets. The cybersecurity skills shortage also means there are fewer trained professionals to implement the solutions available. MSPs and MSSPs serve an integral role in bridging the gap between businesses’ data protection needs and the rapidly expanding Data Protection as a Service (DPaaS) market, which is expected to reach $46 billion by 2024.
My Ultimate Expectation for 2018 (and beyond)
Market penetration of advanced data-centric security implementations such as Data Loss Prevention (DLP) and Data-centric Audit and Protection (DCAP) solutions will rapidly increase in 2018 and for several years beyond. Despite the challenges, misperceptions and potential budget constraints, industry analysts report a large wave of late adopters now investigating EU General Data Protection Requirement (GDPR) compliant solutions. These organizations know they must act, and act rather quickly, so they are shortening their list of options by first pursuing integrated solutions that can help them overcome deployment hurdles.
About the Author
Jim Varner serves as Chief Executive Officer of Security First Corp, a global provider of innovative and affordable data-centric cybersecurity solutions. Prior to this role he served as General Manager of DataCenter Technologies of IBM System Networking, one of his various positions at IBM where he accumulated over 30 years of technology, systems and business development experience. Mr. Varner holds a Bachelor of Engineering in Electrical Engineering from Youngstown State University.
Original article from: