The next five years for data protection

The next few years are likely to see significant advancements in data protection technologies and security practices as organisations address the increasing sophistication and complexity of cyber threats and compliance requirements. In this article, Securus delves into what the IT security future will look like.

Greater use of AI and machine learning

A Gartner survey found that 40% of organisations had an AI privacy breach and that, of those breaches, one in four was malicious. Whether organisations process personal data through an AI-based platform integrated by a third-party vendor, or a discrete platform managed by an in-house IT team, the risks to privacy and potential misuse of personal data are ever present.

The sharp spike in the use of AI to enhance privacy tech comes amid a growing market as businesses must become compliant with the privacy guidelines of various global privacy regulations, most notably GDPR. Businesses need to place even greater emphasis on data privacy, including stronger access controls and more granular data handling processes.

 

Gartner’s study concludes that AI will play a key role in ensuring privacy compliance remains affordable and accessible for organisations, as well as improving the user experience. The study identifies subject rights requests (SRRs) – the means by which individuals can make requests to organisations concerning their privacy – as a principal area in which AI can be used to improve privacy technology. AI and machine learning technologies will also be increasingly used to automate the detection and response to cyberthreats. They can help organisations detect anomalous behaviour patterns, identify potential threats and respond to incidents in real time.

Internet of Things

Internet of Things (IoT) is a vital step toward connected infrastructure. IoT technology promises technical advances, improved efficiencies, greater revenues and enhanced customer experiences as organisations are increasingly shifting their applications to the cloud. Whilst IoT represents a significant opportunity for the global economy, society and business as a whole, IoT devices and cloud-connected software also bring increased risk. Its expansion heightens security as a major concern.

By the end of 2019, there were already 7.6 billion active IoT devices, and this number is expected to climb to 24.1 billion by 2030. According to the Verizon 2021 Data Breach Investigations Report, web applications were the source of over 39% of breaches, which is double the amount in 2019.

As consumers become more conscious regarding their privacy and safety of the IoT devices, data protection and security must improve. For the safety of these devices, IoT will likely use hardware firewalls to ensure security from hackers, viruses and phishing scams.

 

Automation of software delivery

Speed of deployment is a critical factor when it comes to being competitive in the software market. It’s expected that businesses will automate as many processes as possible; not just development processes but also processes that interact with software delivery.

For cybersecurity, this means that security will be increasingly automated. We will start seeing more and more organisations moving toward DevSecOps, meaning that developer and security roles will continue to evolve. The security team is likely to become less operational, taking on more of an auditing role. Developers will be in charge of application security testing and automating scans into their existing tools and processes.

 

Increased use of encryption

Encryption will continue to be a critical tool for protecting data. Messaging and communication platforms are increasingly implementing end-to-end encryption (E2EE), which ensures that only the sender and recipient can access the content of their communications. This prevents unauthorised interception and surveillance of messages by third parties, including governments and service providers.

In Mimecast’s State of Email Security 2023 report:

• 59% say cyberattacks are growing increasingly sophisticated
• 2 out of 3 companies were harmed by a ransomware attack
• 97% have been targeted by email-based phishing attack

Many industries, such as healthcare, government and financial institutions, are subject to strict regulations regarding data protection and privacy. Such organisations must encrypt data to ensure regulatory compliance and avoid legal and financial penalties.

On a consumer level, as individuals become more conscious of their privacy rights and the potential risks associated with data breaches, there is a growing demand for encrypted services. Many consumers actively choose products and services that prioritise data protection and encryption to maintain control over their personal information.

 

Expansion of zero trust security models

Zero trust security models, which assume that all users and devices on a network cannot be trusted until they are authenticated and authorised, are becoming increasingly popular. The future expansion of zero trust models will likely be accompanied by the development of industry standards and frameworks.

Identity and Access Management (IAM) solutions are vital components of zero trust models as they help manage user identities, access privileges and authentication processes. In the future, we can expect tighter integration between IAM and zero trust architectures, streamlining access controls and improving overall security.

Decentralised technologies

Decentralisation refers to the distribution of authority, control and decision-making across a network, rather than relying on a central authority. Decentralised technologies like blockchain are becoming increasingly popular for secure data storage and sharing.

Blockchain technology has historically been associated with cryptocurrencies, but in the future, it is expected to revolutionise industries such as finance, supply chain management and healthcare. It can enhance transparency, security and efficiency by eliminating the need for intermediaries, reducing fraud and enabling more streamlined processes.

The current internet infrastructure relies heavily on centralised servers and platforms that control and store user data. The future of the internet involves the development of Web 3.0, where decentralised protocols and platforms will empower users with greater control over their data, privacy and online identity. Technologies like IPFS (InterPlanetary File System) and blockchain-based platforms are exploring decentralised alternatives to traditional web infrastructure, enabling a more user-centric and privacy-focused internet.

Traditional data storage and computing models also rely on centralised servers and data centres. Decentralised alternatives, such as distributed storage systems and peer-to-peer computing networks, distribute data and computing resources across multiple nodes, improving data resilience and reducing dependence on a single point of failure.

 

Increased spending in cyber security

Cybersecurity spending is unlikely to slow down any time soon. The International Data Corporation (IDC) forecasts that investments in hardware, software and services related to cybersecurity are expected to reach nearly $300 billion in 2026, with security services the largest and fastest-growing market segment.

The IDC report also predicts that software will be the largest technology group in 2023, representing nearly half of all security annual investment. Endpoint security will be the leading software category, followed by identity and digital trust software, cybersecurity analytics, intelligence, response and orchestration software. Services will be the second largest technology group, led by managed security services with $42 billion in spending expected. Hardware spending will be dominated by network security appliances. Software will be the fastest growing of the three technology groups with a five-year compound annual growth rate of 13.7%, followed by services at 11.0%.

In conclusion

Overall, the next five years are likely to see a continued focus on data protection and privacy as organisations seek to secure their data from ongoing cyberthreats and comply with stricter data privacy regulations. By year-end 2024, Gartner predicts that 75% of the world’s population will have its personal data covered under modern privacy regulations.

Securus has been helping organisations protect and secure their data for many years, and our experts are always on hand to advise you on best practice for your IT security needs. Please call our Security team today on 03451 283457 to find out more.