By: Rob McDonald, VP of Product Management, Virtru
When enterprise security professionals look back on 2018, they will describe it as an inflection point. Thanks to a series of high-profile data leaks, data privacy scandals, and the persistence of the mega-breach, 2018 will serve as a defining moment instigating the public debate on the responsible and ethical protection and use of data. While those who work in data privacy have been having this discussion for years, this debate is now occurring in a much larger global setting. With this in mind, the experts at Virtru have four predictions on the major trends in data privacy and data protection in 2019.
Email data will remain a major target of attackers as well as an attack vector. Every year we read predictions from security thought leaders who tell us to expect an increase in phishing and malware. These are very real threats, and businesses should be prepared to defend against them through proper training and the right mix of security tools. But as we have seen in numerous high-profile breaches, the contents and attachments of emails themselves are equally a target. In 2019, we expect more of the same. Defenders must expand their view of email security beyond phishing prevention and mitigation and start placing more data-centric protections around unstructured data, such as text in the body of corporate emails as well as attachments. Email is not just viewed by attackers as “a way in” to steal user credentials to access company databases; instead, the contents of emails themselves continue to be sought after as “crown jewels” of the business. Given the prominence of email data theft, we are already seeing a greater discussion around the ethical publication of hacked emails as well. The mega-hack on German politicians’ data has enlivened discussion about when journalists should post private emails, especially in conjunction with the attackers’ motives. Twitter enforced its policy from 2018 that prohibits publishing hacked data, but the data dump had been live for several weeks prior to its removal. The continuation of email data breaches ensures that privacy will remain top of mind – and top of debate – throughout 2019.
In the race to move data to the cloud, security will become a greater priority. After years of hype, the era of cloud-first is upon us. According to IDG, 73 percent of IT buyers have at least one application or a portion of their computing infrastructure moved to the cloud, and 30 percent of their IT budget is devoted to cloud-based services. However, a Ponemon Institute survey found that a mere 20 percent of respondents said their line-of-business managers are “concerned” about the security of data stored in the cloud. Even more alarming, only 38 percent say that IT leaders in their organizations are “concerned about the security of cloud resources.” In short, organizations are migrating to the cloud with or without security that is purpose-built for securing cloud-based data. In 2019, organizations will increasingly become aware of and address the security vulnerabilities that accompany cloud migration. The growing awareness about the vulnerability of sensitive data in the cloud — including the very real possibility that enterprise cloud vendors themselves can access data stored there — indicates that cloud security will become a top business or IT priority to ensure security and data privacy. And until this vulnerability is addressed, organizations who deal with highly sensitive data, such as government agencies, healthcare, financial services and manufacturing, will be reluctant to reap the many competitive benefits of cloud migration. The Ponemon study indicates that 61% of IT leaders deem health information “too sensitive” to currently store in the cloud, with employee records and intellectual property following close behind.
A U.S. national data privacy framework will emerge in response to both domestic and international pressures. Following recent major data breaches, several members of Congress yet again demanded cybersecurity legislation focusing on consumer protection and privacy. What is perhaps most surprising is the bipartisan nature of the call for a sweeping data privacy law. An Axios/Survey Monkey survey from earlier this year found a 15% point shift in public opinion toward regulating tech, a remarkable change in opinion over a three-month period across all political affiliations. This reflects the growing push toward data privacy, which has largely progressed at the state level with California leading the way through the California Consumer Privacy Act (CCPA). Other states have also begun passing data privacy legislation, including Vermont’s bill regulating data brokers and Colorado’s consumer data protection law. At the federal level, the most recent proposal is The Data Care Act of 2018, proposed by a group of 15 senators in December which aims to create guidelines for how companies collect, secure, and share data. This and other data privacy bills are indicative of the growing domestic demand for data privacy. Internationally, global data protection legislation as different as the European Union’s General Data Protection Regulation – which highlights individual data protections – and Vietnam’s new law requiring local data storage and government access, are prompting the private sector to become newfound advocates for an American data privacy framework. While Congressional deadlock may ultimately delay the passage of a data privacy framework, it will nevertheless be front and center on the Hill throughout 2019.
Usable security will be the new watchword. The security industry notoriously has lacked usability and often blames the user as the weakest link and source of all security problems. But in 2019, enterprises will find that both their management teams and their workforce will demand more intuitive data protection tools as a way to retain control over data. Enterprise users and boardrooms alike will demand both productivity and security within their data architectures. User experience will become a top priority, signaling a rejection of the notion that there must be a trade-off between convenience and security and privacy. We predict that there will finally be some progress toward true democratization of security for masses. We have already seen this with a greater demand from the enterprise for Virtru’s data-centric solution, and expect to see this in even greater numbers in 2019.
Let Virtru help your company prepare for the many data privacy changes that will be coming in 2019. Request a demo of Virtru’s data-centric solution today.