2020 was an unprecedented time of disruption, many of the effects we are only seeing now. The crisis caused by COVID-19 saw a rapid period of digitization and a surge in employees having to work from home. Cybercriminals were quick to take advantage of this. According to Verizon’s Data Breach and Investigations Report 2020, there were 3950 data breaches last year across 16 industries, the biggest seeing 10.88 billion records leaked.
Businesses have had to adapt quickly, and now have the task of creating lasting processes and security frameworks able to resist sudden change.
We looked at various industry reports and statistics to identify the top threats to watch out for this year.
‘Business Anywhere’ Places Data at Risk
According to Gartner’s Top Strategic Technology Trends for 2021, one of the key trends we will be seeing is location independence as a result of the way COVID-19 shifted where and how businesses work. Technology has and continues to shift to support this. However, ‘business anywhere’ has its risks. With a decentralized workforce and a heightened reliance on third-party services, there is less control over a company’s data flows and a higher likelihood of sharing unprotected data with third parties.
It’s imperative to have strong security, privacy, and data risk management strategies in place to withstand the new threat landscape and control the flow of data. Knowing where your data is located, who has access to it, and what applications use it, is key.
Data visibility can be achieved by leveraging data protection solutions like Sensitive Data Discovery, which locates, analyzes, and classifies data according to sensitivity. Once you have a holistic view of where your data is located, you can proceed with protective measures like data masking or encryption.
Compliance Will Be Harder To Put Off
With the CCPA in full effect and regulators clamping down on non-compliance with data privacy laws, it’s no surprise that fines reached into the millions last year — $200 million to be exact. Google was one of the hardest hit, earning a $50 million fine for non-compliance with the GDPR.
Data privacy will continue to be one of the biggest issues in 2021. The year started off with the HITECH Act amended to encourage greater compliance, while the SAFE Data Act has recently been introduced to the U.S. Congress, which aims to grant substantive privacy rights to US citizens. More changes are yet to come.
30% of companies interviewed for Forrester’s Predictions Report for 2021, said they will be increasing their spending on security, risk, and regulatory and legal activity — including activity relating to employee privacy.
Insider Threats Remain A Major Cause of Data Breaches
Of the 3950 data breaches last year, 33% were caused by insider incidents, an increase from 25% in 2019. Of this percentage, 8% were a result of misuse by authorized users, while 37% of breaches stole or used credentials.
The best way to combat insider data leaks is to secure data at development. This ensures that once data leaves your secure environment, it is 100% protected and can be safely shared among your team, third parties, and even researchers.
Data Masking, also known as data anonymization, is considered one of the most effective methods of achieving this outcome and comes recommended by the GDPR itself as a preferred method of data protection.
Considered a developer tool, data masking components install and integrate quickly to transform data into a safe, masked state. An algorithm is used to transform data using a multitude of methods, among which are aggregation, shuffling, substitution, number and data variance, and deletion.
Healthcare Data Is Seen As A Cybercrime Cash Cow
2020 saw a 30% increase in cybercrime in the healthcare industry and this trend looks to continue into 2021 as healthcare providers and services face the pressures of increased patient data due to COVID-19, rapidly deployed track and track technology, and a shift to cloud-based systems. This proved too great an opportunity for criminals, who can easily sell patient records for between $250 and $1,000 on the black market and dark web. In fact, 88% of the reported data breaches were financially motivated.
Using a tried and tested risk framework model, like the healthcare model outlined by HITRUST, can help mitigate the risk of data breaches. The HITRUST framework has the additional advantage of meeting requirements of data privacy regulations like HIPAA and HITECH, which cover patient rights in the healthcare industry.
It’s clear that cybercrime will continue to be a major problem for business in 2021. By identifying the risks and acting early, it’s more than possible to reduce the effect of disruption in the coming months. Leveraging technology like data protection tools and implementing tried and tested best practice can spell the difference between a good year and another disastrous one.
Hush-Hush is a pioneer in DevOps Privacy Compliance and has nearly a decade long track record of providing patented data masking and sensitive data discovery solutions to businesses across the globe. Request a free demo or trial at https://mask-me.net
