Data Privacy in 2021
3 Realities that Will Drive Change
When we think about personal data, three realities come to mind.
- We have an appetite for it.
- Bad actors want it.
- Businesses need to protect it.
Reality 1 – We have an appetite for personal data
Businesses no longer sift through sales reports, conduct surveys, or measure click-throughs to understand what their customers require. They gather data from multiple sources and use big data analytics to tailor their products and services to best meet our individual needs. They use data to improve our customer experience, give us precisely what we want, and, in the end, make us more efficient. They do this, so we continue to use their services, buy their products, and recommend them to others.
Most organizations treat our data with respect, and more laws are underway that will go after those that don’t.
Enza Iannopollo, a Senior Analyst at Forrester, puts it best, “2021 will be a year of transition. As communities, consumers, and businesses leave the pandemic behind; they will embrace a new normal. Three privacy-related trends will underpin this transition: 1) an ever-increasing appetite to collect, process, and share sensitive personal data from consumers and employees; 2) despite the recessionary economy, values-based consumers will increasingly prefer to engage with and entrust their data to ethical businesses; and 3) regulatory and compliance complexity in relation to data privacy will increase further.”
As we begin to put COVID-19 behind us (fingers crossed), one thing we know is true: we really like our data. There will be more of it, and we hope it won’t be used against us.
Reality 2 – Bad actors want to get their hands on our data
While organizations use personal data to improve our overall experience and make us more efficient, there are others with less noble goals.
It doesn't take long for a successful cybercriminal to illegally download a customer database, including profiles, payment information, and security credentials. Regardless of how data is used, the goal is usually the same – exploit people for personal profit.
“About 3.5 billion people saw their personal data stolen in the top 2 of 15 biggest breaches of this century alone,” according to Dan Swinhoe, CSO Online.
A broader study showed 21 billion customer records containing personal data were taken from companies worldwide starting in 2012. That is an astounding number considering the global population is ~8 billion, indicating that personal data for a single person may have been repeatedly used illegally.
According to a recent Harris Poll, "roughly 1 in 5 Americans (21%) have experienced a ransomware attack on a personal and/or work device. 46% say their company paid the ransom.”
Bad actors even spoofed the World Healthcare Organization (WHO), causing them to post an alert: “Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments.”
According to the US Health Insurance Portability and Accountability Act (HIPAA) Journal,“ September was the worst month of 2020 for cyberattacks, 83 breaches were attributed to hacking/IT incidents, and 9,662,820 records were exposed in those breaches.”
Our appetite for data is a reality. The second reality is that there’s an army of cybercriminals who want to take our data and use it against us for profit.
Reality 3 – It’s not getting easier for businesses to protect our data
COVID-19 forced many organizations to hastily adjust their networks to comply with stay-at-home orders for their employees and partners. At first, the growing number of remote users created a burden, but it started to yield positive results over time. More businesses learned that moving applications to the cloud and a remote workforce wasn’t only more cost-effective, but users remained productive.
Although business efficiency improved, cybersecurity lagged. By extending the network to every user and cloud, the cyberattack surface became much larger. Bad actors and security specialists know the same thing; every network extension and change may create a security gap.
In 2020, bad actors wasted no time taking advantage of a difficult situation. According to NEWSY, U.N. officials warn that cybercrime is up 600% during the COVID-19 pandemic. A report from the FBI states that the number of cyberattack complaints to their Cyber Division is up to as many as 4,000 a day.”
2021 will bring more threats to businesses than ever before as bad actors integrate the knowledge they gained last year and increase their use of AI and machines to breach security safeguards.
Three realities and an opportunity for change
IT leaders can’t do much to address the first reality, our appetite for data. However, they can address the second and third realities by shutting down bad actors and keeping data secure as networks expand to reach a remote workforce. At the end of 2019, slightly before COVID-19 became a pandemic, Gartner defined a new secure network architecture, SASE (secure access service edge), that addresses those realities.
SASE is a cloud-based service that unifies security and SD-WAN into one platform. It expands networks to service a growing remote workforce and simplifies application migration to the cloud while strengthening security. To ensure users are productive and networks remain safe, network and security services are unified into one step and moved out to the edge of the network where remote users, endpoints, and network access intersect. Included ZTNA authenticates that users are who they say, keeps them isolated from the network, and only provides authorized access to their resources and nothing else.
IT professionals and business leaders understand the three realities surrounding personal data. Many view an increase in bad actors and an expanding remote workforce as an opportunity to accelerate their transition to the cloud. Services, like SASE, provide the security and network roadmap needed so they can achieve that goal.