As common as data use has become in modern business and government, there is always room for growth. Nearing the end of another year, there is no better time to consider how developments in data use, storage, and security will carry over into the next 12 months.
The monthly Immuta Unlocked™ Newsletter offers the latest insights and industry information to keep you up-to-speed on data security trends. Our most recent newsletter spotlights data security in 2022 and forecasts what’s to come in 2023, so you can head into the new year prepared to make the most of your data while maintaining its security.
Here is a roundup of the end-of-year data security topics we followed in December:
The 10 Most Impactful Breaches of 2022
Article: The Top 10 Data Breaches of 2022 (Security Magazine)
As evidenced in previous Key Stories blogs, there has been no shortage of newsworthy data breaches over the course of this year. And with more organizations migrating data to the cloud, it is inevitable that bad actors will continue to try and access that data for nefarious purposes. This is made worse by increasingly expensive price tags and reputational damages attached to breaches, as both regulatory standards and public opinion put companies under enhanced scrutiny.
This list from Security Magazine ranks the top 10 data breaches of 2022 based on their wide-ranging impacts. These breaches hit major organizations like Uber, Twitter, DoorDash, Optus, Medibank, the Costa Rican government, and more. Although the method (ransomware, phishing, direct breach) and severity of each breach varied, all of them compromised data privacy and exposed sensitive information to unauthorized users. This reemphasizes how essential robust, comprehensive data security is for any organization leveraging data. Understanding how these breaches occurred–and learning from them–can inform effective security initiatives for 2023 and beyond.
Regulations to Look Out For in 2023
Article: New data privacy laws in various US states: are you ready? (Financier Worldwide)
By now, the role compliance and regulations play in secure data use is widely acknowledged across industries. These laws are designed to protect consumers, employees, and businesses from dangerous leaks or misuse of sensitive information. While companies might finally be getting comfortable with popular regulations like GDPR and HIPAA, that doesn’t mean that these laws are the only ones they need to be thinking about.
There are quite a few data compliance regulations set to take effect in the upcoming year. The California Privacy Rights Act (CPRA) is set to kick in on January 1, 2023, building upon the existing CCPA’s standards for protecting Californians’ data. Other notable upcoming data regulations include the Virginia Consumer Data Protection Act (January 1, 2023), the Colorado Privacy Act and Connecticut Act Concerning Personal Data Privacy and Online Monitoring (July 1, 2023), and the Utah Consumer Privacy Act (December 31, 2023). Regardless of the specific law or date of enforcement, it’s important that organizations remain aware of regulations and ensure they are maintaining data privacy compliance standards.
Analysts Share Data Security Predictions
Article: Gartner analysts reveal 8 cybersecurity predictions for 2023 (VentureBeat)
It’s natural at the end of the year to speculate about what the next year might hold. Reflecting on the current year can provide glimpses into which trends will persist, which may falter, and what we might be reflecting on at the end of 2023. The best predictions combine industry awareness with hands-on subject matter expertise.
Gartner analysts recently shared their 2023 cybersecurity predictions with VentureBeat, covering everything from risks in the data supply chain, to the rise of “data-centric” cybersecurity, to the growing threat of human-led ransomware attacks. Most interesting were the predictions that security operations will incorporate automation and unified security platforms to bolster both protective and detective capabilities. Data security platforms that automate and aggregate security policies across cloud networks will likely play a large role in keeping up with these trends.
The Continued Importance of Zero Trust
Article: DOD Releases Path to Cyber Security Through Zero Trust Architecture (DOD News)
Zero trust has been a buzzworthy topic for some time now, especially following the Biden Administration’s Executive Order on Improving the Nation’s Cybersecurity in May of 2021. Beginning with the principle that no user should be implicitly trusted or given access to certain resources, zero trust follows the “never trust, always verify” ethos to determine who can see what data for which purposes. To adhere to this framework, organizations are required to build data access controls that rigorously verify access rights on every query.
While the executive order is over a year old, the United States Department of Defense (DoD) has recently released an updated Zero Trust Strategy and Roadmap to aid public sector agencies in their pursuit of zero trust requirements. While the DoD plans to implement a full zero trust architecture by 2027, this roadmap provides insight into how federal agencies can meet the same requirements. It’s also important to note that while zero trust is a mandate for government entities, it is an achievable best practice for private companies as well. Providing a baseline of verification for any data use helps proactively protect sensitive information from falling into the wrong hands.
Keeping Up with Key Stories
Focusing on what has been in the world of data and what may come, December’s Key Stories serve as a transition into the next year of optimizing secure data. We look forward to continuing our mission to help our customers do right with data in 2023.
To stay up-to-date on the latest in data security and beyond, subscribe to the Immuta Unlocked™ Newsletter today. Each month, we include Key Stories in the newsletter to provide you with access to the latest news in data.
We’ll see you in the new year!