According to a recent analysis from IBM and the Ponemon institute, the average cost of a data breach has risen to a record high of $4.35 million in 2022. This year has certainly had its fair share of data breaches, and not one industry was safe. Government agencies, school systems, healthcare organizations, and even tech giants such as Microsoft all experienced a breach, proving that there is still a lot of work to be done in the fight against attackers.
It appears there will be no slowing down for cybercrime in 2023, but it’s not all doom and gloom for data security teams. Despite the odds seemingly stacked against the “good guys,” the future shows promise. 2022 was like any other year in the past 5 years when it came to cybersecurity. The cycle of business and innovation agility led to data proliferation and unintentional consequences of lost and stolen sensitive data. However, 2023 can be a year that data security professionals break that cycle.
Here’s a look at what the data security landscape will look like in 2023.
Data security professionals will be viewed as business accelerators rather than inhibitors.
Data security has traditionally been seen as a roadblock for other areas of the organization such as IT and operations. Unfortunately, it’s the nature of the job. Data security involves having to make sure every digital asset is kept out of the hands of adversaries and is adhering to policy. With the increase in data proliferation, that has become increasingly more difficult to do.
However, it is critical for data to be available in order for businesses to conduct day-to-day operations. Data security is a key component in making that happen and, when done correctly, is not a hindrance.
Luckily, in 2022, more organizations began to understand the significance of data visibility and security, particularly in public cloud environments. As a result, they began to rely more and more on data security professionals and looked at them as business accelerators. I expect this sentiment to continue in 2023 as cloud data security technologies evolve to help make data security professionals’ lives easier and advance the business.
The increase in unknown or “shadow” data will lead to more data leaks, risks for organizations.
However, it will ultimately serve as a wake up call for CISOs to prioritize investments in data visibility and protection solutions.
There is a dark side to digital transformation fueled by the public cloud. Every day developers and data scientists create, move, modify and delete data in service of positive business outcomes. And they leave a trail of unintentional risk in their wake.
The activities that create the biggest advantages for cloud-based businesses are the same activities that introduce the most risk. As sensitive data propagates across the public cloud, risk grows.
This is the Innovation Attack Surface – a new kind of threat that most organizations unconsciously accept as the cost of doing business. Massive, decentralized, accidental risk creation by the smartest people in your business.
This unknown or “shadow” data has become a problem for 82% of security practitioners. Examples of it include database copies in test environments, analytics pipelines, unlisted embedded databases, unmanaged backups, and more. Because of its unknown content, it is at extra risk for exposure.
Security teams can expect to see more instances of shadow data breaches in 2023. However, even though breaches caused by shadow data are set to increase, security teams are becoming more and more aware of the situation and committing to solving the problem. The emerging public cloud data security market proves that this is slowly becoming a problem at the forefront of CISOs minds, and knowing you have a problem is the first step to solving it. In 2023, CISOs will prioritize finding agile solutions that provide both visibility and protection into all of their cloud data to discover and remediate data exposure risk.
A new data security center of excellence will report to the CISO
All security must protect data, however not all security is focused on data. With data increasingly growing more important as a currency between businesses, as well as as a means of innovation, organizations are storing and sharing more of it than ever (and increasingly, in the cloud). The skills gap created by this will begin to be addressed in 2023 with the rise of a new data security center of excellence, reporting to the CISO.
This center of excellence will bridge the gap between the CISO and the Chief Data Officer (CDO) to ensure an entity’s valuable data is secure. The data security center of excellence will have responsibility for the following four areas:
- Constantly maintaining visibility of all sensitive data
- Continuously protecting sensitive data
- Controlling who has access to sensitive data
- Ensuring that sensitive data adheres to the enterprise data security policy
This center of excellence, along with more data-centric, defense-in-depth security strategies will augment the important data governance and data privacy work that the Chief Data Officer typically oversees.
Data becomes more valuable every year, which makes it more important for organizations to take the proper steps to safeguard it. Traditional approaches are vanishing in this cloud-first era, where digital change is occurring quickly and complexity is high. In 2023, to stay secure and agile, organizations must be able to locate, identify, and organize every piece of data in the public cloud environment. Doing so will enable security teams to defeat shadow data, and stay ahead of adversaries for good.
Subscribe to our blog
Get notified when a new piece is out