2021 predictions for data classification

In the digitally accelerated COVID-19 environment of 2021, what are the top data security trends that organisations face? Here is HelpSystems Data Classification Specialist, Adam Strange’s take on the outlook and trends for 2021.

Prediction/Trend 1 – Ongoing growth in remote working will create data security threats

• The far-reaching impact of COVID-19 has seen an intensified threat of malicious cyber attacks. There are also escalating numbers of damaging data breaches across almost every business sector. The rapid shift to remote working during the pandemic left many employers exposed to hackers. It has highlighted multiple examples of serious network and data vulnerabilities.
• In a recent article, Infosecurity Magazine quotes research finding that attacks on the biotech and pharmaceutical industry alone rose by 50% in 2020 compared to 2019. In the defence sector, The Pentagon is seeing a huge rise in cyber-attacks through the pandemic. One cause is the unprecedented numbers of employees forced to communicate through their own devices.
• As more companies facilitate a semi-permanent remote workforce, data security ecosystems will evolve to become more complex. Advanced data management and classification solutions will be a critical technology investment.
• ‘Insider threat’ will be categorised as the most prominent tier 1 data security risk in 2021. It will necessitate stricter corporate guidelines and protocols in data classification. There is also a need for comprehensive employee education programmes around data security.
• HelpSystems’ recent research interviewed 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face. It found that insider threat – whether intentional or accidental – was cited by more than a third (35%) of survey respondents. It is a threat with the potential to cause the most damage in the next 12 months.
• The latest Information Commissioner’s Office (ICO) report confirmed that misdirected email remains one of the UK’s most prominent causes of security incidents. It demonstrates the need for all organisations to control the dissemination of their classified data.
• HelpSystems’ technologies in data security and classification enable businesses to regain control of sensitive data. It identifies sensitive data by scanning and analysing data at rest. It also classifies and protects personal data by detecting PII at creation.

Prediction/Trend 2- A security culture must be embedded into organisations, especially as insider breach risk continues to grow.

• In 2021 data governance will take centre stage in data security and privacy strategies. Companies will create Centres of Excellence (COE) to embed a solid data security culture across teams and corporate divisions. It will enable them to formalise in-house data management processes. It means rolling out divisional best practice and placing data classification at the foundation of their data security strategy.
• Employees play a vital role in ensuring that the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. To achieve this, they must invest in user training and education programmes.
• The security culture of the firm must be inclusive towards all employees. It must make sure they are continually trained so that their approach to security becomes part of their everyday working practice. Irrespective of their location it ensures security becomes embedded into all their actions and the ethos of the business.
• Data classification solutions will allow businesses to protect data by putting appropriate security labels in place. HelpSystems data classification uses both visual and metadata labels to classify both emails and documents according to their sensitivity. Once labelled, data is controlled to ensure that emails, documents and files are only sent to those that should be receiving them. This protects sensitive information from accidental loss, through misdirected emails and the inadvertent sharing of restricted documents and files.

Prediction/Trend 3 – Supply chain ecosystem risk will get bigger

• Accenture quote that 94% of Fortune 100 companies experienced supply chain disruptions from COVID-19. As much as 40% of cyber threats are now occurring indirectly through the supply chain.
• 2020 has been the year where businesses realised more than ever that data security across the supply chain was only as strong as its weakest link. Exposing a business’s network and sensitive data to its suppliers has the potential to carry significant additional risk.
• HelpSystems’ recent report interviewed 250 CISOs and CIOs from financial institutions about the cybersecurity challenges they face. Nearly half (46%) said that cybersecurity weaknesses in the supply chain had the biggest potential to cause the most damage in the next 12 months.
• Sharing information with suppliers is essential for the supply chain to function. Most organisations go to great lengths to secure intellectual property (IP), personally identifiable information (PII) and other sensitive data internally. However, when this information is shared across the supply chain, it doesn’t get the same robust attention.
• The demand for greater resilience across supply chain operations in 2021 will require businesses to move quickly to overhaul existing tech investments and prioritise data governance. Organisations must ensure basic controls are implemented around their suppliers’ IT infrastructure and that they have robust security measures.
• Advanced data classification capabilities will deliver assurance and control to numerous industries including finance, defence and government. HelpSystems advises organisations to ensure their suppliers have a robust security and information risk approach. It ensures they have security frameworks such as ISO 27001 and Cyber Essentials in place.
• Organisations should implement a data classification scheme. This includes embedding data risk management into the procurement lifecycle processes from start to finish. By effectively embedding data risk management, categorisation and classification into procurement and vendor management processes, businesses will prevent their suppliers’ vulnerabilities becoming their own and more effectively secure data in the supply chain.

Prediction/Trend 4 – Data privacy regulation set to increase

• There is an increased focus on data privacy and protection of personal data. The continuing shift in privacy law, as reflected in the EU’s landmark GDPR in 2018 and, this year, the US’s CCPA, and the CPRA set to take effect in 2023, has changed the data regulatory landscape. We can expect to see similar US compliance rulings come into force beyond California through 2021.
• In addition to individual state privacy rulings, we can expect to see federal US-wide regulation come into force.
• This new phase in privacy regulation will be complex. Enforcement will demand changes in people, process and technology. Companies will require proper corporate data governance programmes, employee training and solid data management systems to counter reputational risk and hefty fines.
• Data automation will also be a priority. Companies will continue to struggle to deliver relevant data protection strategies for every level of business and its users, across all platforms and infrastructures to conform with individual state and international laws.
• HelpSystems’ unified security, compliancy and data classification solutions simplify compliancy reporting. It enables businesses to easily generate the documentation necessary to identify security issues. It also gives auditors the information that they need to prove compliance.

Boldon James is an industry specialist in data classification and secure messaging, delivering globally-recognised innovation, service excellence and technology solutions that work. Part of HelpSystems, we integrate with powerful data security and governance ecosystems to enable customers to effectively manage data, streamline operations and proactively respond to regulatory change. We have a 35 year heritage of delivering for the world’s leading commercial organisations, systems integrators, defence forces and governments.