Superimposed over every key cybersecurity trend we’ve identified for 2022 – including the threat landscape, the cloud, the new distributed workforce, and artificial intelligence – are compliance and risk management. While requirements vary by industry, the number of regulations, and the penalties associated with noncompliance, continue to grow at a dizzying rate.
Coming into this year, Canada, China, and Brazil initiated new personal information protection laws; Singapore and California expanded their regulations; and the European Union increased fines for GDPR violations, for example. And these regulations have teeth – Amazon, for example, was recently fined nearly $900 million USD for noncompliance with the GDPR.
In addition to data privacy laws, organizations may face a myriad of other requirements like PCI-DSS for credit-card handling and HIPAA for health information, as well as environmental, social and governance (ESG) efforts pushed by investors and others. To assure compliance, companies typically establish a cohesive and uniform program by adopting a data privacy framework like the NIST Privacy Framework or ISO 27001, then building upon it.
That’s where our other key trends for 2022 come into play.
Compliance and the Changing Threat Landscape
A central requirement of every compliance framework is a robust defense against data leakage and theft. These breaches are often a component of ransomware and other attacks, but are sometimes due to careless or malicious handling of data by insiders. We’re strong proponents of the fundamentals of cybersecurity and best practices like updating malware signatures and applying vulnerability patches as they become available.
Future-ready NGFWs, as well as server, cloud and application protection, are vitally important in preventing data leakage, as is micro-segmentation of VMs to block unauthorized lateral movements of multi-stage, multi-layer attacks. Botnet C&C prevention can ‘cut off the head’ of ransomware and other threats, preventing communication back to the hacker and effectively negating the threat.
Two newer technologies, zero-trust network access (ZTNA) and extended detection and response (XDR) also bear investigation for their ability to tightly control access with improved security, and to more accurately identify and rapidly respond to threats, respectively.
The Expanded Network Edge: Cloud and Remote Workers
The cloud and the distributed workforce both represent an expansion of the network edge, though they have dissimilar impacts on compliance. The majority of public cloud offerings, for example, offer services that can be compliant with various privacy laws, as well as guidance and support in achieving compliance. Private and hybrid clouds place more of the burden squarely on the shoulders of enterprise compliance and IT teams, though careful considerations are required regardless of the cloud model.
The distributed workforce represents another area of concern for compliance, in that access control to sensitive data must be tightly managed, and any connections over which the data will transit must be secured as well. SD-WAN and ZTNA are two technologies to consider; SD-WAN, for example, offers a number of benefits over VPN for securing remote workers.
AI and Compliance
Another of our key topics for 2022 is artificial intelligence and its subcategory machine learning (ML). AI and ML are becoming widespread in security technologies and providing assistance in threat detection, correlation and analysis, hunting and coordinated response. In terms of compliance, AI and ML are utilized in User and Entity Behavioral Analysis to detect malicious insiders and external forces that can compromise protected data.
AI, in particular, excels in its ability to correlate and crunch massive amounts of data – like that collected by various point security products deployed in the network – to discern the subtle nuances that can be indicators of attack. These operations would be almost impossible to execute by human means alone, and help strengthen the security of protected data, thus aiding in compliance.
Regulatory compliance has become a must for most businesses worldwide; one source notes that companies spend about $5.5 million on average on their compliance efforts versus nearly $15 million for non-compliance. As compliance is a global phenomenon, Hillstone is well-placed with its international experience to play a vital role in securing protected data, and in achieving compliance. To learn more about Hillstone’s network security products, visit our website or contact your local Hillstone representative or authorized reseller today!
