We will continue to live in interesting times. 2021 was a year of records: companies had to push ahead with their digital transformation due to the pandemic, which left considerable gaps in their IT security. Cyber criminals took advantage of this: According to a recent study by Check Point, weekly attacks worldwide have increased by 40 percent compared to the previous year. Every week one in 61 companies was hit by a ransomware attack. These numbers are remarkable. The amount of fines for compliance violations also reached a record value: In the third quarter, the EU imposed penalties for GDPR violations that were almost 20 times higher than in the two preceding quarters.
So that companies can better protect themselves against attacks by cyber criminals and compliance violations in the future, it helps to look ahead at the beginning of the year: What will be important for companies in 2022 in order to position themselves better? According to Eric Waltert, VP DACH at Veritas Technologies, the following developments are to be expected:
Ransomware Attacks: Legal Implications for Executives
In the past year, the number of ransomware attacks has skyrocketed, with consequences for the economy, society and information management. The attacks caused severe financial damage running into billions and are highly lucrative for cyber criminals. Hackers have long been more and more targeted and are increasingly targeting organizations that are classified as critical (KRITIS) by the authorities – such as hospitals, energy suppliers or the food trade.
People’s lives and their security are threatened by the attacks and the resulting IT failure, which is why the authorities will focus more on the issue of ransomware. Veritas assumes that executives, especially those of critical infrastructure organizations, have to prove after a successful ransomware attack that they have had all the necessary measures in place. If they are found to have acted negligently, they could not only lose their jobs, there could be legal consequences. Therefore, executives should make fighting ransomware one of their most important roles.
The coming ransomware attacks use AI and ML
Cyber attacks are not only becoming more targeted, but also more sophisticated. In the coming year, hackers could increasingly develop malicious code that adapts automatically: the algorithms change the malware so that it is not detected by antivirus programs. Companies should therefore also consider using technologies based on Artificial Intelligence (AI) and Machine Learning (ML) to automatically protect their infrastructures and data.
Uniform compliance strategies are gaining in importance
As a result of digital transformation and hybrid forms of work, data is being distributed across an ever larger range of messaging and collaboration tools such as Teams or Zoom. In addition, in view of the different data protection regulations from country to country, it is becoming increasingly difficult to keep track of the compliance regulations.
The number of solutions with which the requirements and the data can be recorded, archived and viewed has grown immensely. Many companies lack the resources to continuously manage the tools. At the same time, they cannot afford to neglect compliance requirements. Meeting both factors requires a unified approach. Companies are therefore well advised to archive, protect and manage their data via a consolidated and integrated platform. This allows you to manage your data more efficiently and you do not run the risk of having to pay fines due to compliance violations.
AI-based algorithms enable preventive monitoring
AI and ML offer companies the opportunity to monitor compliance-relevant data on a large scale without hiring employees. The additional capacity in the form of bots enables them to take a proactive approach. With the help of AI and ML, sufficient samples of data can be taken to identify potential problems in good time. Not only can this help companies reduce the impact of compliance violations, but it also helps avoid the negative publicity that a formal investigation would lead to.
Intelligent information is gaining momentum
The switch to hybrid forms of work has led to a massive increase in the amount of data that is generated from numerous sources. It is critical for companies to quickly capture, archive, and analyze this information. A large part of the data is, however, “dark data”, which is recorded, processed and stored, but its content and therefore its value is unknown. According to a survey by Veritas, the data that German companies store is an average of 30 percent dark data. It is all the more important to recognize such information. AI-based technology and specific guidelines can help classify them to define what content actually needs to be captured and analyzed. This significantly lowers the costs for the company.
New category of data: Generative IT
In the next three years, the use of “generative IT”, ie technologies that combine and repurpose existing content, will also increase so that new content is created. According to Gartner, about one percent of the data today is generated by generative IT; in 2025 it should be ten times as much. This creates a new category of information that needs to be managed and protected. With classification tools, the life cycle of the data can be managed and saved in compliance with compliance – a decisive factor for the success of a project. Otherwise the information degenerates into future dark data.
Container applications will prevail
In 2022, Kubernetes and the orchestration of containers will become increasingly popular in production environments. As soon as companies have switched from physical to virtual environments and cloud applications, they will increasingly implement microservices and containers in the next year. Anyone who uses many different applications or large and complex IT infrastructures can take full advantage of the scalability and elasticity of the cloud. The advantages range from cost savings to flexible use of company-relevant data. Many cloud providers already offer turnkey Kubernetes solutions to enable their customers to easily port data.