2022 Predictions: Shifting Privacy Landscape Increases Security Complexities

As any security professional will tell you, 2021 has been the year of ransomware attacks. Over the past year we have seen a bevy of attacks that have shifted public policy, highlighted our lack of talent in the security industry and drawn attention to our patchwork of privacy measures. As we make ready for a new year full of fresh challenges, security leaders must remain strategic and diligent to face the fast-evolving threat in the year ahead.

Privacy Protections Add Complexities and Vulnerabilities

The first challenge I see the security industry having to grapple with is the fragmentary focus on privacy. I anticipate that this will only get worse in the foreseeable near-term future. At one point we were hoping that compliance was going to get simpler, but it doesn't look that way anymore. Seemingly every state and country has come out with their own unique privacy regulations. The European Union has its GDPR regulatory framework, the state of California has CCPA, and even China and Hong Kong each have their own rules. It's a mess from a security standpoint because there is no standard to build on and that leaves room for errors. This patchwork makes security jobs more challenging as security professionals must understand and implement the disparate privacy and compliance regulations from around the world and jerry-rig them together for each region their company operates in. 

Ideally, there would be an international consortium to address these diverse privacy rules from around the world. New privacy rules create complexity and not just from a compliance standpoint. Security is often a game of details, so as things become increasingly complex, it introduces more things that can go wrong and more pathways for malicious actors to break into the enterprise. We need to see greater simplification on the process side, driven by unification of regulations. A lot of things sound great on paper, but how practical is it to implement security across so many different regulatory frameworks? At the very least, national rules will need to come together for organizations to implement a cohesive privacy framework for each country. By not reaching some consensus about privacy, we are introducing greater risks for everyone to stand up adequate security protections.

Read the full article by Erkang Zheng on the VMBlog.

This Month's Leaders