2023 Predictions by Quentyn Taylor – Senior Director of Information Security and Global Response at Canon EMEA
What new obstacles will GDPR laws pose for cyber security teams?
The introduction of GDPR regulation in the UK and across Europe has fundamentally changed how organizations share, secure, and keep data. It has also made them financially and personally liable for improper data handling. In reality, the first half of 2022 saw GDPR fines of 97.29 million Euros, a 92% increase over H1 2021.
Article 32 of the GDPR, which specifies that penalties may be enforced if businesses lack technological and security measures in place, even if this does not result in a breach, has been the focus of an increasing number of fines this year. While implementing reactive fines in response to data leaks will definitely remain the main focus, in 2023, penalizing those who lack the necessary preventative procedures will take on an increasing amount of importance. In the end, regulation has advanced more quickly than many businesses can keep up with, especially given the difficulty of managing and implementing IT security in a hybrid context. Regulations will only tighten in the upcoming year, and organizations will be subject to greater scrutiny.
Where will IT investment go in 2023, and how will it affect how security strategies are put into practice?
Due to the importance of digitization in the transition to hybrid, IT teams have previously benefited from relatively high budgets, while other business operations have been reduced. With growing inflation and the prospect of a worldwide recession, organizations are now working in a different environment, and many will start to review all of their budgets, including those for IT.
Security will continue to be a top priority for investment notwithstanding the current economic turmoil. The threat landscape is still evolving quickly, and cutting security costs will be impossible given the potential financial and reputational harm that security breaches could do to some organizations when the recession sets in.
But when it comes to implementing this strategy, cutting IT resources while increasing security investments is a challenge. Whether a security plan can be implemented by an operational IT team is essential to its success. Reduced IT spending will unintentionally leave organizations vulnerable to attack since security personnel won’t have the tools necessary to carry out their strategies.
Therefore, rather than considering IT and security as two distinct entities as we approach 2023, IT security professionals must think about their overall IT strategy.
What effects will the financial crisis have on the security sector?
Other macroeconomic constraints like energy scarcities and skyrocketing inflation rates are affecting how firms may invest and thrive while Europe is still recovering from the pandemic. With 12,000 tech jobs now lost globally, the market is getting more volatile and unpredictable, and the tech industry has finally felt the pinch.
With this safety net withdrawn, insider threat cases will increase in 2023. Previously, the booming tech industry meant that many IT experts could find a job by the end of the week if they were let go. In fact, this reached its greatest quarterly level to date in Q3 2022, accounting for close to 35% of all events involving threats of unauthorized access. Businesses are exposed to insider threat in the present digital sector, since some employees try to duplicate data and use it for their future company, for instance. Cybercriminals will take advantage of this problem as well, as they are able to deploy new tactics that target folks who are unaware of current technological advances.
When employees leave the company, organizations must make sure that data is protected and has not been moved to personal devices. However, just 18% of IT decision makers claim to be able to track information across the whole lifespan, according to our most recent data. Businesses should boost visibility across their data journey in response so that organizations can see instances where employees are printing and distributing information outside the bounds of the company’s security measures.
By Quentyn Taylor – Senior Director of Information Security and Global Response at Canon EMEA