It’s that time of the year again – of trends and resolutions. Here are our predictions for the top Enterprise SaaS Data Protection Trends of 2022 by the CloudAlly team including our founder and GM Avinoam Katz, VP Product Michal Zmiri-Yaniv, VP R&D Slava Gorelik, Director of Compliance Monty Sagal, Partner Director Murray Moceri, Director of Marketing Michael Schneider, and Head of Content and Product Marketing Teresa Gracias.
Data Protection Queries? Speak with our Director of Compliance, Monty Sagal
Top Enterprise SaaS Data Protection Trends 2022
#1 Ransomware Will be a Menace, But We’ll Be Wiser
Ransomware has earned its rightful place as a top SaaS data protection trend. It will continue being the menace it is – evolving into more potent forms like Ransomware-as-a-service and supply chain attacks. We are already seeing highly targeted, well-planned supply chain attacks using multiple zero-days such as the REvil attack. The end purpose of ransomware has also become far more insidious than seeking crypto millions in ransom, to relying solely on far-reaching data exfiltration for extortion purposes. The World Economic Forum’s annual Global Risks Report 2022 cautions that ransomware attacks rose by 151% in 2021 and that “ransomware is one of their greatest concerns when it comes to cyber threats” (followed by social engineering).
However, ransomware’s widespread impact has alerted all the players – SaaS platforms, vendors, MSPs, and even the government. Ransomware will continue to trouble us, but cloud companies such as AWS, Azure, and Google will start providing tools and services to fight it. Native solutions are already emerging such as Microsoft 365 Ransomware protection in terms of Microsoft Defender for Cloud Apps. The governments’ efforts and collaboration to regulate ransomware payments and take down organized ransomware will also continue and increase.
#2 Predictive Data Protection Will Be a Gamechanger
Cyber Data Protection will disseminate into every type of IT product – driven by state and hacker threats to business continuity. The ability to predict anomalous behavior, highlight red flags, and mitigate the risks by blocking suspicious data manipulations until approved, will be a data protection gamechanger. Artificial Intelligence (A.I.) will enhance behavior analytics and insights, bots will proactively monitor for downtime and faults. This will be a critical differentiator for organizations – it will be a factor influencing the adoption of cybersecurity solutions and a key SaaS data protection trend.
Similarly, as corporate storage usage continues to explode and storage managers try to keep up, more sophisticated means of classifying data will be needed and intelligent rules for backing it up. AI will be used to help identify which storage requires a higher frequency of backup. This is especially true as the trend of Generative IT (repurposing existing content to create new content) is expected to produce 10% of all content in the next 3 years as per Gartner. It will create a whole new category of data for businesses to manage and protect.
#3 AI and ML will Level-up Phishing and Social Engineering
Don’t expect your unfriendly, professional mal-organization to be far behind in the AI/ML game. Social engineering and phishing will get more sophisticated with AI and voice, video, and image deepfakes to gain unauthorized access. Recently, fraudsters used a deepfake of a C-level executive of a Dubai bank to con it out of $35 million. Organizations will stop relying on voice to authenticate and upgrade their employee training programs. Ransomware and malware will harness AI and ML to dynamically adapt to avoid detection. Adversarial AI, still in its nascency will gain ground to devastating consequences with every existing category of vulnerability in AI such as evasion, poisoning, and extraction having potential catastrophic outcomes.
#4 Data Privacy Will Be Increasingly Regulated
In 2021, 23 U.S. state legislatures enacted privacy bills. In addition, the Uniform Personal Data Protection Act was introduced by the Uniform Law Commission which will encourage other states to adopt it as a ready template. Last year in our data protection trends we predicted that Data privacy will emerge from the shadows of consumer rights groups to become central to organizational data privacy initiatives. This year it will go a step further by being enshrined, globally, in regulatory laws.
- Multiple new state-level compliance requirements and enforcement actions will push the Federal government to finally get involved and pass privacy laws. Facebook and Google will fight hard against these laws, but due to the backlash against these companies, some of the data privacy laws will be made into law.
- China has enacted the Personal Information Protection Law of the People’s Republic of China (“PIPL”), similar to the GDPR. In addition, China’s main economic hubs – Shanghai and Shenzen, implemented regulations that mandate how data controllers process personal information.
- AdTech too will be closely regulated with pressure from watchdog organizations like the FTC of predatory and exclusionary practices by AdTech companies. Unfair data collection and surveillance practices leading to rampant privacy violations have come under the scanner and will be subject to stricter regulations.
- GDPR, which was released in 2018, too will be likely updated with new privacy requirements.
#5 Cloud Supply Chain Protection Services Will Become the Norm
- Certification or compliance procedures for supply chain products will become the norm as organizations are aware that even with a very secure environment, malware can be smuggled in via well-respected software packages or services.
- Stolen or misused credentials were responsible for 61% of data breaches in 2021. This will drive organizations to aggressively move to password-less or device-based devices, as they are safer than using credentials or other identification protocols with them being the weakest link.
- The shortage of cyber security professionals is estimated to be 72 million. To make up for this shortfall while grappling with the ominous threat landscape, “cloud protection services” will significantly increase. These services will protect against staffing shortages, operational faults such as exposing cloud storage and monitoring cloud users’ access and permissions.
- Cyber insurance premiums will significantly increase due to the ransomware and supply chain attacks surge. Due to emerging
ransomware attacks and their volume, the WEF reported an increase of 180% in the average 2021 cyber insurance premium.
What are your predictions for enterprise SaaS data protection trends for 2022? Tweet us @cloudally or add a comment below.
And don’t forget to stay safe and backed up!