By Ian Engelbrecht, System Engineering Manager, Veeam Software

Cybersecurity is a continually evolving landscape, driven as much by the availability of technologies that assist companies in optimising operations as it is by malicious users leveraging more advanced forms of attacks.

With the cloud becoming critical to business enablement in a digital environment, there are several cybersecurity trends for 2023 that decision-makers must keep in mind if they are to keep their data protected and always available.

Cloud security

According to the Veeam Cloud Protection Trends Report 2023, 74% of companies across EMEA have brought workloads back to their on-premises data centres for several reasons. These include disaster recovery failback, staging versus production, or reconciliation that the cloud was not optimal for that particular workload.

This is not to say that the cloud is losing traction. Rather, it is about business and technology leaders gaining a better understanding of how to identify the workloads that can best benefit from being migrated to the cloud. Much of this comes down to the type of service being provided. This has sparked cloud providers to compete more aggressively with one another to deliver more innovative services to customers. 

With more workloads in the cloud, comes more security risks. Companies who use cloud solutions must also understand that there is no, or very limited, built-in protection for those services. Bringing this to light is the fact that 81% of respondents of the Veeam report said they anticipate using cloud-based data protection by next year. This is a good sign as it suggests that awareness of the importance of the shared responsibility model is finally gaining traction.

Organisations are finally beginning to understand that the data they generate in cloud environments are their own responsibility to keep safe. The service provider is only responsible for supplying the infrastructure, platform, software, and services. However, this frees up companies to focus more on identifying ways to safeguard the data they generate in addition to the cloud services being provided.

Supply chain attacks

Attacks on the supply chain can take two forms, the first of which targets the supply chain directly. Disrupting the physical supply chain can have massive knock-on effects not only for businesses, but for entire countries, regions, and even the world. From fuel and food shortages to disruption to industries, these are not to be taken lightly. Take the impact of the Ukraine conflict on the global economy, for example. Decision-makers must realise that no organisation is an island. There are a myriad chains of dependency between companies and the global supply chain that must be considered, meaning organisations must ensure they are protected from any disruption or fallout as far as possible. 

The second form of attack is that of malicious code being embedded into supply chain software. This is especially cause for concern in an environment driven significantly by open source technology. For all the advantages of being community-driven, this is perhaps also one of the biggest risks – anyone can edit and potentially inject something nefarious into the source code.

This creates a situation where many companies who even use just a few lines of open source code in their paid-for supply chain products can have potential vulnerabilities. Every business must therefore stay up to date with the latest security and software patches. Having a Modern Data Protection plan in place, that includes making regular backups and verifying they are corruption free and immutable, becomes imperative.

Data privacy laws

In Europe, there is the General Data Protection Regulation (GDPR), and South Africa has the Protection of Personal Information Act (POPIA). Similarly, every country in Africa has its own data privacy regulation in place that must be adhered to by organisations doing business there. For their part, African companies who deal with European ones, or that have subsidiaries in the EU, must ensure they comply with GDPR.

A golden thread running through all these sets of regulations is the condition for responsible parties to lawfully process the personal information of data subjects. For instance, POPIA sets the minimum standards for the protection of personal information and regulates the ‘processing’ of personal information in South Africa. An example of this is, why would an estate agency need to know what car is driven by someone who is selling their house? It comes down to only keeping information relevant for the purpose of what the business needs to do with that data. A company cannot process the same customer information for different functions unless it has the customer’s expressed permission to do so.

In South Africa, there is still a massive challenge of enforcing data privacy regulations. Generally, it only becomes an issue when companies are breached. However, this does not mean decision-makers can ignore it or choose not to ensure they take all necessary measures to protect the personal information of their customers. Demonstrating data integrity at every stage in its life cycle is not just good corporate governance or a way of gaining and retaining customer trust, it can be the difference between winning or losing business.

These are just three of the top cybersecurity trends for next year to keep in mind when it comes time to develop or maintain a Modern Data Protection strategy. That vital process which ensures backup, recovery and management of data vital to business operations. Organisations must embrace a different way of thinking and put data resilience, security and remediation as a central part of their growth strategies.  It’s so much more than just an IT issue!