Technology always keeps us on our toes. And while constant change and innovation is exciting, keeping up can be a double-edged sword. Perhaps the biggest challenge facing businesses today is privacy.
Privacy is at the forefront of every company’s security planning for the coming year. As a result, we predict several issues will take precedence:
- Privacy adaptation to accommodate for technologies like artificial intelligence (AI)
- Complying with new regulations set out in the GPDR
- Enabling continuous innovation while maintaining strict privacy practices
Cybersecurity is an integral part of privacy planning. With the number of high-profile cyber-attacks reported in the media every day, it’s clear the threat is very real. Add the challenges of implementing new privacy regulations, and we’ve got a lot to talk about.
Here’s a look at some of the top privacy concerns for 2019.
Cybersecurity and Privacy
These days, it’s rare to find a business that doesn’t use a variety of online platforms to service customers. We expect security by design, or designing software from the outset to be less susceptible to vulnerabilities, to be a big concept in 2019. But it may be several years before security by design has evolved to the point where it provides all the protection we need. Cyber criminals are always innovating, and it seems we’re always playing catch up.
Over the past several years, there have been several large-scale cybersecurity attacks. The Equifax debacle affected nearly 150 million consumers, while the MyFitnessPal breach compromised the privacy of 150 million users. But it’s not just big business that’s affected.
A whopping 31% of organizations have fallen victim to a cyber-attack. Over half of these attacks targeted small businesses that may not have the resources to survive such an attack.
Now as we hit the halfway mark of 2019, here are some interesting trends to watch:
Data Manipulation on the Rise
There’s no doubt cyber criminals have the skills and tenacity to get what they’re after. Statistics show about 24000 malicious mobile attacks are blocked daily and the industry is becoming more sophisticated. Hence, don’t be surprised if attackers start to turn their skills to data manipulation.
Data manipulation can push people to question the safety of data, which is dangerous if you rely on the integrity of your user base. It can also do severe damage to the reputations of individuals and organizations. Expect to see even greater data manipulation in 2019.
Breaches Will Become More Difficult to Repel
From diving deeper into the Dark Web to using bespoke code, hackers are becoming more elusive and cunning. One such example is a ransomware attack that turns victims into attackers with pyramid-like fees. On passing the malware link and having two more people install and pay, the original victim’s files are decrypted for free. Cyber criminals will only get more creative.
The Growth of Cyber Risk Insurance
For many small businesses, a cyber-attack can spell disaster. It’s estimated 60% of small-to-medium sized businesses fold within six months of a cyber-attack. This has driven requirements for cyber risk insurance, or cyber liability insurance coverage (CLIC). This added safety net is designed to mitigate risk exposure after a breach or similar event. Expect more tailored products available to address this trend.
Privacy and Artificial Intelligence
AI is everywhere in the workplace, used to screen job applicants and track employees. In the consumer world, AI has a hand in everything from marketing to targeting customers and even detecting fraud. But how much risk does AI present to privacy?
Human bias in training algorithms is one area with the potential to cause harm legally, financially and otherwise.
Then there’s access to data, profiling restrictions, deletion rights and automated decision-making. Organizations around the globe must strive to understand the impact of AI on privacy - and find ways to protect themselves from potential incidents.
The GDPR
According to new GDPR privacy regulations, companies must now halt collection of unnecessary customer data. This forces businesses to take a leaner approach to data collection to ensure safety. And implementing the new practices can take significant time.
The GDPR now regulates data collection with the following requirements:
- Organizations must get explicit consent before using an individual’s data. This extends to third-party sharing.
- Storing data for long-term, non-specific use has also been outlawed under the GDPR. Companies must now be fully transparent about intentions for data. And individuals have the right to withdraw their data at any time.
- Organizations must be very specific about how and when the data will be used. If consumers are in doubt about validity of this information, they can request deletion immediately.
- Any collection of data must be kept to a minimum, and no unnecessary data may be stored for future use.
- Individuals must receive all personal details from an organization upon request. And all organizations must operate with centrally-managed databases.
- Organizations must adhere to a strict deletion policy.
The GDPR presents several initiatives geared to protect users. Yet businesses may have to overcome some hurdles when implementing the new regulations. Millions of businesses still aren't GPDR compliant, a recent GPDR survey finds.
This increase in regulation may also serve to make companies innovation-shy - which may limit both applications and new products.
With this range of issues, there are several immediate security actions businesses can take to ensure safety and compliance:
Security Audit
For any organization housing patient or customer data, a full security audit is essential. Security audits include an assessment of both hardware and software and include exhaustive analysis to catch any vulnerabilities.
A strong security audit may assess the following:
- Physical Access Controls
- Physical Controls Over Network Equipment
- Server Room Conditions
- Anti-Malware
- Backups
- Internal & External IT Evaluation of Firewalls
- Logical Access Controls
- Network Infrastructure
- Ransomware
- Security Protection Systems
- Servers
- Wireless Networks
VPN
Ensuring your team is using VPN encryption is essential to security. A VPN encrypts data as it moves between computers and the servers used for essential services. This ensures no unwelcome guests see information your business is sending to servers.
Penetration Testing
Penetration testing is a vital tool for any organization with patient and/or client data. Penetration testing involves simulated hacking activities, determining any weak points that may be targeted. Penetration testing provides a full analysis of security across the IT infrastructure, and helps build a list of actionable items to ensure information stays private.
Vulnerability Scanning
Vulnerability scanning uncovers changes to systems – pinpointing where efforts should be focused. This process spurs proactive security measures, and should be completed regularly to reduce risk.
Final Thoughts
Privacy is an issue we ALL need watch for the remainder of 2019. Keeping up on this changing landscape and implementing appropriate security measures proactively can go a long way towards staying safe and compliant – no matter what comes next.
Interested in learning more about keeping your organization safe in the wave of new security threats and ever-growing concerns over privacy? Take a look at the resource links below to learn more.
https://www.globalsign.com/en/company/blog/articles/6-myths-about-gdpr/
https://www.globalsign.com/en/company/blog/articles/5-ways-cybersecurity-can-gain-from-ai/
https://www.globalsign.com/en/company/blog/articles/6-ways-protect-business-from-online-fraud/
About the Author
Andrew Michael is an independent cybersecurity researcher. He specializes in network forensics, IoT and big data analytics. Former IT security consultant at ISC.
