12 trends in privacy and security
First identified as an industry issue a decade ago, data breaches are now part of the consumer vocabulary. Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications.
According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate. Industry experts :
1. Global criminals: Criminals are now globally connected and increasingly part of organized crime rings.
2. Advanced persistent threat (APT): APT is the biggest threat to organizations, whereby hackers gain access to a network and remain there undetected for a long period of time.
3. Malicious attackers: Hacktivists and national states have an advantage over today’s defenders of corporate data and IT infrastructure.
4. Breaches affect everyone and everything: Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
5. Information can be infinitely distributed, causing limitless damage: The electronic health information privacy breach epidemic is an unanticipated “game changer” in that health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage.
6. Increased enforcement risk: Regulators at both the federal and state levels in many foreign countries have become, and will continue to be, increasingly aggressive in investigating security breaches and obtaining substantial monetary settlements or penalties from responsible organizations.
7. Identity theft will not go away, until the issue of identity is solved: "Identity-proofing" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.
8. Real-time prevention: The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected. Our defensive strategy must now shift to real-time prevention of the abuse of this sensitive information by criminal elements.
9. More digital devices and technologies, to digitize personal data: Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software - all used to collect and digitize consumers' sensitive personal data - will provide more opportunities for government to resell consumer data, forcing consumers to demand better privacy protections and read/approve/decline company privacy statements.
10. Many data breaches are avoidable if commonsense security practices are in place: In recent cases where companies experienced data breaches, the companies' security practices did not protect against even readily foreseeable threats. Companies need to use “reasonable and appropriate security measures” for handling consumers’ personal information.
11. Long-term monitoring: Data obtained by hacking, theft or unauthorized access, isn't always used immediately by the perpetrators. Organizations need to develop a tactical plan for incident response that includes persistent, long-term diligence and monitoring, due to the possibility of lag time that can occur between the time of the breach and the fraudulent use of consumer information.
12. Continued business naiveté: Corporations continue their delusional belief that data security and cyber privacy are a byproduct of purchasing better technology. It helps, but it's the human beings using the technology correctly (or not, in the case of most breaches) that actually delivers results. Forward-thinking companies will focus assets on training the stewards of their valuable data.
First identified as an industry issue a decade ago, data breaches are now part of the consumer vocabulary. Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications.
According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate. Industry experts :
1. Global criminals: Criminals are now globally connected and increasingly part of organized crime rings.
2. Advanced persistent threat (APT): APT is the biggest threat to organizations, whereby hackers gain access to a network and remain there undetected for a long period of time.
3. Malicious attackers: Hacktivists and national states have an advantage over today’s defenders of corporate data and IT infrastructure.
4. Breaches affect everyone and everything: Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
5. Information can be infinitely distributed, causing limitless damage: The electronic health information privacy breach epidemic is an unanticipated “game changer” in that health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage.
6. Increased enforcement risk: Regulators at both the federal and state levels in many foreign countries have become, and will continue to be, increasingly aggressive in investigating security breaches and obtaining substantial monetary settlements or penalties from responsible organizations.
7. Identity theft will not go away, until the issue of identity is solved: "Identity-proofing" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.
8. Real-time prevention: The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected. Our defensive strategy must now shift to real-time prevention of the abuse of this sensitive information by criminal elements.
9. More digital devices and technologies, to digitize personal data: Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software - all used to collect and digitize consumers' sensitive personal data - will provide more opportunities for government to resell consumer data, forcing consumers to demand better privacy protections and read/approve/decline company privacy statements.
10. Many data breaches are avoidable if commonsense security practices are in place: In recent cases where companies experienced data breaches, the companies' security practices did not protect against even readily foreseeable threats. Companies need to use “reasonable and appropriate security measures” for handling consumers’ personal information.
11. Long-term monitoring: Data obtained by hacking, theft or unauthorized access, isn't always used immediately by the perpetrators. Organizations need to develop a tactical plan for incident response that includes persistent, long-term diligence and monitoring, due to the possibility of lag time that can occur between the time of the breach and the fraudulent use of consumer information.
12. Continued business naiveté: Corporations continue their delusional belief that data security and cyber privacy are a byproduct of purchasing better technology. It helps, but it's the human beings using the technology correctly (or not, in the case of most breaches) that actually delivers results. Forward-thinking companies will focus assets on training the stewards of their valuable data.
No comments:
Post a Comment