Privacy Awareness

Every year on January 28th, the world celebrates Data Privacy Day. But keeping data safe and out of the wrong hands isn’t a once-a-year task. Today, keeping your data private is a daily task—one that involves an understanding of new data protection regulations and cyber security best practices. Here are nine predictions to help you understand what data privacy and security will look like in 2017.

1. Privacy and security will clash. There will be a major clash between privacy and security, as advances are made on both fronts from various legislative actions. On the one hand, countries are working to expand their surveillance of data communications and streamline law enforcement access to computers and data. For example, Britain’s new Investigatory Powers Act (Snooper’s Charter) will require ISPs to keep logs of all websites visited by UK citizens for 12 months and which websites were visited but not the pages and not the full browsing history. It also allows police authorities and intelligence officers to see users’ Internet records as part of their targeted and filtered investigations without a warrant.
   On the other hand, data protection laws, such as the EU GDPR, which will go into effect on May 25, 2018, will restrict how businesses collect, store and use personal data and institute enforcement mechanisms to ensure businesses are reporting on data breaches in a timely manner to governing bodies. For example, businesses will be required to notify supervisory authorities of a data breach within 72 hours.
   
   
2. Second-hand electronics will cause headaches for many businesses. The rise in second-hand electronics will become a data recovery nightmare for both businesses and end users. An independent analysis of used drives and mobile devices from online sites like Amazon, eBay, Gazelle and Craigslist have shown this to be true with large amounts of sensitive personal data and corporate data recovered, including customer lists, Salesforce records, spreadsheets with sales information, company emails, social security numbers, financial details, photos, videos and so much more. This calls into question certain ‘reliable’ methods many businesses and people are using to supposedly ‘delete’ data. But many of these methods (i.e. quick format, basic delete, factory reset) are not actually effective and leave a treasure trove of data exposed to hackers.
   
   
3. Companies will leave data behind. Companies that go out of business – or shut down part of their operations/physical locations – need to add secure data removal into their ‘close down’ procedures. If they don’t, hackers could easily discover sensitive, confidential corporate data that’s been left behind in online backups, orphaned data stores, servers and virtual machines.
   
   
4. The Internet of Things will expand. IoT will create a morass of personal and corporate data on millions of connected devices. The only way to ensure all that connected data doesn’t fall into the wrong hands is to create a system of processes and tools that make it easy to manage, protect and securely erase all data on-demand. The important piece here will be in providing proof that the connected data has been removed and cannot resurface at any given point in the future.
   
   
5. Hackers will turn recent proof of concept exploits into attacks. This will allow them to mine poorly wiped virtual machines. Essentially, they’ll be able to steal credentials and other critical data. Organizations need to ensure they know where their data resides, especially when it comes to the cloud. Processes must be put in place to ensure that virtual machines are permanently and verifiably erased when they are no longer needed.
   
   
6. Ransomware, spear phishing and direct attacks will be a triple threat. The triple scourge of ransomware, spear phishing against corporate treasury functions and direct attacks on central banks will continue to drive investments in new security technology. On the endpoint, new technologies that use machine learning are being deployed to catch malware without needing signatures. Learning and training systems are being deployed to reduce the number of successful spear phishing attacks. Central banks are, in turn, beefing up their own cybersecurity practices and requiring partners to do so too.
   
   
7. Quantum computing research will continue. Nations will continue to make large investments in quantum computing research with the goal of being the first to engineer a major breakthrough. The winner in this new arms race will have a short-term edge (and leverage) in the world of technology. On the one hand, this will create a crisis for all cryptography since quantum computing is theorized to be extremely effective at breaking even the largest key. On the other hand, it will create an opportunity for post-quantum crypto start-ups. New methods of encryption will be proposed that are impervious to cracking with quantum computers.
   
   
8. Denial of Service attacks will be broken. In 2017, all records for large distributed Denial of Service attacks will be broken. Every organisation that depends on connectivity for communicating with their customers or providing a service should have a plan in place for dealing with DDos attacks. This means redundant systems for computing, DNS and connectivity, and a recovery plan. Look for single points of failure because the attackers will find them.
   
   
9. Where data is stored will matter more. The geographical preferences for where data is hosted will increase. For example, companies may want to host data in the UK or elsewhere. This will then require businesses to migrate data, which in turn, will trigger the need to permanently erase data from old locations. And this will need to be done on a large-scale basis for big companies – and will require specific processes to ensure the data migration project was done properly and that ‘old’ data was properly removed.