Adding to the constantly shifting environment which security professionals face is a perfect storm of drivers influencing debate around privacy. This mega-trend will cause tectonic shifts in the privacy landscape and influence the ways in which organizations collect and manage data.
Forcepoint believes that the security industry has been focusing on the wrong things. Traditional security perimeters are eroding or becoming obsolete, and so, rather than focus on building bigger walls, the industry needs better visibility. Understanding how, when and why people interact with critical data, no matter where it is located, is crucial. Critical data continues to move to the cloud, malware is constantly evolving, and despite growing investments in defensive technologies traditional security controls prove ineffective.
Technological and societal changes are two other major factors. Individuals are used to trading convenience for privacy as they use location-based and ID-tracking services on mobile phones and home assistants, and predominantly accept this in their private lives. In the workplace, the benefits of a more human-centric approach to security, which focuses on the interaction of people and critical data, will lead to increased data collection ongoing.
Despite the importance of both of these areas, the social shift is the most interesting. Here, large- scale data breaches (like Equifax) raise the level of awareness in the general community and shine a light on the role of data aggregators. Since breaches like Equifax impact the average person, privacy has moved from an abstract concept to something actionable.
Lastly, the geopolitics of 2017 cannot be ignored. The world seems less stable, and the rise of populism in the West coupled with ongoing terrorist threats highlights the uneasy tension between individual privacy and national security. This has given rise to continued discussions by governments on encryption and its role in a free society.
Each area alone could make 2018 an interesting year from a privacy perspective, but together they will ignite discussions on a political, enterprise and personal level. Unfortunately, our assessment is that these discussions will be more polarizing than unifying, making little progress toward reconciling legitimate privacy concerns with genuine
The popularity of the Internet of Things (IoT) has become increasingly evident over the past year: Gartner forecasts 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016. A threat that will emerge in 2018 is “the disruption of things,” particularly relevant within enterprises where logistical and supply chain sensors and healthcare devices are critical parts of infrastructure.
IoT security must be viewed from three vantage points: securing IoT devices, broader IoT systems (and devices connected to those networks), and the data leveraged or transmitted by IoT devices. Whether an IoT device or a broader IoT system, data is at the core, as devices or systems without data are useless. As the number of IoT devices grows and interconnections multiply so does IoT malware, which nearly doubled from 2015 to 2016.
The Equifax breach was the first of such magnitude on a hosted business application, but it will not be the last. At risk are those applications that contain information on a sales force, prospects and customers, or those that manage global marketing campaigns.
The Equifax breach in September of 2017 was, in fact, the second breach reported by the credit bureau; the rst came months earlier, in March of 2017, which it failed to disclose until late August.18 This sort of disclosure lag time is just one issue the GDPR aims to resolve for European citizens.
Concerned with the implications of sharing login credentials with third-parties, banks and other nancial institutions have previously warned they would not be held liable if their customers shared account access with third parties such as Mint, a free web-based nancial management service.
The targeting of large-scale databases has even been attributed to nation-state cybercriminals. One instance of this occurred when cybercriminals, believed to be working for the Chinese government, compromised the Office of Personnel Management, which holds data on countless U.S. federal employees.