The year that passed saw a rise in data leaks and exposures. The sites and services affected included everything from airline companies, hotel chains, Facebook, Amazon, and even gym booking sites.
Even though there seems to be no excuse for such a high number of breaches, there is a risk of seeing even more of them in 2019: Human error, laziness to run checks, and a lack of putting security checks in place are contributing factors. There are also external geopolitical factors at play. As one industry leader rightly said in a recent interview: “The growing presence of connected medical devices, autonomous vehicles, and national security interests, all mean that cybersecurity breaches can cost lives. This explains why we are finally seeing organizations increase their budgets for cybersecurity training, recruitment, and preparation” (Christian Espinosa, CEO, Alpine Security).
Consumers are paying a high price for breaches, but the GDPR implemented in May 2018 will hold companies liable for breaches caused by malpractice with hefty fines. Unfortunately, these attackers are becoming ever more sophisticated.
In 2019, various factors will influence how cybersecurity will develop:
California’s Privacy Bill
The California Consumer Privacy Act of 2018 will come into effect in a few months. Companies will have to disclose how they collect user data and will have to have security measures in place, with hefty fines for those violating or not complying with the law. Consumers might argue that this law applies to only one state, but some of the world’s largest tech companies have their head offices in California.
Brexit – “Deal” or “No Deal”
If the U.K. leaves the European Union, scheduled for the end of March this year, which currently seems most likely, the problems that will arise will include immigration, trade, and security sharing with its other partners. Brexit will also affect startups, data transfers, and compliance with the rest of the EU data protection and privacy laws.
Australia’s Encryption Laws
The Australian government recently passed a much-contested anti-encryption law which compels companies to turn over encrypted data upon request by numerous government departments. Many companies are considering whether to depart from the country altogether.
Our Privacy and Tech Colossuses
The year that passed was not a good one for Facebook, which faced one scandal after another. Whether data was sold or given away by them is only the tip of the ice-berg. Consumers ask: Which other companies have become mass surveyors or are passing on personal information? Whether these surveillances are on purpose or unintentional, the consumer needs to know which companies are taking steps to protect them from exposure.
The links between tech companies and governments continues to be strong as governments rely on them for enforcement and surveillance.
Employees of tech giant companies are the creators of some wonderful tools, but we have seen them fight against their employers for, in their opinion, misusing them.
When Amazon’s facial “Rekognition” was deemed to racially discriminate against African-Americans, the company’s employees insisted that it should not be sold to law enforcement agencies. When asylum seekers were separated from their children at US border posts, the staff at Microsoft complained about their $19 million contract with Immigration and Customs Enforcement. Google employees fought hard and were the only successful ones of the three examples, when they complained that their technology assisted the Chinese state to survey citizens.
Lawmakers and prosecutors are continuously trying to force tech companies to change the encryption coding on their applications to allow for them to wiretap calls. Tech companies have so far managed to resist but governments keep playing up state security issues.
Relations between China and the U.S. continue to be strained as the Chinese have been accused of breaking a 2015 pact to curb espionage. Two Chinese spies were recently accused of spying on dozens of US companies and government departments.
Mirai almost brought down the internet in 2016 by targeting objects, like cameras, that were never secured or updated.
Since then internet servers and DNS providers have taken extreme measures to protect the world of cyberspace. In 2018 thousands of MikroTik routers were secretly compromised into crypto coin miners and this trend will continues as hardware devices can also be turned into malware. These devices are harder to fix when infected and botnets are expected to keep growing.
Cybersecurity experts believe that hackers will attempt to turn botnets into networks that will either be making partly autonomous decisions or collectively use their intelligence to act together, recruit and train others in forming a hive. This “hivenet” will then be able to compromise more devices by attacking simultaneously. The new 5G network will be more susceptible due to its improved latency.
More states and governments will follow California’s lead to regulate security for Internet using devices, particularly in high risk industries such as healthcare, transportation, energy, and manufacturing.
Conclusion:Many corporate executives fear cybersecurity breaches more than a recession – and rightly so. At a time when experts predict peak demand for cybersecurity personnel, HR will need to increase resources through training and recruitment, whereas IT departments will surely need to be more proactive with penetration testing and vulnerability assessments. Making cybersecurity a priority in 2019 is no longer a matter limited to investor confidence: it transcends all aspects of our daily lives at work and at home.