Story image

Insights: What will happen with data privacy in 2019?

24 Dec 2018

It is certainly the season for predictions and so without further ado, here are some insights from Ensighten CEO Ian Woolley regarding data privacy in 2019 and its potential threats.

No rest from regulation

Regulation was a hot topic in 2018 spurred on by GDPR coming into force and it will continue to dominate conversation in 2019 as other global policies such as the California Consumer Privacy Act (CCPA) play out.

The challenge we’ll see for global organisations is managing the nuances of regional data practices simultaneously.

Technology will help companies navigate this but as we’ve seen with GDPR there are various interpretations of what regulation means.

As such, many businesses may opt to employ the strictest data practices and processes companywide to avoid potential slip ups and penalties.

Still searching for answers

Data breaches have saturated the media this year and business leaders are starting to now realise the true impact a website hack can have on an organisation.

The financial and reputational risks, as well as possible job losses will ensure that security is at the top of the priority list for 2019.

As some businesses are having this revelation late, we’ll see more legacy hacks and leaks come to the fore.

Despite the urgency to address data vulnerabilities, most companies are still in the education phase of data governance and how and why breaches occur.

Therefore, we will see more companies scramble to protect themselves as they identify the real threats lurking beneath their website supply chain. Once companies have a clear picture of where they are vulnerable, we’ll see more investment in thorough data governance.

Glory hunting hackers and advances in AI

Many businesses fear that hackers will leverage AI to unlock new ways to infiltrate websites and apps at scale.

We may see video and audio manipulated to fool consumers but AI will most commonly be used to configure and learn defence tools to inform future breaches or to bypass more advanced security implementations altogether.

While many industry commentators focus on how hackers will evolve, a great deal of criminals will still prey on businesses that don’t have the basics covered, for example overlooking unauthorised third party technologies running on websites.

This will be the main cause of breaches and leaks throughout 2019.

As we’ve seen with the rise of Magecart, there is also a growing trend of groups taking credit for their crimes. We will see more named attacks in 2019, as hackers look to carry out bigger and more damaging assaults on businesses, especially e-commerce brands.

The birth of the hybrid ‘marketing security’ team

As many website hacks have highlighted in 2018 one of the core causes is problems with third-party technologies.

Via chat boxes, form fill and unapproved third-party tags on a website, criminals can gain access to customer data sometimes even without the organisation’s knowledge.

The challenge is that marketers are generally in charge of this data but haven’t necessarily been accountable for the protection and security of this data. In 2019, businesses will view security more holistically.

To do this companies will look to bring more senior security talent in house to navigate the new data landscape and regain control, rather than outsourcing security to multiple vendors.

But this will squeeze an already limited pool of skilled professionals. With lack of talent available we will likely also see a shift in the role of the marketing team – businesses will put more onus and investment in upskilling marketers so that they have a marketing security remit.

At a more senior level, we’ll see the CMO and CISO start to work more closely to mitigate security vulnerabilities.

2018 has been a learning curve. New data regulation has revealed issues that many companies were not even aware of.

This, in the long term, is a good thing for data owners and also their customers. However, businesses are still in the process of addressing the security of their data and this will continue to trip up organisations in 2019.

Constant, thorough data governance will be a core requirement next year – brands that neglect to put the right processes, technology and people in place will pay the price.

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.