Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Dr. Richard Ford, Chief Scientist at Forcepoint
Privacy Fights Back
In 2015, we predicted that users'
perceptions of privacy would begin to change, as individuals struggled to understand
how to live and thrive in a "post-privacy" society. The last two years have
seen the steady erosion of the clean line between the personal and public
sphere - even ISPs have the legal rights to sell customer data. Furthermore,
continued geopolitical uncertainty and threats both foreign and domestic, have
continued to highlight the perceived tension between individual rights and
security for all. However to date, privacy has not put up much of a fight: that
is set to change in 2018.
The stars are aligning to make 2018 the
kick-off to what we're going to call "The Privacy Wars" - pitting technologists
against the ordinary person on the street, and splitting opinion in the
government, at work and at home.
Our prediction is based upon what we see as
the perfect storm between the following four drivers: legal, technological,
societal and political. The confluence of these factors will cause a tectonic
shift in the privacy landscape.
Regulations
paving the way
Legal concerns lead the pack in terms of visibility
in the security community - most recently under the heading of the General Data
Protection Regulation (GDPR). Though this is far from the only piece of
legislation that impacts how companies handle personal data. With regulations
set to come into effect on May 25, 2018, privacy is top of mind of many
technologists, crucially compliance is going to drive visibility through 2018
and beyond.
Regulations and guidelines protecting
people's privacy include:
- The GDPR, a European-led regulation that will affect global
businesses that hold or process the personal data of any European Union
resident.
- EU ePrivacy Regulation, which cover confidentiality of information,
treatment of traffic data, spam and cookie, which will be updated to come into
line with the GDPR. This will impact cloud service providers and cross-border
transfers of data worldwide.
- NIST Special Publication 800-171, a requirement on suppliers to U.S.
federal organisations to adequately protect controlled unclassified information
(CUI) including the privacy of personal data for which they are responsible.
Societal
change
Technological and societal changes are two
other major factors. Individuals are used to trading convenience for privacy as
they use location-based and ID-tracking services on mobile phones and home
assistants, and predominately accept this in their private lives.
In the workplace, the benefits of a more
human-centric approach to security (focusing on the interaction of people and
critical data) will lead to increased data collection. This is an effort that
must be handled carefully if it is to remain both legally and culturally
acceptable.
Despite the importance of both these areas,
the social shift in the most interesting. Here, large-scale data breaches (like
Equifax) have raised the level of awareness in the business and technology
community and shone a light on the role of data aggregators. As the Equifax
breach has the potential to impact the average person on the street, privacy
has moved from an abstract concept to something actionable.
Government
involvement
Lastly, the geopolitics of 2017 cannot be
ignored. The world seems less stable, with ongoing terrorist threats and a
fluctuating political climate highlighting the uneasy tension between
individual privacy and national security. This has given rise to continued
discussions by governments on encryption and its role in a free society.
Each area alone could make 2018 an
interesting year from a privacy perspective, but together they will ignite
discussions on a political, enterprise and personal level. Unfortunately, our
assessment is that these discussions will be more polarising than unifying,
making little progress towards reconciling legitimate privacy concerns with
genuine security needs.
Our privacy prediction for 2018 showcases a
myriad of challenges for those tasked with protecting people, data and
networks. It has never been more important to preserve user privacy in the face
of ever-increasing regulations or making sure our personal data, once
aggregated, doesn't fall in the wrong hands.
At the heart of our prediction is a
requirement to understand the intersection of people with critical data and
intellectual property. By placing cyber-behaviour and intent at the center of
security, the industry has a fighting chance of keeping with the massive rate
of change in the threat environment.
##
About the Author
Dr. Richard Ford is the chief scientist for Forcepoint, overseeing technical direction and innovation throughout the business. He brings over 25 years' experience in computer security, with knowledge in both offensive and defensive technology solutions. During his career, Ford has held positions with Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. He has also worked in Academia, having held an endowed chair in Computer Security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. He holds a Bachelor's, Master's and D.Phil in Physics from the University of Oxford.