I am taking the liberty to do a little future predicting and focusing on what I am saying is the “Next Big Thing”….
When you think about the future of cybersecurity, think about the emerging trends in technology and threat landscapes. In my past life, we had a saying: “We see the storm coming before the clouds arrive.” Big Data and IoT are the two storms we see coming as it relates to privacy. So start to connect the dots between Big Data and IoT and Privacy.
As companies develop and adopt technologies related to big data, cognitive computing and the Internet of Things (IoT), cyber-threats will be growing in both volume and complexity. The cyber-threats will be more focused on privacy issues, think “Cause/effect.” Keep in mind the world of cyber changes at the rate of hours and not years,….this does make planning and reacting very nimble.
All companies and not just financial companies are in the mad hatters’ race to secure their systems and devices before the bad actors figure out how to exploit them. To minimize the time between a breach and the awareness of that breach and breaches are all about privacy. It is all about knowing and understanding when and how your “breach’ occurred not if it will happen.
Let us take a look at the most important themes and innovations shaping our increasingly interconnected world for 2019.
The Power of Big Data vs. Privacy
The fact is that many devices, people and processes produce large amounts of data. More devices mean more data, both structured and unstructured. Mobile adoption as the standard for social networks has generated even more data. However, what happens if cybercriminals get their hands on this data? (Yes, you know the answer to that question.)
In 2019, you will see a new world of privacy being defined in the form of regulations, rules, and laws. Privacy is and will continue to be “confusing” to individuals and businesses alike just like many other regulations until it just becomes a way of life. Translation: It is going to take time…but technology will not wait….let that settles in for a moment…
What is interesting about privacy legislation and regulations is this: Who is being protected? Is privacy bound by economic status? By political status? Alternatively, is privacy an inalienable right? Who owns privacy? Who is the owner of the data?
Richard Clarke whom I have quoted before says: “While storage of vast amounts of data has led to hugely valuable benefits from analysis and correlation, it also has led to significant erosion, if not almost complete destruction, of any meaningful concept of privacy.” (Richard Clarke was senior White House adviser for the past three presidents on matters including cybersecurity and counterterrorism.) So put that into perspective as you been to experience over the next several years regulators and governments making attempts at managing privacy.
The “Yin and the Yang” of Big Data and Privacy
Humans produce data for all sorts of reasons; for research to analyze, for marketing, for evidence, and for entertainment. Scientists use sensors to understand how the world and the environment react to certain stimulants and conditions in the world in the interest of scientific advancement. The data produced is highly valuable to not only us but also malicious actors alike.
We all recognize the benefits of big data and the analytics that can be produced, but the traditional methods of privacy protections dealing with big data have failed. The underlying premise of privacy relies on informed consent for the disclosure and use of an individual’s private data. We need to remember that big data means that data is a resource that can be used and reused, often in ways that were inconceivable at the time the data was collected.
The anonymity of your data is also windswept in a big data paradigm. Even if every individual piece of information is stripped of personal information, the relationships between the different parts can reveal the individual’s identity…..let that sink in for a moment, and now you begin to understand where the Europeans are coming from with GDPR.
What do I see as coming in 2019?
Welcome to the world of Cognitive Security.
Cognitive Security will be the new branch of Cyber Security. It is already taking shape in the market; progressive leading thought leaders in many companies are laying the groundwork in their companies for cognitive security. (I am going to predict that in five years the term cognitive security will replace cybersecurity)
What is Cognitive Security? Think of it as a cross blend with data analyst and data intelligence analyst. No, they are not the same. This discipline will rely on machine learning, phycology, physics, advanced behavioral analytics and data management techniques. Cognitive Security professionals will be able to process threat data more efficiently, and more accurately predict violations and activities relating to privacy and data. This is just one of the many ways in which cognitive computing will shape the future of cybersecurity. However, it will also develop the world of privacy. You will see Cognitive Security analyst keeping an eye on how marketing, actuaries, sales and business planning departments use data and ensuring that confidentiality is maintained. This will be accomplished with big data, and it will be in near real time with zero latency.
As the United States Government starts to implement new regulations to protect data to keep up with Europe and the rest of the world, the increasingly sophisticated threat landscape demands a sweeping culture change when it comes to security. Social media will be in for a “makeover” and will have to adopt basic security solutions to address the growing concerns of privacy. (You saw that with the Facebook and German Court situation)
You can expect across all industries there will be a movement towards implementing new “security controls” that are solely focused on privacy. This will translate into new training programs with a greater emphasis on the management of data. We are entering into an era where; Privacy is the new Norm for managing data.
As new privacy laws are ushered in over the next five years, you will see organizations struggle to manage and monitor user identities as the key to maintaining privacy. Software companies will identify new governance and risk-based solutions that will help in managing integrity and confidentiality and the correlation between the two.
Let me make another prediction …. In five years, there will be legislation or regulations firmly stating that companies do not own any data of individuals including obfuscation of data, they are merely custodians of data.
With the new emphasis that is, being placed on privacy you will eventually see a “death toll ring” for common passwords. What you will see is the advent of advanced authentication techniques such as biometrics on all devices, and the devices will be morphed and integrated with the applications. I will predict the days of single sign-on will morph into a biometric single sign one that will require periodic authentication and all of this will be role based with the applications and AD and other directory services and identity management applications.
Risk Assessments will evolve and focus on privacy versus cybersecurity. Hence, Cognitive Security!
There will be a new world of risk assessments to address the evolving focus on privacy. You will also see the format for risk assessment to become more detailed and specific to cause/effect and answering the WHY Question for example:
Identify all the potential harms that could arise from big data collection and explain how are these risks currently addressed? What changes are you making in your technology, processes, and procedures to address privacy? Besides, how are you monitoring the privacy risk? Explain the legal frameworks currently governing big data within your department, and are they adequate? If not why not? Explain the steps you are taking to be more transparent in the use of big data? For example, are you publishing algorithms? (trust me that one is coming) Explain from a technical perspective the measures you are taking with big data that will minimize the privacy risks of individuals? What are the best practices in your industry sector you using to address the challenges of big data? What have the best practices in your industry you opted not to adopt?
Also, to wrap this up, let me share some Big Data Statics to help you see why this is a growing concern:
Big Data Statistics
“Google is more than 1 million petabytes in size and processes more than 24 petabytes of data a day, a volume that is thousands of times the quantity of all printed material in the U.S. Library of Congress.
36 billion searches are performed each month on Twitter. More than 1 billion users visit YouTube each month and over 6 billion hours of video are watched each month on YouTube – that is almost an hour for every person on Earth and 50% more than last year.90 percent of the data in the world today has been created in the past two years. In 2012, data was forecasted to double every two years through the year 2020. In 2020, the amount of digital data produced will exceed 40 zettabytes, which is the equivalent of 5,200 gigabytes for every man, woman, and child on planet earth.1 Gigabyte = Approximately 1 full-length feature film in digital format; 1 Petabyte= One Million Gigabytes or a Quadrillion Bytes; 1 Exabyte = One Billion Gigabytes; 1 Zettabyte = One Trillion Gigabytes or One Million Petabytes.”
Now ask yourself do you know where all your customers’ data resides? Do you customer’s know where all their data reside?
Be vigilant. Be safe.
I am Richard, and I am always looking out for you!!