“New” Privacy and Security Words to Watch For

0
634

“New” Privacy and Security Words to Watch For

DougPollackBy Doug Pollack, CIPP/US, chief strategy officer, ID Experts

Every year the Oxford English Dictionary adds new words to the lexicon. In 2015, those words included “crowdfunding,” “declutter,” and “retweet”—each hinting at new ideas, technologies, and ways of life.

Here is a list of some of the “new words” (or sometimes old words used in new ways) that privacy and security officials need to know, and be prepared to respond to and act upon, this year.

Anonymous

Anonymous is an international network of activists famous for actions such as declaring war on the terrorists behind the 2015 attack on Charlie Hebdo. The group was actually formed over a decade ago, in 2003, and has been associated with hacktivist acts targeting everything from government agencies to child pornography sites, conservative churches, and large corporations.

Already in 2016, Anonymous is making headlines for its video promising justice for the people affected by the Flint, Mich., water crisis.  Expect more of these types of threats and actions from the world’s most famous hacktivists the rest of this year.

Backdoor

Should technology companies build encryption “backdoors” into their devices and technologies that would enable access by the National Security Agency and others as part of their fight against crime and terrorism? Or might such backdoors also open a gateway for criminals to steal citizens’ private data?

On one side, FBI Director James Corney has argued that tech companies should voluntarily implement such backdoors. On the other, companies including Apple, Cisco, Facebook, and Google balk at the idea, citing civil liberty concerns.

The back-and-forth will no doubt continue this year as part of the larger privacy versus security debate that we predict will be one of the biggest issues of 2016.

Cyber Extortion

Cyber extortion is the use of ransomware, distributed denial of service (DDoS), or other forms of attack that effectively hold organizations ransom, demanding payment to stop current or prevent future attacks.

One of the highest-profile instances of cyber extortion was the 2015 Ashley Madison breach, in which a hacking group accessed data on 37 million customers and demanded the website (and several sister sites) be taken down to prevent release of the data. When the company did not comply, the hackers carried out their threat, posting customers’ personal, financial, and private details.

Cyber espionage is a trend to watch this year, as DDoS attacks are already the most common form of attack against financial services businesses, and as discussed below, ransomware attacks are also predicted to increase.

Cyber Resilience

For years, organizations have focused on bolstering their cybersecurity efforts—and rightly so. Increasingly, we are also seeing a growing awareness of the need for technologies and processes that provide cyber resilience, which Ernst & Young defines as “the ability to powerfully resist, react to and recover from potentially catastrophic cybersecurity threats, and reshape their environments for increasingly secure, sustainable cyber operations.”

Cybervigilantism

In Mr. Robot, the popular USA Network TV series, the lead character is a cybersecurity engineer who moonlights as a cybervigilante hacker. In other words, he uses his hacking skills like a modern-day Robin Hood to take down the bad guys.

Cybervigilantism is what Anonymous engaged in by hacking Islamic extremist websites, and it’s a strategy adopted by many other individuals and groups that take actions such as trolling Twitter for accounts believed to be run by ISIS members or recruiters.

Watch for more instances of cybervigilantism in 2016, and keep a close eye on the form these attacks take, as they may well morph in unexpected ways.

Ghosting

Ghosting is surely the most sinister form of identity theft, as it involves the theft of a deceased person’s identity for monetary and other gains. Each year, these modern-day grave robbers steal about 2.5 million identities.

As the population continues to age, it’s an unfortunate reality that ghosting will no doubt continue to proliferate. We outlined seven straightforward steps families can take to defend their loved ones.

Internet of Things

The IoT—the growing network of devices, vehicles, and other objects embedded with and connected by sensors and software—isn’t brand-new, but its implications for privacy and security professionals are still emerging.

The FTC’s 2015 report, The Internet of Things: Privacy and Security in a Connected World, makes two high-level suggestions to secure the IoT. One is to minimize data stores to the truly essential and de-identify as much data as possible. The other is to give users notice and choice about how their data will be used and shared.

Beyond that, the FTC report admits what we all know: the IoT is developing so fast that organizations have to develop their own best practices and policies to stay in front of threats. With the IoT growing by zettabytes every year, that’s no small task in the year ahead.

Ransomware

Ransomware is malware that blocks or limits users from accessing their own data, often by encrypting files. The malware forces victims to pay ransoms—estimated by the FBI to average about $200 to $10,000— to unlock and regain control of their own data.

The FBI warns that ransomware attacks (a form of cyber extortion) are likely to become more common. And with $18 million in losses due to just one type of ransomware (CryptoWall) in one year, it’s easy to see why. The healthcare industry is an increasing target for ransomware hackers because of the high value of data

State-Sponsored Cyber Attacks

Two of the largest breaches in 2015 occurred at Anthem (80 million) and the U.S. Office of Personnel Management (21.5 million). Both were state-sponsored cyber attacks. On the bright side, Gemalto found that state-sponsored attacks in the first half of 2015 accounted for just 2 percent of total data breach incidents.

The question is whether there will be more state-sponsored attacks in 2016, and if so, how (or if) the U.S. and EU will respond.

Safe Harbor

For the past three months, policymakers from the U.S. and EU have been working to secure the so-called “Safe Harbor” agreement, allowing Amazon, Google, and thousands of other companies to move citizens’ private data back and forth across the Atlantic. On Feb. 2, the agreement was finally announced.

The Safe Harbor discussion is yet another example of the ongoing debate over privacy versus security. The agreement tries to balance those concerns by limiting U.S. intelligence agencies’ access to data sent from across the Atlantic, but continuing questions and objections to the agreement show that the debate is far from over.

[clickToTweet tweet=”“New” Privacy and Security Words to Watch For @SCCE” quote=”“New” Privacy and Security Words to Watch For” theme=”style3″]