Looking into the crystal ball
In 2017, some of the worst data incidents of recent years have occurred. Whether Equifax, Uber or Maersk, organizations have had to admit, sometimes too late, that their customers’ personal data have been stolen. To some extent, companies' tactics to cover up the incidents have seemed almost as criminal as the data theft itself. All industry insiders and security software companies that dare to make forecasts for the coming year agree that ransomware in particular seems to be developing into a threat that companies cannot currently handle.
Among industry experts, the Internet of Things (IoT) is attracting a lot of negative attention – as the number of devices in the consumer and business markets which can ‘phone home’ are increasing so is the potential risk of unprotected or insecure devices. In the consumer market, such IoT systems are not protected by an enterprise security concept and any vulnerabilities or misconfiguration remains unobtrusive. Security analysts fear that this means distributed denial of service attacks could reach new dimensions.
While mass phishing and other malware emails are expected to continue, analysts predict that automated attacks will become more targeted. Big Data is also a buzzword for hackers and some data are more interesting than others. Big travel aggregators like booking.com have very valuable personal information about their customers, including ID numbers and valid credit card details. Attacks on these companies are expected to increase sharply.
Looking at government activities, there is both good and bad to report. The Netherlands want to hold a referendum which could significantly expand its supervisory powers. The UK is planning to query and store citizens' personal information for an age verification initiative, which would have disastrous consequences for the people affected if abused or lost. However, the EU General Data Protection Regulation (EU GDPR) will have a positive effect. In many European countries, the level of data protection is significantly lower than in Germany, so that policy alignment has the positive aspect that many companies are forced to deal with adequate protective measures. If and how such measures are implemented is another question but even raised awareness of the issue is a positive effect.
What does this mean for end users and companies? Use technical security measures where possible and otherwise act with common sense and a certain restraint on the internet. Updated security software should be just as mandatory as VPN for destinations outside of the local network, even for home users. Installing patches and security updates is critical, as well as maintaining current, tiered backups in case ransomware strikes. If these measures are taken, 2018 will not be any more risky in terms of data security than 2017.