Story image

Insights: What will happen with data privacy in 2019?

24 Dec 2018

It is certainly the season for predictions and so without further ado, here are some insights from Ensighten CEO Ian Woolley regarding data privacy in 2019 and its potential threats.

No rest from regulation

Regulation was a hot topic in 2018 spurred on by GDPR coming into force and it will continue to dominate conversation in 2019 as other global policies such as the California Consumer Privacy Act (CCPA) play out.

The challenge we’ll see for global organisations is managing the nuances of regional data practices simultaneously.

Technology will help companies navigate this but as we’ve seen with GDPR there are various interpretations of what regulation means.

As such, many businesses may opt to employ the strictest data practices and processes companywide to avoid potential slip ups and penalties.

Still searching for answers

Data breaches have saturated the media this year and business leaders are starting to now realise the true impact a website hack can have on an organisation.

The financial and reputational risks, as well as possible job losses will ensure that security is at the top of the priority list for 2019.

As some businesses are having this revelation late, we’ll see more legacy hacks and leaks come to the fore.

Despite the urgency to address data vulnerabilities, most companies are still in the education phase of data governance and how and why breaches occur.

Therefore, we will see more companies scramble to protect themselves as they identify the real threats lurking beneath their website supply chain. Once companies have a clear picture of where they are vulnerable, we’ll see more investment in thorough data governance.

Glory hunting hackers and advances in AI

Many businesses fear that hackers will leverage AI to unlock new ways to infiltrate websites and apps at scale.

We may see video and audio manipulated to fool consumers but AI will most commonly be used to configure and learn defence tools to inform future breaches or to bypass more advanced security implementations altogether.

While many industry commentators focus on how hackers will evolve, a great deal of criminals will still prey on businesses that don’t have the basics covered, for example overlooking unauthorised third party technologies running on websites.

This will be the main cause of breaches and leaks throughout 2019.

As we’ve seen with the rise of Magecart, there is also a growing trend of groups taking credit for their crimes. We will see more named attacks in 2019, as hackers look to carry out bigger and more damaging assaults on businesses, especially e-commerce brands.

The birth of the hybrid ‘marketing security’ team

As many website hacks have highlighted in 2018 one of the core causes is problems with third-party technologies.

Via chat boxes, form fill and unapproved third-party tags on a website, criminals can gain access to customer data sometimes even without the organisation’s knowledge.

The challenge is that marketers are generally in charge of this data but haven’t necessarily been accountable for the protection and security of this data. In 2019, businesses will view security more holistically.

To do this companies will look to bring more senior security talent in house to navigate the new data landscape and regain control, rather than outsourcing security to multiple vendors.

But this will squeeze an already limited pool of skilled professionals. With lack of talent available we will likely also see a shift in the role of the marketing team – businesses will put more onus and investment in upskilling marketers so that they have a marketing security remit.

At a more senior level, we’ll see the CMO and CISO start to work more closely to mitigate security vulnerabilities.

2018 has been a learning curve. New data regulation has revealed issues that many companies were not even aware of.

This, in the long term, is a good thing for data owners and also their customers. However, businesses are still in the process of addressing the security of their data and this will continue to trip up organisations in 2019.

Constant, thorough data governance will be a core requirement next year – brands that neglect to put the right processes, technology and people in place will pay the price.

Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.