Hacking and data breaches have continued to dominate media headlines, putting a stronger emphasis on Cyber Security. However, there are other emerging terms that are creating goosebumps, scary dreams, and keeping compliance professional up at night. This past week, over 400 attendees at the 14th annual Executive Women’s Forum, conference with a theme focused on Transforming Cyber Security, Risk, and Privacy Beyond the Enterprise.
Here’s my version of a Halloween Happenings Top 10 list of words, concepts that have earned a fear factor ranking in today’s risk landscape and that we will be talking about heading into 2017…
10. DATA RESONANCE
In the olden days, the focus on data resonance was on stripping or degaussing data from machines to deploy the technical asset securely. Today, data resonance can be on a device, or a cookie trail of searches on the web, or retrieved data by search engines. The right to be forgotten is taking this concept to a higher level, requiring a different viewpoint for managing data risk.
9. CLOUD CENTRIC CYBER SECURITY
All clouds are not alike – be they the ones in the sky that are fluffy white or those that are scary and ominous and can create devastation with howling winds. Each type of cloud and type of business process may require a different configuration. Most organizations are somewhere between cloud chaos, and leveraging cloud technology for competitive advantage. In most approaches to take the fear factor out of cloud requires based decision making founded on data analytics.
8. ADVANCED AUTHENTICATION
Credentials and access control have been pillars of privacy and security controls. When regulators triggered multi-factor authentication for high-risk transactions, organizations deployed many strategies to achieve layered security controls. The growth in mobile devices and applications is changing the came on what constitutes acceptable authentication. When credentials and identities are compromised, new authentication parameters are needed in the digital ecosystem.
7. VOICE PRIVACY
From a coffeemaker that is Wi-Fi enabled to order new water filters, to devices like TVs and phones you can talk to and that answer back, voice privacy is becoming a new area of focus. Many devices require a “wake word” that triggers the device to start paying attention. Simple requests are processed directly on the device, while more complex needs are routed via wireless to the cloud to translate the text into action. The security of the data, data retention, and access all become nuanced in looking at the device to cloud pathways.
Instead of the old fear of “Big Brother” watching you, voice privacy is more about who is listening and recording.
6. CSA – CELLPHONE SEPARATION ANXIETY
While internet outages create havoc for customer service, retail, and business process flow, we have become a nation addicted to our phones. Cell phones, Smartphones, tablets are so prevalent; the question is who does not use or have access to such a device. Cellphone separation anxiety will be the next buzzword for a malady that is affecting people of all demographics.
Gone are the days when a focus on simple data sanitization was a key element in a data safeguards program… Today we have terms like anonymization and pseudonymization . The simple Wikipedia definition describes “Pseudonymization is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers or pseudonyms. “
The goal is to render the data record less identifying so that data can be used for analytics and processing. However, that pseudonym may still enable the tracking of the source data back to its origin, as compared to making the data totally anonymous so that any metadata to allow backtracking is purged. Compliance with the European Union General Data Protection Regulation (GDPR) will put the definitions of personal data, anonymous data, and pseudonymous data under the mad scientist’s microscope.
2016 may become known as the year of Ransomware. A report issued by TrendMicro showed that the number of new ransomware families detected in the first half of 2016 exceeded all of 2015 by 172% including estimated monetary losses from ransomware at $209 million
3. WHALING ATTACKS
Social engineering schemes are evolving, even past the routine scenarios covered in traditional training and awareness programs. A whaling scheme is written as a legal subpoena, a customer complaint, or an escalated inquiry that masquerades as a critical business need. While phishing attacks are common place to end consumers, Whaling attacks target the C-Suite.
In fact, the FBI has reported that such scams have cost companies more than $2.3 billion in losses since 2013. This is not just a US issue but has been seen in over 79 countries. Reports show a 270% increase in identified victims and exposed losses due to CEO scams since the start of last year.
2 . SMART DIGITIZATION
The recent botnet attack on an estimated 100,000 IoT devices, were used to flood servers at a DNS provider in a distribute denial-of-service attack. The resulting impact to blocking access to major websites revealed risks in managing cybersecurity in an era of internet connectivity. Smart digitization is the concept to apply risk-based analytics to where and how we connect devices. To me, it makes me wonder how to configure devices – like that interconnected refrigerator in my home to a car to a device…we are all connected.
1. DIGITAL VORTEX
Looking to the future, things talk to people; things will talk to things; and machines will talk to people. Adding it all up can feel like a perfect storm, but as technology gets smarter, our controls need to get smarter. Halloween week may be the week we celebrate our fears, but I say we need to embrace the top scary words and find new definitions and solutions to rest easy.
So as your teams start to prep for next year, remember this Halloween post and keep your eyes peeled for these emerging threats! Sleep tight and don’t let the bedbugs bite.
Linnea Solem Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation is a former Chair of the Shared Assessments Program. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.
Reposted with permission from Deluxe Blogs