SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Insights: What will happen with data privacy in 2019?
Mon, 24th Dec 2018
FYI, this story is more than a year old

It is certainly the season for predictions and so without further ado, here are some insights from Ensighten CEO Ian Woolley regarding data privacy in 2019 and its potential threats.

No rest from regulation

Regulation was a hot topic in 2018 spurred on by GDPR coming into force and it will continue to dominate conversation in 2019 as other global policies such as the California Consumer Privacy Act (CCPA) play out.

The challenge we'll see for global organisations is managing the nuances of regional data practices simultaneously.

Technology will help companies navigate this but as we've seen with GDPR there are various interpretations of what regulation means.

As such, many businesses may opt to employ the strictest data practices and processes companywide to avoid potential slip ups and penalties.

Still searching for answers

Data breaches have saturated the media this year and business leaders are starting to now realise the true impact a website hack can have on an organisation.

The financial and reputational risks, as well as possible job losses will ensure that security is at the top of the priority list for 2019.

As some businesses are having this revelation late, we'll see more legacy hacks and leaks come to the fore.

Despite the urgency to address data vulnerabilities, most companies are still in the education phase of data governance and how and why breaches occur.

Therefore, we will see more companies scramble to protect themselves as they identify the real threats lurking beneath their website supply chain. Once companies have a clear picture of where they are vulnerable, we'll see more investment in thorough data governance.

Glory hunting hackers and advances in AI

Many businesses fear that hackers will leverage AI to unlock new ways to infiltrate websites and apps at scale.

We may see video and audio manipulated to fool consumers but AI will most commonly be used to configure and learn defence tools to inform future breaches or to bypass more advanced security implementations altogether.

While many industry commentators focus on how hackers will evolve, a great deal of criminals will still prey on businesses that don't have the basics covered, for example overlooking unauthorised third party technologies running on websites.

This will be the main cause of breaches and leaks throughout 2019.

As we've seen with the rise of Magecart, there is also a growing trend of groups taking credit for their crimes. We will see more named attacks in 2019, as hackers look to carry out bigger and more damaging assaults on businesses, especially eCommerce brands.

The birth of the hybrid ‘marketing security' team

As many website hacks have highlighted in 2018 one of the core causes is problems with third-party technologies.

Via chat boxes, form fill and unapproved third-party tags on a website, criminals can gain access to customer data sometimes even without the organisation's knowledge.

The challenge is that marketers are generally in charge of this data but haven't necessarily been accountable for the protection and security of this data. In 2019, businesses will view security more holistically.

To do this companies will look to bring more senior security talent in house to navigate the new data landscape and regain control, rather than outsourcing security to multiple vendors.

But this will squeeze an already limited pool of skilled professionals. With lack of talent available we will likely also see a shift in the role of the marketing team – businesses will put more onus and investment in upskilling marketers so that they have a marketing security remit.

At a more senior level, we'll see the CMO and CISO start to work more closely to mitigate security vulnerabilities.

2018 has been a learning curve. New data regulation has revealed issues that many companies were not even aware of.

This, in the long term, is a good thing for data owners and also their customers. However, businesses are still in the process of addressing the security of their data and this will continue to trip up organisations in 2019.

Constant, thorough data governance will be a core requirement next year – brands that neglect to put the right processes, technology and people in place will pay the price.