Authorization

2019 was a hot mess for cybersecurity, but 2020 shows promise

Its no secret that I hate predictions not least because the security field changes rapidly, making it difficult to know whats next. But given what we know about the past year, we can make some best-guesses at whats to come.


Ransomware will get worse, and local governments will feel the heat


File-encrypting malware that demands money for the decryption key, known as ransomware, has plagued local and state governments in the past year. There have been a near-constant stream of attacks in the past year Pensacola, Florida and Jackson County, Georgia to name a few. Governments and local authorities are particularly vulnerable as theyre often underfunded, unresourced and unable to protect their systems from many major threats. Worse, many are without cybersecurity insurance, which often doesnt pay outanyway.
Sen. Mark Warner (D-VA), who sits on the Senate Intelligence Committee, said ransomware is designed to inflict fear and uncertainty, disrupt vital services, and sow distrust in public institutions.
While often viewed as basic digital extortion, ransomware has had materially adverse impacts on markets, social services like education, water, and power, and on healthcare delivery, as we have seen in a number of states and municipalities across the United States, he said earlier this year.
As these kinds of cyberattacks increase and victims feel compelled to pay to get their files back, expect hackers to continue to carry on attacking smaller, less prepared targets.


Californias privacy law will take effect but its repercussions wont be immediately known


On January 1, Californias Consumer Privacy Act (CCPA) began protecting the states 40 million residents. The law, which has similarities to Europes GDPR, aims to put much of a consumers data back in their control. The law gives consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.
But many companies are worried so much so that theyre lobbying for a weaker but overarching federal law to supersede Californias new privacy law. The CCPAs enforcement provisions will kick in some six months later, starting in July. Many companies are not prepared and its unclear exactly what impact the CCPA will have.
One thing is clear: expect penalties. Under GDPR, companies can be fined up to 4% of their global annual revenue. Californias law works on a sliding scale of fines, but the law also allows class action suits that could range into the high millions against infringing companies.


More data exposures to be expected as human error takes control


If youve read any of my stories over the past year, youll know that data exposures are as bad, if not worse than data breaches. Exposures, where people or companies inadvertently leave unsecured information online rather than an external breach by a hacker, are often caused by human error.
The problem became so bad that Amazon has tried to stem the flow of leaks by providing tools that detect inadvertently public data. Those tools will only go so far. Education and awareness can go far further. Expect more data exposures over the next year, as companies and staff continue to make mistakes with their users data.


Voter databases and election websites are the next target
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »
 123456
78910111213
14151617181920
21222324252627
282930