concept of leaky software, data with a tap sticking out.
concept of leaky software, data with a tap sticking out. (ISTOCKPHOTO)

A few weeks ago, I completed a project for the National Law Journal’s Trailblazers series where I had the opportunity to interview 50 leading experts in cybersecurity and cyber law. I asked each trailblazer to talk for a few minutes about what they expect to see in the future. Most of the responses were as expected: The number-one answer by far was “more,” such as more data, more breaches, more concern, more regulation, and more litigation. Many of them also spoke about cooperation among government agencies (both domestic and international) and how important the issue has become to senior management and boards of directors.

A few trailblazers, however, spoke about trends that are not quite here yet. And since, according to the Ninth Annual Law Department Operations Survey, more than three-quarters of law departments are responsible for or meaningfully influence their companies’ cybersecurity, these are some areas to make sure you are keeping an eye on.

The Internet of Things

The Internet of Things is the internetworking of physical (often everyday) devices that collect and share data. Automobiles that communicate oil pressure to the dealer, “smart refrigerators” that order more milk when you are out, and learning thermostats that react to your preferences are all examples. IoT, as it is known, is in a high-growth phase: According to the Cisco Visual Networking Index, global “machine to machine” connections will grow 250 percent, from 4.9 billion to 12.2 billion, by 2020.

These devices often capture personally identifiable information. While systems that monitor your health, for example, can be useful, they collect a lot of personal health information that can be hacked and sold or put to nefarious use.

Devices can be expensive to secure, at least in comparison to the overall cost of a small consumer product. How much research and development could have gone into securing a $39 internet thermometer? And remember, it’s not just the information collected by the device at risk. Once a hacker is on your network, anything is game.

And the scary part? According to its Cybersecurity Insights Report, from 2014 to 2015 AT&T saw a 458 percent increase in the number of times hackers have searched Internet of Things connections for vulnerabilities, so it is critical to think outside the box in identifying all network devices to make sure they are secure.

Ransomware

When most people consider cybersecurity, they worry about stolen and leaked data, but they often forget the implications of themselves not being able to use their systems. Ransomware is a growing trend where hackers find a way to install malicious software on your system that prevents you from accessing your own data (by locking you out or encrypting it) until you pay a sum of money. So far, health systems have been especially vulnerable; according to HealthcareIT News, 14 hospitals have been attacked in 2016.

In the highest profile case so far, Hollywood Presbyterian Medical Center was held hostage for $3.4 million, causing the hospital to declare a state of emergency and communicate by paper and fax until they paid. Unfortunately, ransomware attacks are easier to perpetrate and, like nuisance litigation, the “price” is typically set low enough to encourage simply paying the ransom. Not having a disaster plan in place and scrambling to make decisions during a state of emergency (and without vital systems) is a big mistake.

Blockchain

Technically the technology that underlies bitcoin, blockchain stores data across its network, which eliminates many of the risks from centralized data. Many major financial institutions are beginning to leverage blockchain, and it is becoming clear that it will become a major format for making payments and the transfer of critical information. Is blockchain the ultimate solution for privacy? Does it inherently protect data better than more popular current methods? What needs to be done to make sure it’s safe? Blockchain is still early-stage, but keep an eye on the technology as these questions get answered.

One particular concern, as expressed by trailblazer Jason Weinstein, a partner at Steptoe & Johnson and former deputy assistant attorney general in the Criminal Division of the U.S. Department of Justice, will be the role of government. “We have to be concerned that the government will try to overregulate blockchain out of fear of misuse by criminals,” says Weinstein.

The Blockchain Alliance, of which Weinstein is director, is a public-private forum dedicated to continuing the dialog between regulators, law enforcement and the major players in the space. If your company is not involved, it may be a time to take a leadership role and understand the implications of blockchain. Weinstein adds, “Any industry that uses data, which is every industry, should be thinking of how the blockchain can impact their industry.”

A few weeks ago, I completed a project for the National Law Journal’s Trailblazers series where I had the opportunity to interview 50 leading experts in cybersecurity and cyber law. I asked each trailblazer to talk for a few minutes about what they expect to see in the future. Most of the responses were as expected: The number-one answer by far was “more,” such as more data, more breaches, more concern, more regulation, and more litigation. Many of them also spoke about cooperation among government agencies (both domestic and international) and how important the issue has become to senior management and boards of directors.

A few trailblazers, however, spoke about trends that are not quite here yet. And since, according to the Ninth Annual Law Department Operations Survey, more than three-quarters of law departments are responsible for or meaningfully influence their companies’ cybersecurity, these are some areas to make sure you are keeping an eye on.

The Internet of Things

The Internet of Things is the internetworking of physical (often everyday) devices that collect and share data. Automobiles that communicate oil pressure to the dealer, “smart refrigerators” that order more milk when you are out, and learning thermostats that react to your preferences are all examples. IoT, as it is known, is in a high-growth phase: According to the Cisco Visual Networking Index, global “machine to machine” connections will grow 250 percent, from 4.9 billion to 12.2 billion, by 2020.

These devices often capture personally identifiable information. While systems that monitor your health, for example, can be useful, they collect a lot of personal health information that can be hacked and sold or put to nefarious use.

Devices can be expensive to secure, at least in comparison to the overall cost of a small consumer product. How much research and development could have gone into securing a $39 internet thermometer? And remember, it’s not just the information collected by the device at risk. Once a hacker is on your network, anything is game.

And the scary part? According to its Cybersecurity Insights Report, from 2014 to 2015 AT&T saw a 458 percent increase in the number of times hackers have searched Internet of Things connections for vulnerabilities, so it is critical to think outside the box in identifying all network devices to make sure they are secure.

Ransomware

When most people consider cybersecurity, they worry about stolen and leaked data, but they often forget the implications of themselves not being able to use their systems. Ransomware is a growing trend where hackers find a way to install malicious software on your system that prevents you from accessing your own data (by locking you out or encrypting it) until you pay a sum of money. So far, health systems have been especially vulnerable; according to HealthcareIT News, 14 hospitals have been attacked in 2016.

In the highest profile case so far, Hollywood Presbyterian Medical Center was held hostage for $3.4 million, causing the hospital to declare a state of emergency and communicate by paper and fax until they paid. Unfortunately, ransomware attacks are easier to perpetrate and, like nuisance litigation, the “price” is typically set low enough to encourage simply paying the ransom. Not having a disaster plan in place and scrambling to make decisions during a state of emergency (and without vital systems) is a big mistake.

Blockchain

Technically the technology that underlies bitcoin, blockchain stores data across its network, which eliminates many of the risks from centralized data. Many major financial institutions are beginning to leverage blockchain, and it is becoming clear that it will become a major format for making payments and the transfer of critical information. Is blockchain the ultimate solution for privacy? Does it inherently protect data better than more popular current methods? What needs to be done to make sure it’s safe? Blockchain is still early-stage, but keep an eye on the technology as these questions get answered.

One particular concern, as expressed by trailblazer Jason Weinstein, a partner at Steptoe & Johnson and former deputy assistant attorney general in the Criminal Division of the U.S. Department of Justice, will be the role of government. “We have to be concerned that the government will try to overregulate blockchain out of fear of misuse by criminals,” says Weinstein.

The Blockchain Alliance, of which Weinstein is director, is a public-private forum dedicated to continuing the dialog between regulators, law enforcement and the major players in the space. If your company is not involved, it may be a time to take a leadership role and understand the implications of blockchain. Weinstein adds, “Any industry that uses data, which is every industry, should be thinking of how the blockchain can impact their industry.”