In 2017, consumers saw a flood of data breaches, and experts anticipate the number or risk of these breaches in nowhere near slowing down. In fact, as hackers and thieves get more sophisticated, the threats to everyone’s data, whether on personal devices or from large companies, is only set to increase.
Penny Garbus, co-founder of Soaring Eagle Consulting Inc., a data management firm, and IT expert, recently sat down with Inside Counsel to discuss the state of data security, how big corporations are mismanaging your data, and the biggest threats and trends for 2018. The current state of data security, in Garbus’s opinion, is a near panic. She said, “There are so many ways that hackers can get to the data. Nearly every week you hear of another security vulnerability that you need to be aware of and to guard against.”
These days, data is not only valuable but a vulnerable commodity. The due diligence that it takes to protect corporate-protected and personal data will be consuming IT departments now and in the future. The security costs for small businesses starts at an average of $10,000 each year and that does not include ensuring all software, virus protection and firewalls are all up to date. Setting up failover systems and proper backups will cost at least twice that for small businesses.
“Data security is costing businesses billions and the enormity of the risk and the day-to-day learning curve causes IT departments stress and business owners sleepless nights,” she added.
Think of big corporations as being a conglomerate of small businesses and subsidiaries, said Garbus. They may have their applications and computer processes in different data centers and on multiple computer environments, then each environment can be running multiple applications for different departments in the company. If they have just purchased a company they may not even know what they have in place.
“As systems age they may not know or remember what data they have,” she explained. “The mismanagement many times comes in play when they have applications and data that are legacy systems that few people use or that are not considered within the core focus of their business so these systems may not get the attention and audits for security processes that they should.”
Today, most companies work very hard to mask and protect personal information data of their clients or end customers. However, budgets, human error, or business priorities can interfere with what data is tended to and what is not. Missteps can happen; they are not purposeful but usually are caused by lack of time, money, proper attention and human error.
So, what are the biggest threats to expect in 2018? Per Garbus, ransomware and terrorware are going to be big as hackers find new ways into Web applications to collect financial data and personal data. In addition, mobile appliance hacking and Krack attacks may cause a lot of havoc in financial processing of data. And, state-sponsored hack attacks will hurt the infrastructure of countries, large businesses and financial institutions.
She added, “Data integrity attacks will prevail, changing credit scores, health care information, background check reports and any other data that can be changed and the hackers can charge fees to change or change the data to their advantage. Theft of legal tender, whether cyber coins or money passing between banks and businesses.”
Moving into 2018, there will be many big data security trends, according to Garbus, including: more audits and more compliance strategies; a higher standard of compliance from all vendors; security and compliance issues will take over IT budgets slowing application development; the need for 1-2 million cyber security professionals by 2020; the opportunity for software, mobile devices and hardware with extra security protections offered on the market; hiring of personal security advisers to help individuals protect their financial assets; locksmiths for the Internet; and many class action suits against companies for not protecting IP data for individuals.
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.