I’ve never been a big fan of the hype stories at the end of each year about security or privacy predictions for the coming year. But this past year had a lot of security news, and a lot of breaches. So, in this case, I think it’s a good idea to reflect a bit, and see what might be coming down the road. Adam Levin of Credit.com, whose article was posted on the ABC News website, makes some important observations.
Here are my thoughts on his thoughts…
1- The New Privacy Sales Pitch
Companies will try to leverage their privacy features in their marketing messages. This is an interesting idea, which I personally don’t believe any organization should really do, explicitly. It only takes one breach to make your message ironic. (How many airlines do you see advertising their safety records?) After all, we know you can’t guarantee that there will be no breaches. However, I think there is room to leverage your security investments in a more subtle way – just don’t go over the top with claims about how much more secure your product or service is than your competitors. It’s better to create a niche that you own rather than battle it out over a differentiator that could become meaningless if you do get hit with a big attack. People may excuse you for going through some growing pains, but they won’t easily forgive you for blatantly claiming you have good security , just before you got compromised.
2- Data Will Matter in Law Suits
More and more, organizations are using data that has been posted on the Web as evidence in legal battles. Often, it’s an unexpected exposure of something that goes contrary to what one party is claiming. But to use more routine online data as a way of backing up your story for a claim could be useful in some situations. Just remember, however, that assurance will be the key – “How strong is the chain of evidence that supports your argument?” Just pointing to some data on a website doesn’t prove that it was legitimate. But I agree we’ll see more online data being used in legal battles. They key to success will be to make sure it can be substantiated (i.e. not falsifiable) before you try to use it.
3- Sharing Will Decline
I agree that sharing will decline in some ways. As Adam suggests, people will become a little more wary of posting everything about themselves. I’m still amazed at how much people make public on Facebook. But I’m sure we’ll always have some who overshare. We might see less sharing, however, just because the trend of posting a lot about what you’re doing will fade, in general. The whole practice of posting explicitly to the world just won’t be as cool. We will probably reach an equilibrium point, partially because of the declining trend in general, and some people will start to reduce sharing as a way of managing their privacy risks, which is good.
4- Chip and Pin Cards Will Have a Bumpy Start
I’m not sure I agree with Adam on this one. In Canada, we’ve had chip-and-pin debit and credit cards for several years. They work pretty well. In fact, I just had my debit card compromised – I know not where or how – but the bank caught it in real time when somebody in Indonesia tried to use a copy of it. I was notified, and had to change my PIN, but otherwise, it was pretty painless. So, I think it’s a good system.
5- We’ll See More Hyper-Targeted Attacks
Absolutely. The recent rash of breaches on Home Depot, Sony, Target, JP Morgan, etc. points to a criminal element that knows very well that a targeted attack with the right amount of research and some investment can pay off – big time. We will definitely see more attacks that focus on a single target. So, if you have a high profile, you need to do a risk assessment, and fix your high priority exposure areas. Otherwise, few will be sympathetic when you are hit with a big breach.
One More Comment from Scott
What about the Internet of Things? I intend to do more posts on the topic of how your home and office appliances and devices will gather and share more private data than you ever thought possible. I think this will be a big trend – although I don’t really know if it will peak in 2015, or later. But it is definitely coming, so please be prepared to think about what data you’re sharing implicitly through devices around you (maybe not even your own).
Have a Happy and Secure 2015!
The Streetwise Security Coach