It was a banner year for IT security from both breach and regulatory standpoints.
2019 also was an especially noteworthy period for Entrust .
Let’s revisit the key developments during this momentous time. Then we’ll look to the future.
The Battle of the breach continued
Cybersecurity continued to be a major – and growing – challenge this year.
More than 3,800 breaches had occurred as of August, an increase of 54% from the same period in 2018. Data breaches are likely to cost the healthcare industry $4 billion this year. In November, “4 million freshly-hacked debit and credit cards” appeared on one of the largest exchanges for stolen payment card data. And just prior to its Thanksgiving Parade, Macy’s informed customers their personal data may have been stolen in a MageCart attack.
New laws demonstrated their power
Such events, and the Cambridge Analytica-Facebook scandal, led consumers to seek more control over how organizations handle their data. Some legislators responded. For example, the European Union enacted the General Data Protection Regulation, which this year marked its one-year anniversary.
But not everybody was celebrating. Regulators in 2019 punished GDPR non-compliance with large fines. British Airways ($221 million), Marriott International ($125 million) and Google ($55 million) were among the hardest hit by GDPR enforcement efforts.
In 2019, we also saw what can happen when legislators pass laws that invite privacy invasion.
In June, Australian federal police executed search warrants based on Australia’s Assistance and Access Law. The legislation, which enables law enforcement agencies to have encryption removed on specific communications, paired with a 2015 law, authorized police to raid the homes and offices of journalists over articles published “in defiance of international norms.”
Entrust scaled with the help of Entrust Datacard
However, 2019 wasn’t all bad. In fact, it was a great year for Entrust and its customers.
We kicked off the year with the official launch of Entrust Security, a new brand for our trusted technology. The following month, trusted identity and secure transaction technology provider Entrust Datacard announced plans to acquire Entrust Security.
The deal closed in June, and we continue our integration with Entrust Datacard. As part of Entrust Datacard, we are a cybersecurity powerhouse – with end-to-end security solutions ranging from secure identity to authentication and encryption (PKI and SSL).
That’s noteworthy, considering our 2019 Global Encryption Trends Study revealed record year-over-year growth in hardware security modules. It also better positions us to assist the many enterprises that our 2019 Global PKI and IoT Trends Study indicate need help with IoT and public key infrastructure security.
The struggle to hire security professionals will escalate
These challenges – and the fact that 2019 was a banner year for breaches and there’s no reason to believe 2020 will be any better – means security professionals will remain in high demand. In fact, it’s very likely that security professionals will be even harder to recruit in 2020. That’s despite the awareness around the importance of this role and career opportunities related to it.
That said, here is the first of my 2020 predictions: As security moves up the stack, it drives the need for more and different kinds of security talent. Cloud deployments are becoming more attractive and embedded hardware less so. Security in the cloud requires a different model.
Yet budding professionals are focused on learning high-level languages such as Python, for which job listings grew from 8% in 2014 to 18% this year. Unfortunately, this talent often lacks the appreciation of processor architecture necessary when working with lower-level languages and embedded systems.
The age of the AI breach will begin
In 2020, we can also expect cybercriminals to use AI and machine learning (ML) to exploit systems. That, in turn, will lead to prolific and public data security breaches.
AI and ML introduce other challenges as well. Bias and hacks can cause such systems to produce anomalous results. And data used for AI and ML are not normally under the control of a single body. Multiple data sources and owners make preserving the integrity of data used to train intelligent systems a real challenge. Attackers can easily exploit this loophole.
Here’s an example of how this scenario might come into play. Imagine your wearable fitness tracker collects your health data. That enables your insurance company to discover you have a heart murmur and increase your premium. This illustrates that whoever controls the data can modify the outcome.
The CCPA will trigger new, but gradual, action
Speaking of data control, the California Consumer Privacy Act takes effect Jan. 1. The CCPA is the nation’s first statewide data privacy law.
Some believe that the CCPA will become the country’s de facto privacy law. But others are calling for the creation of a federal privacy law.
I believe that, eventually, we’ll reach a tipping point and enough critical mass for a national privacy law. But getting there will take longer – and be more painful – than anticipated. I estimate that it is five to 10 years out.
In the meantime, consumers will continue to demand better user experiences and always-on availability from their devices and applications. That will require them to give up even more personally identifiable information (PII) data to applications and services. And I believe consumers will do so readily.
As software – or rather, the API – continues to eat the world, security and securing software (especially embedded systems) will continue to prove challenging. And that will lead to the potential for even more breaches – and an even greater need for businesses to employ cybersecurity solutions that work.
Entrust is here to help organizations as they move to deliver better user experiences, and protect their customers and their businesses in doing so. That’s true today, next year and always.