We live in a data-driven society. Data fuels our homes, our cars, our schools, our hospitals, our offices, our mobile/wearable devices. As technology has advanced, we’ve learned that we enable better service and increase efficiency by sharing data. But with these advantages come the cons – literally. The more we share data that’s increasingly personal and sensitive, the more hackers want to steal it.
It’s an ever-changing landscape, one in which companies, consumers and attackers constantly evolve. While there are no guarantees, perhaps there are lessons learned today that will help protect us in the future.
A Look at the Now
In asking for people to share data, companies make an implicit commitment to privacy and data protection. And they do it in a world where everyone is pushing the boundaries: Companies are finding new ways to gather and analyze data; hackers innovate faster than security professionals can keep up; and policymakers and regulators struggle to develop laws and regulations – and those become outdated as soon as they’re approved.
The protection of data and consumer privacy is not an IT department problem. Companies need a holistic approach, a way to integrate all the facets – customer data security, incident preparedness, legal counsel, anticipation of tomorrow’s regulatory environment, compliance, and a sense that every employee has a responsibility to protect data – into a single organizational perspective and, ultimately, execution.
What Might the Future Hold
Predicting the future is nearly impossible in the best circumstances, and it’s nowhere near that easy when stacked up against the ongoing development of technologies most of us never dreamed of. But generally, the cybersecurity efforts companies have made so far will be completely inadequate in short order:
- Security: Today’s best cyber defenses are nothing more than tomorrow’s hacker conquests. To maintain a responsible level of security, companies will need to increase their investments in security. Once it was enough to buy firewall software. Now organizations need whole information security departments, a fleet of outside advisers, cyber insurance policies, and data breach preparedness plans. In the future, the required investment that boards will need to make in cybersecurity will expand to keep up with the ways we use data in the workplace and in our transactions with clients and customers. Investors are just going to have to get used to it.
- Regulatory: An alphabet soup of regulatory agencies is currently vying for authority over both consumer data protection and corporate data security preparedness. This regulatory competition could give way to clear and sensible standards, but it could also lead to unreasonable preparedness requirements, or constant moving regulatory compliance targets. And in the worst-case scenario, it could involve heavy fines for companies that failed to anticipate well enough what new weapons hackers were developing.
- Policy: Privacy and security policy will continue to lag behind technological innovation. As the government passes laws to ensure better protection of credit card data, people are rapidly adopting wearable devices that collect and transmit health data. Innovation happens at light speed today, and policy development today is generally very slow (or not at all). And this principle will most likely be exacerbated internationally as more emerging economies step into the data-driven world. It could produce a patchwork quilt of outdated laws that is dizzying to navigate.
- Employees: Most employees think IT handles cybersecurity, even though their bosses and customers ask them to handle more and more data every day. As more employees interact with data, the chances for mistakes and misuse escalate exponentially. Companies will need to invest more in training employees about their responsibilities in handling data, compliance with evolving laws, regulations, and company rules, and how to make good judgments in situations where there isn’t yet a playbook. They will have to invest more in oversight and compliance as well.
The cybersecurity arena gets more fascinating as it evolves. There will always be a bit of the cat-and-mouse game between companies and would-be assailants, but the smartest companies are building enterprise-wide, coordinated approaches to addressing privacy and cyber risk.