Social Media and Location-Based Technologies Top Concerns for 2011
As we approach December, predictions for what’s to come in 2011 are flowing in almost daily. Just last week several firms said threats targeting the fast growing smartphone and tablet markets topped lists of cyber concerns for 2011.
Called a “Master market timer and predictor” by CNBC, hedge fund manager Doug Kass of Seabreeze Partners Management made a bold prediction last week, predicting that a Cyber Attack Will Shut Down the NYSE in 2011.
Proofpoint, a provider of SaaS email security, email archiving and data loss prevention solutions says risks to consumers and companies will grow in the next year as a result of more personal information being put on the Internet, in consumer applications and stored in corporate databases. Proofpoint expects more organizations to create stronger privacy policies and turn to encryption, web filtering and secure managed file transfer. Despite these increased efforts, Proofpoint still has many concerns and predicts the following trends will dominate privacy discussions in 2011:
1. The privacy and confidentiality of location-based information will become a major concern for both consumers and corporations – With the rise in mobile GPS information, companies will have to protect both personally identifiable information (PII) of employees, customers and partners, and also create new policies for handling location-based information. Not only will real-time information about location be a vulnerability, but companies will have access to information about where people (or their devices) spend much of their time.
2. At least one major social media site will experience a major breach – According to Neilsen, nearly a quarter (22.7%) of all online time is spent social networking. With more people on social networks and more personal information available via those networks, the potential for exposure of that data is likely.
3. Stricter regulations will be passed worldwide – Privacy regulations in the healthcare, financial services and critical infrastructure industries like energy and telecommunications will likely see new regulations dictating what needs to be protected and what to do when data loss occurs.
4. Expect a national data breach notification law – Notification laws like California’s SB 1386 exist in 46 of 50 states today. A federal law is imminent.
5. Blended threats will increase – While email is still the number one threat vector for personal information loss, threats from newer communications channels is increasing, especially in the form of blended threats where the target is first attacked through email, then directed to Web or social media.
6. At least one company will be prosecuted under the broad-reaching Massachusetts Privacy Law (201 CMR 17.00) – In March of this year, the Massachusetts Privacy Law went into effect, mandating that any company that “owns or licenses” personal information — whether stored in electronic or paper form — about Massachusetts residents must comply with its privacy requirements, including notification of breaches and encryption of stored or transmitted personal data. Although the state has yet to enforce the law, 2011 will likely be the year that companies begin seeing penalties. In addition, we may see more laws of this type passed in 2011. Nevada also has a similar law. To deal with these threats, the following additional trends will emerge among businesses:
7. Companies will move away from outright bans on social networks, IM or web mail to allowing those services, but applying stricter corporate policies on these new services as well as investing in secure web gateways to monitor use. New innovations such as Facebook mail give enterprises yet another good reason to put better policy and technology controls around the corporate email system.
8. More companies will create policy around acceptable use. Email leaks such as the recent Google corporate memo exposure are heightening awareness in companies that policies need to be created about what content is considered sensitive and enforce them both through technology and through training.
9. More companies will encrypt more data – Three factors are converging to make 2011 the year of encryption adoption. 1. More regulations today require encryption. 2. It’s become a best practice in many industries. 3. It’s easier to implement and less confusing for users. With processing power increasing and companies like Proofpoint innovating, encryption has become faster and easier to implement and use.
10. More interest in secure managed file transfer – Driven by privacy considerations and security flaws in FTP, more companies will be implementing reliable ways to send files securely. With data breach notification laws in place in nearly every state, companies cannot risk losing data through FTP security issues.
Some of these predictions, while interesting, seem quite obvious. For example, “More companies will encrypt more data” — This is a simple assumption to me, do we really expect companies that ARE encrypting data to stop encrypting or encrypt less? And of course more companies are going to START. Additionally, “More companies will create policy around acceptable use” — Again, quite obvious.
What are your thoughts and predictions for 2011?