By Thomas F. Kelly
January 11, 2018 at 5:00 am ET
2017, to put things mildly, was a challenging year for the cybersecurity space. Equifax, Uber, Yahoo – the list goes on of major companies and institutions that announced that they had experienced breaches that seriously compromised sensitive customer data.
So as we begin a new year, those of us tasked with finding better ways to protect private data have asked ourselves – what will things look like in 2018?
It looks like things will get worse before they get better. As the digital landscape grows more and more complex and ubiquitous, the number of opportunities for thieves to exploit weaknesses grows. Here are some cybersecurity trends and predictions you should keep an eye on in the new year:
1) The U.S. will see its first successful cyberattack on critical infrastructure. Bad actors persistently target the backbone of our nation’s digital system. Energy, nuclear, water, transportation and financial systems are all particularly vulnerable. And though federal security has done an admirable job to date, the fact is sooner or later the bad guys will find a way to slither through. We must anticipate this so we can fend off and quickly recover from such attacks.
2) This holiday season, many of us will receive devices that connect appliances and electronics and make our lives easier. But Google Home and Amazon’s Alexa — as convenient as they are — increase the number of entry points digital thieves can use to gain access to our homes and private data. These internet of things vulnerabilities will only grow more severe, leading to an increased level of attack, both by political operatives and by common thieves.
3) Last year, the European Union passed what’s known as GDPR – General Data Protection Regulations. Effective in 2018, the rules strengthen the privacy rules for European companies by requiring that companies get consumer consent when processing data, let consumers know when there’s been breach and increase transparency, among other protections. The United States has not followed the EU’s lead. This inaction will result in serious, continued denigration of privacy protections for those of us residing in the United States.
4) Over the course of the past year, we’ve seen Bitcoin skyrocket in popularity and value. Even credit card processing company Square has embraced the cryptocurrency, allowing users to purchase it through their app. This paves the way for other cryptocurrencies to become more mainstream, disrupting the way we do commerce. But exciting as such changes are, these blockchain systems have already become targets for hackers. Just last week, a South Korean exchange had almost 20 percent of client funds stolen, forcing the operation to close its doors. As bad actors who seek to either disrupt the financial systems or acquire cryptocurrencies like Bitcoin and Ethereum for financial gain grow more skilled, such incidents will grow more common.
5) The media primarily focused on the Equifax breach, but the news from the Yahoo breach is equally troubling. The breach was originally made public in 2016, when the company announced that an incident in 2013 had left a billion accounts vulnerable to criminals. But in 2017, the story grew far worse when Yahoo admitted that the affected accounts actually totaled 3 billion – in other words, virtually all Yahoo accounts. Given the sheer number of breaches that occurred, expect to see stories crop up as criminals continue to mine the personal data acquired in megabreaches and we begin to see the repercussions.
In light of all these stories, 2018 must be the year where we accept that there’s no real way to stop these kinds of hacks from occurring. Bad actors either already have your data or will be able to obtain it soon. The best thing we can do moving forward is to detect and control the damage as early and as quickly as possible.
There’s no denying that this is a discouraging picture – sorry to be the bearer of such bad news. But it should prompt everyone – consumers, companies and federal leaders alike – to spring into action, using the new year as an opportunity to enact and advance cybersecurity strategies.
For consumers, this could mean improving your digital hygiene: not repeating passwords, avoiding suspicious emails and messages and using two-factor authentication wherever it’s offered. Companies should adopt these practices as well, and they should also consider offering identity theft protection as a competitive benefit that will attract top employees and protect current ones. Federal leaders must continue to address the questions raised by the Equifax breach and look to both industry and international partners as they develop a legal framework that will protect citizens without crushing companies.
By acting immediately and thoughtfully, we can start changing the narrative on cybersecurity. Criminals and bad actors will never completely go away, but if we work together to change our system, we can keep them from always having the last word.
Thomas F. Kelly, a Silicon Valley entrepreneur and an expert in cybersecurity technologies, is president and CEO of ID Experts, a Portland, Oregon-based provider of data breach and identity protection services such as MyIDCare.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.