The tech industry is getting into its annual predictions mode, where collective crystal ball-gazing identifies the big trends for the year ahead. Ironically, though, it all gets pretty predictable and you can be sure that cloud, IoT, AI and big data will be right up there in most of the ideas you’ll see.
But as far as predictions go, security and data protection are the elephant in the room. We all know organisations will make familiar, predictable security mistakes that they know exist and that need to be dealt with – yet they still happen. So, out of all the tech predictions for next year, here are some you could go out and put money on:
Someone will be first to fall foul of GDPR. It’s going to happen. In May.
In the mundane world of regulation, GDPR is box office. It’s the hyped-up major event for 2018, the Mayweather – McGregor of rules, where the countdown clock has been running for what seems like half a lifetime. However, this time, even more money is at stake.
Millions of words have been written, and it’s been a paradise for thought leaders everywhere. So, six months out, everyone should be fully up to speed and getting ready for May 25th, right?
Not even close. Research from around Europe consistently shows organisations everywhere don’t understand it, aren’t preparing quickly enough and won’t be ready. The impact is certain: the first major data breach after May 25th will have GDPR and estimates of the potential fines all over the headlines.
The public sector will suffer a serious security incident that will impact services. The words ‘ensure this never happens again’ will be used.
The public sector is a bit of a perfect storm when it comes to IT security. It’s a very large group of organisations (over 5 million employees in total), there’s lots of quite old IT and it’s an obvious, high profile target. In 2017, there were a host of ransomware attacks and data breaches creating news – it’s likely there will be similar next year. From the criminal perspective, ‘success’ only provides encouragement for further attacks, so expect to see one or two in particular make big headlines. At some point, part of the response or follow-up report/ inquiries will use the words ‘ensure this never happens again’.
Ransomware demands will get paid. Even though everyone knows there is no point.
WannaCry was the biggest ransomware story of 2017, and estimates say it generated around £108,000 for the criminals involved. This is despite the consistent advice which encourages victims to ignore payment demands. Not only does paying encourage more attacks, it doesn’t mean locked data will be released. However, ransomware is an established strategy for cyber attacks and is highly likely to return in 2018. What’s equally likely – unfortunately – is that it will continue to work.
Millions of people will have their personal data compromised. There won’t be anything they can do about it.
2017’s list of companies suffering serious data breaches is as long as your arm. Billions of records have been compromised and stolen. It’s a certainty that there will be more major problems next year. Yes, there will also be some big fines as a result (including via GDPR), but the problem now seems endemic. The difficulty for consumers is data protection is out of their hands in a digital world where we now have to share it.
Companies will hide from their responsibilities to customers. Again.
That means we have to trust other organisations to protect us. But if the recent Uber breach revelations teaches us anything, it’s that some businesses will seemingly try harder to prevent bad news coming out than to protect consumer data in the first place. And the problem isn’t just scale, it’s frequency. In October, Yahoo! admitted data from all three billion of its accounts had been compromised in a hack three years ago. Who would bet against similar revelations next year?