Top news of 2018 will affect every security aspect in 2019
2018 has been rough on the market most prominent giants.
Massive data breaches have shaken Google up to shutting down G+ due to a number of major software issues affecting personal data of more than 52 million people. Interestingly, G+ was initially meant to be an identity service where people would use their real names.
Half a billion guests whose data, including passport numbers, emails and addresses, got exposed learned about the breach from newspapers, though Marriott had discovered the details of the leak in September. The confidential details, among which there might be credit card information, have been stolen by an unauthorised third party who gained the access to the storage back in 2014.
Amazon keeps dealing with incidents caused by seller fraudulent activity. The ongoing fight against law breakers hasn’t stopped sellers from compromising competitors’ activity — Amazon has to inspect and evaluate loads of products checking them for correct description. Some sellers still use real addresses while being logged in fabricated accounts in order to write and accumulate positive reviews. Recently a human mistake has become the reason for some more news undermining Amazon’s wellbeing. 1700 audio records were accidentally sent by the company to a user together with the records the Amazon client requested. Although the erroneously added files which belonged to a different customer were removed from the link, the misdirected records could be freely uploaded.
Facebook has been the most valuable newsmaker this year
· Cambridge Analytica processed personal data of more than 80 million users for the political purpose those users never gave their consent to.
· In September about 50 million people got their details compromised — everyone was asked to log out of the accounts due to a “View As” tool hack.
· In the beginning of December Facebook sparked attention when Six4Three leaked the details of the lawsuit brought against the social network in the US a few months before. The app developer claimed that Facebook’s data policies were more permissive regarding some companies. The details of exclusive partnerships with Microsoft, Spotify, Amazon, Netflix and Apple have been recently revealed. The sources disclosed the right of the abovementioned brands to use the information bypassing limitations.
· This month Facebook has announced an incident which affected photos of 6.8 million users. Between 13–25 September third party apps could tool out to users’ photographs which weren’t posted publicly via an undetected bug.
All the incidents happen to mark the same year GDPR has come into effect. The companies have already dived deep into compliance issues. In 2018 the EU regulation has been omnipresent in the media reminding the overseas largest businesses of its power. The process of imposing penalties on foreign organisations is still vague. Some countries allow companies not to disclose details of a breach and not to inform those who might be affected if it helps conduct investigation, thus making the problem of an incident announcement within 72 hours a challenging one. Although in Europe firms get disciplined much quicker — in October an Austrian betting shop was fined €4,800 for a security camera monitoring public space, i.e. recording part of the pavement outside.
Healthcare industry is gaining attention of regulators and is to become a topical subject next year. The rocketing number of health data breaches has put the sector into the list of one of the most targeted. The Hospital do Barreiro, Portugal, appeared to be the first health organisation which received a fine related to personal data misuse which costed the hospital €400,000. The organisation didn’t conform to data minimisation requirements as well as showed inability to ensure the confidentiality and integrity of the data, keeping 985 active accounts which could access medical information whereas there were only 296 doctors employed at that time.
In 2019 businesses will likely face a flip side of GDPR. Data which used to be hacked in order to get marketed on the Dark Web can now lure much more money out of enterprises. Instead of attacking a system, hackers would approach leading specialists making them a source of inside information by blackmail. A company will have to pay an incomparably bigger sum for non-compliance than that demanded by offenders in exchange for data confidentiality. In 2019 there will be made an emphasis on software providing businesses with instruments for internal control of communication channels. Attacks will have entangled roots, breaches will feature a more sophisticated backbone, there will be more news revealing the real origin of an incident and giving more details of an investigation process.
