Cybersecurity/Privacy Predictions for 2012

Now that I am closing my consulting business and looking for my next great adventure I wanted to get advice from cybersec, privacy, and business leaders. I called this this “thought leader 2011 tour.” I wanted to know the issues that we’d be dealing with in the next year. Here are some common themes I heard:

a)     Big data – Online activities that leave easy-to-follow digital footprints which provide a rich profile of what we buy, where we go, who are our friends, and who we are. Hadoop and advanced analytics can drive innovation. Personal data is more valuable than gold. What is the appropriate balance between privacy and innovation?

b)     Data warehouse in your pocket – Smartphones can collect a treasure trove of data. Where you are, who are your friends, your speech, your shopping list, your health and diet data, etc. A smartphone is always with us and is always on. It is hard for end users to control their mobile privacy by deleting cookies or blocking unique ID’s identifying a specific phone. Protecting this info from bad guys and unscrupulous marketers will be of great concern in the future.

c)      The “personalized attack” – As the amount of personal info online grows it provides bad guys with the information they need to personalize an attack. This includes using info to guess your password reset question (“what is your favorite food”) or sending an email with malicious content from a friend or co-workers e-mail address. Personalizing the attack increases the effectiveness.

d)     Be prepared for the inevitable breach

e)     The merger of cybersecurity and privacy – In the past these organizations typically did not work closely. There needs to be a tight coupling to ensure that the right data is being collected and used as well as ensuring that it is protected. Protecting the “corporate gold” is a difficult task requiring collaboration.

Is 2012 about the Control of Data?

Big data, Hadoop, analytic’s were on many 2012 prediction lists including mine. Perhaps one of the important keys is “control of the data.” How does data enter an organization (directly from customers, purchased or shared from third parties), where does it reside (internal vs. external, US, outside the US), how is it processed, who can access and manage it, and archiving/deletion. With exabyte sized systems (thousands of petabytes), cybersecurity/privacy pro’s job will be tougher.