Rick Kam, president and co-founder, ID Experts
2. Advanced persistent threat (APT). APT is the biggest threat to organizations, whereby hackers gain access to a network and remain there undetected for a long period of time.
James Christiansen, chief information risk officer, RiskyData
3. Malicious attackers. Hacktivists and national states have an advantage over today's defenders of corporate data and IT infrastructure.
Dr. Larry Ponemon, chairman and founder, the Ponemon Institute
4. Breaches affect everyone and everything. Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
Kirk Nahra, partner, Wiley Rein, LLC
5. Information can be infinitely distributed, causing limitless damage. The electronic health information privacy breach epidemic is an unanticipated "game changer" in that health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage.
James C. Pyles, principal and co-founder, Powers Pyles Sutter & Verville PC
6. Increased enforcement risk. Regulators at both the federal and state levels in the U.S. and in many foreign countries have become, and will continue to be, increasingly aggressive in investigating security breaches and obtaining substantial monetary settlements or penalties from responsible organizations.
Philip Gordon, shareholder, Littler Mendelson, P.C.
7. Identity theft will not go away, until the issue of identity is solved. "Identity-proofing" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.
Robert Siciliano, CEO, IDTheftSecurity and personal security and identity theft expert
8. Real-time prevention. The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected. Our defensive strategy must now shift to real-time prevention of the abuse of this sensitive information by criminal elements.
Anthony M. Freed, Community Engagement Coordinator, Tripwire Inc.
9. More digital devices and technologies, to digitize personal data.
Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software--all used to collect and digitize consumers' sensitive personal data--will provide more opportunities for government to resell consumer data, forcing consumers to demand better privacy protections and read/approve/decline company privacy statements.
George Jenkins, editor, I've Been Mugged
10. Many data breaches are avoidable if commonsense security practices are in place. In recent cases brought by the Federal Trade Commission against companies that experienced data breaches, the companies' security practices did not protect against even readily foreseeable threats. Companies need to use "reasonable and appropriate security measures" for handling consumers' personal information
Joanna Crane, senior consultant, Identity Theft Assistance Center
11. Long-term monitoring. Data obtained by hacking, theft or unauthorized access, isn't always used immediately by the perpetrators. Organizations need to develop a tactical plan for incident response that includes persistent, long-term diligence and monitoring, due to the possibility of lag time that can occur between the time of the breach and the fraudulent use of consumer information.
Robin Slade, development coordinator, Medical Identity Fraud Alliance (MIFA) and president & CEO, FraudAvengers.org
12. Continued business naivet�. Corporations continue their delusional belief that data security and cyber privacy are a byproduct of purchasing better technology. It helps, but it's the human beings using the technology correctly (or not, in the case of most breaches) that actually delivers results. Forward-thinking companies will focus assets on training the stewards of their valuable data.
John Sileo, privacy evangelist and CEO of The Sileo Group
Data Breaches: Past, Present and Future
The article, A Decade of Data Breach: Tracking an Evolving Threat, outlines the evolution of data privacy and security threats, gauges the landscape today, and offers what's on the horizon for the next decade.
"Organizations face difficult challenges," said Larry Ponemon, chairman and founder, the Ponemon Institute. "Many do not have the capability to withstand security exploits and information system compromises. For the longer term, I predict that the information security community will rise to the occasion and overcome this imbalance of power through innovations that strengthen our ability to reduce the risk."
No comments:
Post a Comment