Data insecurity has become one of the most prominent concerns for individuals, companies, and states alike. As we progress through the digital age and develop ever more advanced capabilities, data breaches and their associated costs become increasingly frequent, complex, targeted, and jeopardizing. As companies adopt more advanced technology, hackers are able to take advantage of the same forms of technology to gain access to their systems. CEOs, government leaders, and individuals are likely to see a heightened number of attacks on cloud-based platforms and increasing security risks with 5G. Data insecurity creates financial and reputational risks for businesses, raises the risk of personal violations for individuals, and contributes to geopolitical volatility.
Data breaches have existed since as long as individuals and companies have maintained records and stored private information. Publicly-disclosed data breaches increased in frequency in the 1980s and have since expanded in scope and impact. They reached a turning point in 2016 when the Internet of Things (IoT) emerged. The risks of data breaches at both the enterprise and individual levels are similar to those in the last few years, but they are increasing in frequency and sophistication as hackers employ tools like AI to break into well-protected systems. For example, ransomware is a billion-dollar industry that hackers monetize by encrypting a target’s data until a ransom is paid. Ransomware is projected to expand even further in 2020, targeting small and medium-sized enterprises (SMEs) and cloud-based platforms. SMEs have less advanced IT infrastructure which makes them easier to hack. Hackers will increasingly target cloud-based platforms as more and more corporate infrastructure transitions to the cloud. Phishing is another traditional method of breaching data that remains extremely prevalent and effective and is likely to become even more advanced with the rise of deepfakes. Deepfakes – meaning heavily manipulated videos leveraging AI to create content, often of politicians or celebrities to spread disinformation - are taking over traditional phishing with advancements in voice and video technology, and they pose an increasing threat to companies, individuals, and elections.
2020 will likely see an increase in risks related to third-party data insecurity, as the use of cloud computing, the IoT, and 5G grow. There is already a significant gap in data security when it comes to the IoT, as the devices number in the billions and continue to multiply. The global rollout of 5G networks will make the IoT a larger and faster reality, offering devices with greater speeds, more stability, and increased access. However, the interconnectedness of these internet-enabled devices, including security systems, home appliances, smart automobiles, and medical equipment, creates greater vulnerability for a large number of devices, as hackers could insert malware at any point, which could then penetrate an entire system.
Another third-party risk to data on the horizon is related to the cloud. As companies transition to cloud-based environments, there is often the assumption that because they have outsourced their data, it must be secure. However, this is not the case, and hackers will increasingly target cloud-based platforms. So far, external data breaches have been discussed, but companies are often unaware that a large portion of the hacks they experience originate within the organization. Most insider data breaches can be attributed to negligence rather than malicious intent; thus, it is fundamental for companies to teach good “cyber hygiene” in order to minimize careless mistakes.
In response to public disclosures of massive security breaches and reports of corporate misuse of data, individuals have pursued legislation to protect their privacy. Governments across the world have begun to draft new regulations that govern the way firms handle and store consumer data, which has been largely popular with individuals but has brought enormous repercussions for firms. The European Union passed the General Data Protection Regulation (GDPR) in 2016, and it became law in 2018. The GDPR places restrictions on how organizations can process personal data and what rights individuals have in limiting access to their data. It has a global impact, given its effect on all companies that do business with European customers, regardless of where the company is located. The US followed closely behind, as California implemented its California Consumer Privacy Act (CCPA), allowing consumers to demand crucial information about their personal data held by corporations. While such a law is not expected to be implemented at the federal level, other states have proposed similar laws. Companies hoping to do business in these jurisdictions must adapt to the new regulations, despite the burden of doing so. Failure to comply may result in serious financial, reputational, and operational risks.
Everyone should be aware of the geopolitical repercussions of data insecurity that will prevail in the digital age. As previously mentioned, we should expect to see an increase in the use of deep fakes and other technologies to create images, audio, and visual files that will spread disinformation in upcoming campaigns, on both a national and international level. Deepfakes tend to target politicians and celebrities, spreading disinformation through the use of more sophisticated techniques. Organizations like Facebook have stepped up efforts to ban deepfakes, following increasing criticism, especially as the 2020 US presidential elections loom ahead. The digital age has additionally seen an increase in the use of social media as a tool for influencing policy. Non-state actors have leveraged the tool to connect marginalized groups, providing them with a voice and an opportunity to gather in protest, pushing for changes in the system. As political discontent continues all around the world, from the Middle East to Latin America, increasing use of social media will facilitate political instability and the possibility of regime change. Finally, governments in countries like Singapore have been exploiting terms like “fake news” to target the spread of information challenging the government, curbing individuals’ freedom of speech and expression. This form of media manipulation presents enormous reputational risks for the government, as well as financial and strategic risks when considering business in such a region.