For the past year or more, we have been overwhelmed with news reports about cyberattacks, data breaches, and privacy violations. Below is a list of my predictions for cybersecurity in 2020 and why they matter for retailers.
Privacy concerns should be at the top of your mind. With all the hacks, breaches, and questions about social media, privacy will become a major consideration in cybersecurity. The European Union has already taken steps toward protecting data and privacy with the General Data Protection Regulation (GDPR), which aims to give individuals in both the EU and the European Economic Area (EEA) control over their personal data. For example, organizations that handle EU citizens’ personal data must provide safety measures to protect data, such as using pseudonymization or full anonymization and use the highest possible privacy settings by default. As for similar legislation in the United States, the California Privacy and Protection law (CPP), which was closely modeled on the GDPR, was passed in 2018 and takes effect on January 1, 2020.
With privacy protection law becoming more widespread, we are also seeing an expansion in what constitutes personal information, such as IP address, geolocation, browsing history, search history, and more. Other states with privacy compliance laws in the works are Washington, New York, Hawaii, New Jersey, Maryland, Massachusetts, New Mexico, Rhode Island, Mississippi, and North Dakota.
Retailers handle a lot of personal information from customers, so it is important for you to start creating internal protocols for protecting their data in order to keep up with the changes in privacy legislation.
Be wary of fake news. With the US presidential election coming up in 2020, it is important for everyone to be cautious about the news they are reading. For those of us in the loss prevention and security industry, the spread of misinformation is, unfortunately, a reality we are familiar with. Particularly with recent issues of cybersecurity and privacy, we should all be extra thorough while reading news to make sure we are getting our information from reputable sources.
Data breaches will cause more damage than they have in the past. Many companies have learned the value of gathering user data to improve their services and target new customers. What naturally follows is that more companies are at risk of being breached by cyber attackers who want access to this personal data, which means more consumers could have their personal information compromised. The growth of privacy protection laws should address the risks of data breaches, but it is important for companies to take steps toward protecting user data on their own by implementing their own cybersecurity methods, such as two-factor authentication.
We need to do something about the risk of ransomware. In the first nine months of 2019, reports indicated there were between 600 and 700 ransomware attacks on government agencies, healthcare providers, and schools in the US alone. Cities and public sector organizations around the world have faced a steady barrage of ransomware attacks with momentum continuing to build heading into 2020. With these attacks aimed at disruption and destabilizing systems, cities and towns in particular will need to elevate their approach to cyber resiliency. Ransomware incidents will grow in 2020 as attackers learn that holding data hostage is a quick path to making money. These attackers will also start to target consumer devices, causing major disruptions for device manufacturers by informing the targeted consumer that it is up to the manufacturer to fix the issue.
Cyberwarfare continues to pose a potential threat. It is all too easy to hire a hacker online and task them with implementing a data breach or shutting down a company’s systems. Cyberattacks such as data breaches, ransomware attacks, and more are used to target utilities, infrastructure, transportation, and commercial entities because we need these organizations to keep our society running, making them the most likely to have valuable data and pay a ransom.
Internet of Things (IoT) devices are still at risk. With IoT devices such as security cameras, inventory management software, and automated checkout becoming more affordable and accessible for retailers, it is important to keep their vulnerabilities in mind. IoT devices are often designed with few security controls because their purpose is to connect to the Internet without too many complications. This leaves them exposed to cyberattacks, which can do anything from turn off the lights in someone’s home to shut down a cardiac pacemaker. One of the ways to protect your IoT devices is to encrypt your devices and make sure they are all protected with strong passwords that use a combination of letters, numbers and special characters.
Malicious actors will leverage technology like artificial intelligence and machine learning against leaders in the security industries. Cyber attackers simply have more access to more sophisticated tools and can target the growing group of people and devices vulnerable to attack. Cyber attackers can use AI technologies, like natural language generation and video AI, to create fake audio and video designed to fool users. For example, deepfakes use machine learning techniques to combine and superimpose existing media onto source media in order to take a person in an existing image or video and replace them with someone else’s likeness. Deepfakes have gained widespread attention for their uses in fake news, hoaxes, and financial fraud, all of which have provoked responses from industries and the government to detect and limit their use.
Technological advancements have helped our society make great improvements in many industries, especially in retail. However, we should also make sure our cybersecurity can keep up with these new developments, especially with malicious actors following so close behind. Having response plans in place is one of the easiest ways to alleviate the impact of a cyberattack, should one get past your cybersecurity measures.
Our risk in retail is continually evolving. The rapid change in retail is making it increasingly difficult for us to mitigate risk of cyberattacks. We must remain vigilant and take a balanced approach that focuses on prevention and how we respond to a cyber event.