Here are my predictions for 2014:
- 2014 will bring exponential expansion and evolution of the Internet of Things (IoT).
This will also bring new opportunities for information security trailblazers unlike any we’ve seen before. The potential benefits of the IoT will be huge, but just as large will be the new and constantly evolving information security and privacy risks. We will see some significant privacy breaches resulting from the use of IoT devices as a result. New IoT risks, and resulting security incidents and privacy breaches, will bring a significant need for technology information security pros to also understand privacy concepts so they can implement privacy protections within all these new devices, and into the processes and environments where the devices are used. Even though basic information security and privacy concepts will still apply, very little has been done to actually implement security or privacy controls in these new technologies. We will need more information security and privacy professionals who can recognize new information security and privacy risks. There is no textbook to look to for these answers as risks evolve.
- The increased power of Big Data analytics will redefine what it means to anonymize and de-identify data.
Long-used methods will no longer be effective because of Big Data analytics abilities to make correlations between disparate pieces of data to reveal intimate personal details that, up until recently, there were not any algorithms that could produce any correlations at all. The use of Big Data will proliferate dramatically in 2014, with little to no consideration of the related information security or privacy issues, especially by those using Big Data for new types of marketing, research, and for new types of services. Information security professionals who are not afraid to be trailblazers will need to be able to identify privacy risks associated with Big Data analytics, and be able to then create effective information security controls. Great opportunities exist for those willing to step out of their comfort zone and take chances to create security controls that, to date, have not existed.
- 2014 will provide us with some significant new privacy breaches through new and quickly wildly popular apps.
Mobile apps continue to be used more widely. They will also continue to be used without having any meaningful security controls built in, and with little to no regard to privacy issues. “Hey, there’s no law against it so there must not be any privacy concerns!” I’ve heard that sentiment hundreds of times from enthusiastic marketers and developers. Guess what: privacy and information security laws are primarily reactionary and largely don’t get passed unless a significant number of breaches and harms have already occurred, and if they don’t significantly thwart the plans of the lawmakers’ large donors.
- 2014 will see dramatic expansion of drone use, and significantly more discussion by lawmakers. Not to mention the privacy invasions that will occur.
I’m already seeing significant numbers of journalism schools at universities investing in purchasing their own drones so they can get to places they’ve never been able to get to before to get photos and audio for news reports and investigative stories. The problem is, most of those locations are on private property. But there are currently no laws regulating the use of drones, so the drones will boldly go where no humans have been able, or allowed, to go before. Also, consider that Amazon (and now probably other retailers) is considering the use of drones for package delivery. They will not only deliver packages, but you can bet they will also collect data about everything encountered throughout their journeys. Police are using drones; insurance companies and a large cadre of other industries want to use them. There are safety, security, and privacy issues to address with all these envisioned uses. But from what I’ve read from these groups’ public descriptions of their wants and plans, they haven’t even considered the privacy issues. Some members of congress are concerned, though. In November, Sen. Ed Markey filed a bill to require the Federal Aviation Administration to establish privacy requirements for allowing drones to be flown in commercial airspace.
- Something significant is going to be happening with 3D Printers in 2014, beyond the creation of plastic guns and the associated safety concerns. It’s been gnawing at the back of my brain that there are going to be some information security and privacy issues. I’ve just not yet been able to bring those issues into focus sharp enough to articulate clearly.
I could go on. But this is probably a long enough list for now. What are your thoughts on these topics? I look forward to reading your comments.
[Editor's Note: This post is part of the annual "Cutter Predicts ..." series.]