Around this time every year, my inbox fills with the same repetitive junk.“Would you consider putting [any random company] in your gift guide?”, “are you going to CES and if so can I pitch you [a gadget that literally won’t be around this time next year]?”, and, “do you want to cover [a company you’ve never hard of’s] predictions for next year?”
To which I always respond: “No,” “absolutely not” and “predictions are not news.”
The “predictions” emails piss me off. Most of the companies that offer predictions don’t seem to fully understand the security field outside their particular niche, or worse, have an agenda they’re trying to push.This year was no different. I trawled through my inbox, scanning literally dozens of emails pushing “predictions” for the coming year.
“Artificial intelligence will stop a data breach,” said one email. “The supply chain will face more attacks,” said another. And, my personal favorite, “bad actors will combine multiple attack types to create synergistic super threats.”
Hate to break it to you, but “super threats” are not a thing.
If you thought 2018 was a tough year for tech, 2019 is going to be so much worse. The groundwork we laid this year will roll over into the next, and that’s when things will start to hit hard, from new laws and political (in)decisions to privacy issues and how employees ― not companies ― will start to call the shots.
Here’s what you need to know for 2019 in security.Expect more data leaks and exposures ― but not just breaches
2018 saw a rising trend in data leaks and exposures ― specifically data that’s not protected with even the most basic security, like a password.
We’ve seen a ton of sites and services exposed in the past year ― fromgym booking sites, anonymous social network Blind , Urban Massage , FedEx , Canadian internet provider Altima ,Amazon and fitness app Polar , to name a few.
Exposed databases and user data can be easily found, yet are entirely preventable ― often simply by setting a password. Breaches, where a hacker exploits a vulnerability, are more difficult and require some level of skill, making them less common. But human error, a lack of security smarts or just sheer laziness makes exposed data more discoverable, and yet there’s no sign of data exposures dying down any time soon.
At Blind, a security lapse revealed private complaints from Silicon Valley employeesCalifornia’s privacy rules will come to a head
After a long fight, California passed its consumer privacy law ― set to go into effect at the end of 2019.
Think of the law as like GDPR for California , which will mandate that companies disclose how they collect user data and what they do with it. The law will allow authorities to impose fines on companies that don’t comply or which violate the rules. It’s particularly important for consumers, given most of the world’s largest tech companies have their headquarters in the state.
Tech companies opposed the law. After spending collectively billions of dollars to comply with GDPR, many didn’t want to face another hefty bill to comply with more privacy rules. Instead, many companies pushed for a federal law to overrule and upend California’s soon-to-be-enacted rules. With enough lobbying power in Washington, DC, tech companies and telcos want lawmakers to roll out weaker legislation.
With almost exactly a year to go before California’s rules are set to go into effect, expect to see Silicon Valley work together ― for once ― to get their own way at a federal level.
California passes landmark data privacy billBrexit will hamper U.K. tech, startup growth
Brexit, the U.K.’s departure from the European Union, is set for March 29 ― and all signs point to a “no deal” that will cause serious, if not as of yet untold problems with immigration, trade, and even intelligence sharing and security arrangements with the U.K.’s European partners.
Leaving the EU without any trade or immigration deals in place will hurt startups and the wider tech scene. Attracting good overseas talent will be difficult without knowing what the immigration rules will be. Even practical things like GPS willbegin to struggle, as well as data transfers in and out of the U.K. without a deal in place once the U.K. goes over the cliff-edge. It’ll be a nightmare for companies trying to comply with what’s left of the EU data protection and privacy laws.
Certain technology industries will see more trouble than others, like the gaming industry, which contributes 2 billion ($2.5 billion) to the U.K. economy every year. And, startups won’t get off easy either .
Brexit-related concerns remain key for UK tech, says UK gov reportAustralia’s draconian encryption laws will begin to hurt
Following in the footsteps of the U.K., Australia passed an anti-encryption law that compels companies operating in the country to turn over encrypted data on request from several government departments.
ManyU.S. tech companies, includingApple and Cisco, called on the Australian parliament to ditch the proposals for fear that the law could be abused or harm its customers’ privacy. That didn’t stop a bipartisan effort to pass the bill in time for the Christmas break.
Some companies have already said they can’t ― and therefore won’t comply. Signal, the encrypted messaging app, said in a blog post that it “can’t include a backdoor in Signal,” despite the mandate from the country’s capitol. Other companies will find themselves facing the same dilemma. It might force companies to think about their presence in the country altogether.