The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours. (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…
So far, 2023 is shaping up to be a big year for data privacy and cybersecurity. ADCG has put together a forecast from industry experts and reliable sources. Here’s what to expect:
Increased Demand for Privacy Pros
The most commonly cited basis for privacy failures in an organization, receiving a 49 percent vote from respondents, to the Information Systems Audit and Control Association (ISACA)’s Privacy in Practice 2023 research report is a lack of training. That’s supported by Verizon’s 2022 DBIR report, which likewise cites human error as the reason for 82 percent of breaches last year.
That’s why in 2023, we will continue to have a need for trained privacy professionals. The ISACA report indicates that 53 percent of survey respondents said their technical privacy teams were understaffed, while 44 percent noted a need to fill legal and compliance positions. Technical demand is expected to grow by 69 percent and legal and compliance demand by 62 percent.
A statement by Safia Kazi, an ISACA principal in privacy practices, says that “it is more important than ever to cultivate and train a strong, skilled privacy workforce to meet the demand.”
That will require some action by executives and board members. The report found that only 55 percent of the organizations reviewed believe their board of directors adequately prioritize privacy objectives and 43 percent believe their privacy budget to be underfunded, despite research pointing to executive support as key to implementing privacy by design and healthy organizational security practices. According to Anne Toth, trust, privacy and tech policy advisor, and member of the ISACA Digital Trust Advisory Council, “privacy by design is a smart investment that pays dividends in customer trust.”
Healthcare Will Still be a Big Target
The number of ransomware attacks on hospitals more than doubled between 2016 and 2021, according to the Journal of the American Medical Association. That’s why healthcare companies are projected to get serious about cybersecurity budgets in 2023, with an average increase in spending of more than 15 percent according to Chris Bowen, founder and CISO at data security firm ClearData.
Bowen spoke about cybersecurity in healthcare to Healthcare Dive, as did Google Chief Clinical Officer Michael Howell. The latter predicted that “data protection and trust will be pivotal this year as a national conversation around privacy sparked by the overturning of Roe v. Wade stretches into 2023. In the wake of the ruling, a number of period tracking apps, data brokers and tech companies like Apple and Google took steps — often under regulatory and public pressure — to enhance privacy and security protocols.
Say Goodbye to Passwords
Despite the increased conversation surrounding password security and data privacy, at the close of 2022, human behavior still hasn’t changed much. CNBC released an article revealing that the three most common passwords during the year were “password” “123456” “123456789.”
That’s why 2023 may mark the end of passwords. On May 5, 2022, Apple, Google, and Microsoft announced a shift away from personal password selection as they committed to providing platform users with a passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Under this new standard, websites and applications will be accessible to consumers by using biometric verification or by using a device PIN. The release notes that this access method “protects against phishing, and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.”
Federal Privacy Legislation Might Pass
In 2022, several U.S. states passed state privacy legislation, including the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CDPA), the Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Privacy Act (VCDPA).
There are more on the way. Security Magazine predicts that by the end of 2023, 10% of U.S. states will have their own data privacy legislation. Meanwhile there’s still hope that 2023 might be the year we see a federal data privacy law, which boasts strong bipartisan support. And Gartner predicts that by 2024, 75 percent of the world will be covered by privacy legislation.
* * * * * * *
Does your organization invest in “Confidential Computing”? Should they? Click here to read our discussion on “Confidential Computing” to get a better understanding on how your organization could benefit from such an investment.
To read our news alerts discussing the EU’s crackdown on TikTok, Meta’s new privacy control platform, new biometric privacy cases, the OECD’s Declaration on Government Access to Personal Data Held by Private Sector Entities and the NIST’s recent release of “De-Identification” guidelines, click here.
This week’s breach report covers breaches of the following companies: T-Mobile, FanDuel, Nissan North America, PayPal, Mailchimp, Riot Games, 3Commas, NetGear (urgent patch) and Toyota. Click here to find out more.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
84 | Internet Archive Project Related to Russia’s War with Ukraine (With guest Mark Graham)
83 | Geofence Warrants and January 6: Constitutional and Privacy Issues (with guest Matthew Esworthy)
82 | A Look at the Consequences of the Uber and Twitter CISO Cases (with guest Ron Raether)
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.