“In other words, the nation-state cyber cold war is an arms race to discover and horde software vulnerabilities — often ones in the private software we all use every day,” he said.
In 2017, expect to see a civilian casualty from the nation-state cyber cold war, Nachreiner said. “We expect to see at least one private business or citizen become a victim of a zero-day flaw that a nation-state held secret in their arsenal,” he said.
In an effort to combat terrorism and expand surveillance at least one Western government will follow Russia’s lead and mandate access to encryption keys and certificates, foresees Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“Widespread government access to encrypted communications has the potential to demolish internet privacy and devastate security. Encryption is the backbone of secure and private communications on the internet — it protects online banking, shopping, all manner of consumer services that our economy and critical infrastructure rely on. Once we allow governments universal access to encryption the likelihood of abuse and misuse skyrockets. It’s time to stand up against governments' efforts to hijack privacy and trust online,” he said.
Scott Millis, CTO of mobile security company Cyber adAPT, believes that by next year every adult in the U.S. will know a relative who has had their identity stolen. The Internal Revenue Service reported that 2.7 million people had their identities stolen in 2014, and according to TransUnion 19 people fall victim to identity theft every minute.
George Ng, co-founder and CTO of Cyence, believes many companies don’t realize even the smallest things can expose personal information and make them more likely to be targeted. For example, a job listing for a CSO or CISO indicates a lack of senior leadership for cybersecurity. “[Personal identifiable information] continues to be a target for hackers and criminals and is very tangible information that can be sold easily on the dark web, just as easy as credit cards. PII records will continue to be specifically targeted because they fetch a higher price and are more versatile in their usage for hackers.”
With privacy in mind, Forrester said surveillance marketing will blur the line between online and offline customer behavior. “The online ad world has been chipping away at people’s ability to keep their online and offline habits separate for years.”
New rules for U.S. internet service providers will unleash a flurry of lawsuits. Earlier this year, the U.S. Federal Communications Commission (FCC) determined that ISPs like AT&T, Comcast, and Verizon would be classified as “common carriers” — the same designation as landline telephony providers. On Oct. 27, the FCC voted on a set of rules that place limits on how these providers are allowed to monetize customer data. The carriers say that the FCC is restricting fair competition, since companies like Facebook and Google have no such rules.
Sign up for Computerworld eNewsletters.