Data Privacy Day: 3 Trends to Watch

Today is Data Privacy Day, an international awareness day held annually on January 28 to promote the importance of respecting privacy, safeguarding data and enabling trust. It was initially celebrated in Europe in 2007 to commemorate the Jan 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Today, it is celebrated worldwide, with many events, resources and even a live stream sponsored by the National Cyber Security Alliance.

1. Digital economy is connecting cybercrime too

The digital economy is expanding at a rapid rate, creating unprecedented opportunities for businesses. By 2022, over 60% of global GDP will be driven by digitally-enhanced offerings, operations and relationships, according to the IDC.i While this transformation of the modern world is ushering in an exciting new era of connected cars, intelligent homes, smart cities and more, it’s also opening new doors for cybercrime. Physical presence is no longer required, making it easier than ever before to steal or wreak havoc from afar if you have the right cyber skills to strike.

Bad actors are finding a rapidly growing attack space in the internet. By 2022, Cisco predicts that there will be 28.5 billion networked devices, or 3.6 devices per person,ii and each of these could be a potential on-ramp for hackers to gain unauthorized access. Basic issues such as devices with default passwords or encryption keys that, if cracked, could compromise whole families of devices leave networks open to simplistic endpoint attacks. Gaps in end-to-end encryption and unauthorized edge devices at IoT gateways are also easy targets for bad actors.iii Data breaches continue to rise with recent estimates putting the total number of data records breached since 2005 at over 11.5 billion.iv And, as connected data multiplies, it’s also expanding the number of targets and vulnerabilities for cybercriminals around the world to exploit.

2. Public safety threats from data breaches intensify

Much of the news on data breaches focuses on compromised personal information, such as names, addresses, credit cards or login credentials. While these are disturbing, they don’t generally threaten human safety. However, as connected devices become more deeply woven into the fabric of our daily lives, new risks will emerge. Consider these scenarios:

  • An Internet of Things botnet manipulates power demand in the grid, causing power outages and large-scale blackouts.v
  • A crime network targets a major food manufacturer. By exploiting vulnerabilities in their aging industrial radio remote controllers, they are able to sabotage factory operations remotely, causing factories to shut down for over a month. The resulting food shortages disrupt the global supply chain, causing widespread panic.vi
  • A cyber-attacker gains access to a hospital’s network through an email phishing attack and takes control of a server to which heart monitors are attached. While scanning the network for devices, the attacker continually reboots all the heart monitors in the ICU, putting multiple patients at risk.vii

Fortunately, these are still theoretical for the most part, but isolated reports of incidents like these are beginning to emerge, drawing increasing scrutiny from policy-makers and consumers. To maintain the public’s trust, businesses will need to reduce risk and solve compliance challenges by deploying and connecting security services at local end points, where data is being created, rather than routing traffic back to a remote, central location. Private interconnection is critical to ensuring that data is kept safe in transit by eliminating the need for data to be sent over the public Internet.

3. Regulatory changes beyond GDPR on the horizon

As cyberattacks loom larger, threatening public safety, policy makers are considering regulatory changes that could have broad implications for businesses. The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect in May 2018. While it wasn’t the first data privacy law on the scene, the stiff penalties it established put it in the global spotlight. Other recent policy changes include:

  • In late 2018, Australia passed a law requiring technology manufacturers to provide backdoor access to encrypted communications, raising concerns that the rest of the Five Eyes nations (United States, Canada, the United Kingdom, Australia and New Zealand) would follow suit.viii
  • More than 30 countries have proposed or enacted rules blocking cross-border transfer of data in major categories: accounting, tax, and financial data (18); personal data (13); government and public data (10); data related to emerging digital services (9); telecommunications data (4); and other types (5).ix
  • Various agencies of the U.S. government already passed legislation or guidance around securing and protecting connected devices such as smart cars and medical devices and indicated their intent to increase oversight over time.x

Changes like these signal growing complexity and localization in the regulatory environment. To comply, businesses will need to interconnect data storage, analytics and networking placed directly in regions that require compliance. Equinix International Business Exchange™ (IBX®) data centers provide advanced security and environmental controls that can help businesses ensure compliance with a number of standards and regulations such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), and more.

As an example, U.K.-based NYnet built a digital edge on Platform Equinix to obtain Health and Social Care Network (HSCN)-compliance. Established in 2007 by North Yorkshire County Council to improve connectivity and broadband services across the region, NYnet wanted to extend its service offerings into the health and social care government sector. Since Equinix is one of two HSCN Peering Exchange locations, NYnet was able to connect to the peering exchange to achieve HSCN Stage 2 Compliance. The solution provided vital access to the Equinix healthcare ecosystem with a secure, reliable connection to HSCN. Access to HSCN makes it easier for health and social care providers in North Yorkshire to not only collaborate through NYnet services, but NYnet can attract new health and social services customers, creating revenue in a segment they were previously not able to access. Additionally, by offering HSCN connectivity on the Equinix platform, NYnet delivers value to healthcare companies by reducing its network costs.

Connecting, protecting and powering the digital economy

The digital economy continues to flourish, drawing increased attention from cybercriminals and policy makers. Creating and maintaining trust will require more progressive and distributed security processes. Leveraging an IOA Security strategy on a global interconnection and data center platform, such as Platform Equinix, with key management as a service can help enterprises reduce the risk of data breaches and associated penalties.

Key management technologies like Equinix SmartKey™, a SaaS-based hardware security module (HSM), keep data encryption keys separate from the data that is stored on-premises or in the cloud, preventing service providers or bad actors from “peeking into” a company’s data. This is critical for ensuring the security of data access across hybrid/multicloud infrastructures. It also helps to ensure compliance with data privacy regulations, such as GDPR, by providing a control layer between the data controller and the data processors to meet requirements for data auditing, control and erasure.

Download the 451 Research Paper on Equinix SmartKey to learn more.

 

[i] IDC FutureScape: Worldwide IT Industry 2019 Predictions, October2018, Doc #US44403818.

[ii] Cisco, Cisco Visual Networking Index: Forecast and Trends, 2017-2022, DocID:1543280537836565, Nov 2018.

[iii] DevOps.com, IoT, Not People, Now the Weakest Link in Security, Jan 2019.

[iv] Privacy Rights Clearinghouse, Data Breaches, 2005-2019.

[v] IBM SecurityIntelligence blog, How an IoT Botnet Could Breach the Power Grid and Cause Widespread Blackouts, Nov 2018.

[vi] Trend Micro Research, A Security Analysis of Radio Remote Controllers for Industrial Applications, Web page and white paper, Jan 2019.

[vii] U.S. Department of Health & Human Services, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, Threat: Attacks Against Connected Medical Devices That May Affect Patient Safety (pg 24), Dec 2018.

[viii] Wired, Australia’s Encryption-Busting Law Could Impact Global Privacy, Dec 2018; CPO Magazine, Five Eyes Want Access to Data from Tech Companies, Sept 2018.

[ix] BRINK, The Global Rise of ‘Data Localism’, Jan 2018.

[x] TechTarget IoT Agenda, Steps carmakers need to make to secure connected car data, Nov 2018; Forbes, How To Protect Healthcare IoT Devices In A Zero Trust World, Oct 2018.