The year 2020 is overcome with the COVID-19. But the virus isn’t the only threat to our security. 2020 is also set to revolutionize the world with advancements that will shape the future of lives and businesses, alike. We now have 5G and IoT to Artificial Intelligence, Cloud technology, and Machine Learning. These technologies will become an integral part of our daily lives in creating efficiency, saving time, reducing costs, and unlocking new opportunities.

Though this optimistic language is something you hear quite often (and it’s not untrue to a large degree), the more the world transforms towards a digital future, the higher the rise in threats of Cyberattacks.

Modern technology is set to increase the amount of data we create online, and protecting this data will be one of the defining arcs of this decade. From system security to network security, businesses will face challenges in optimizing their cybersecurity to prevent malicious attacks from being successful.

It is hard to prevent malicious attacks because these technologies are new, vulnerabilities are less known, scalability harder due to a lack of familiarity, thereby making all of these ambiguities an excellent target for bad actors to exploit.

So let’s take a look at some of these technologies, modern regulations in place, and what businesses can do to combat this threat with regards to their cybersecurity.

The Advent of 5G and It’s Cybersecurity Vulnerabilities

As 5G trials and roll-outs happen, we are entering a new era of communication and innovative consumer services. As the adoption of 5G will require companies and people to switch to all-software networks, the cycle of constant updates might result in security vulnerabilities.

These frequent updates are similar to the updates of smartphone software, but those about 5G networks can lead to security risks. Risks are something that early adopters will have to deal with since the number of 5G connected devices that send and receive information increases and remote access becomes much more commonplace, cybersecurity experts will have a huge challenge in front of them.

With increased users and use, expanding the bandwidth for 5G will present opportunities for experts looking to exploit these vulnerabilities. As enterprises and cities become 5G powered, the attack surface will become much larger, putting the burden on governments and private enterprises to pump up and revolutionize their security tools and strategies to safeguard their devices, networks, and applications against malicious attackers.

One problem that early adopters might face due to a lack of security infrastructure could be the authorization and identification of a 5G network. Access to the system can allow a significant threat to data and security, and perhaps these early users might adopt a stringent no-trust policy with regards to 5G network access.

Don’t Think Phishing Is Over

Though technology is evolving rapidly in the digital landscape, cybersecurity experts will have to deal with phishing attacks. These attacks are often targeted to penetrate a network or infect the users of the network itself.

Though phishing is a generally well-known attack, hackers and malicious actors are becoming smarter (thanks to technological evolution), and their attacks are becoming more and more sophisticated. So like 2019, security measures against Phishing will also be necessary for 2020 as well.

Exploits such as email phishing are hard to eliminate as a problem since you can’t really disable emails altogether, and hackers know that. Phishing is also an easier way to get inside a network as opposed to other modern hacks, such as exploiting a zero-day vulnerability.

Companies today have to always beware of these phishing emails since they only take one wrong click by someone with access to admin credentials on a network to open a backdoor that allows malicious actors to get in, take control, and corrupt the company’s network.

The problem that most experts face is that there is no one solution to stop phishing attacks from succeeding. At the end of the day, these attacks can boil down to a reckless click, human error, and lack of knowledge.

Blocking downloads without confirmation, assessing the email before opening any links directly, and using anti-malware and anti-spyware software to block or monitor potential malicious activities could help you mitigate the harm but not necessarily prevent it entirely.

A.I. and ML Based Cybersecurity Vulnerabilities Can’t be Ignored

As the Machine Learning and Artificial Intelligence market grow, their application in different business operations, systems, and infrastructure will be a challenge to overcome. These technologies are incredibly resource-intensive and will require significant efforts to make them secure against potential attacks.

AI and ML-based devices and software have to be trained with the help of data, and experts will have to keep a keen eye on the kind of data that is being used. Data duping to corrupt the learning process of the Machine Learning algorithm can be injected to hamper the training process.

This can lead to the algorithm working seemingly fine but producing wrong results, which could, in the case of analytical products and applications, cost businesses millions of dollars.

How experts monitor and analyze the data will play a crucial part in the future of A.I and ML since the data set being used can be a security vulnerability that will have to be dealt with.

In the current climate, this is a less severe issue due to A.I and ML operating in specialized environments, but once businesses begin to scale these processes, there are bound to be vulnerabilities.

When processes such as threat analysis and data review become completely automated, malicious actors could exploit these processes to misguide companies and manipulate results without any obviously apparent problems. Furthermore, the technology itself can be used to discover new vulnerabilities, breakthrough security measures, and tools, and penetrate systems through the same algorithm that is being used to protect networks.

California Consumer Protection Act(CCPA) Is Now In Effect.

The California Consumer Privacy Act can be considered California’s GDPR. It became active from January 1, 2020, pushing the world of business in a new direction, with more accountability measures being ensured to re-establish the lost trust between consumers and companies. A company to client relationships in these cases was and still is dependent on the sharing of personal information for better and more targeted services, something that lawmakers think has been misused.

The bill established new consumer rights relating to the access, deletion, and sharing of personal information that businesses collect from their users. If your business is collecting user information, under CCPA, your business has to provide a reason as to why you’re collecting this information, what this information is, how you will use this information, and guide users through the process of deleting that information from your database, if they choose to do so.

The concerns with regards to cybersecurity and data protection became news after the claim of Huawei’s 5g technology being a possible threat of the security that resulted in the US government banning all US businesses from dealing with the Chinese tech giants.

In such a world, the burden on Tech companies to ensure maximum data protection came into a significant highlight, with more and more people pushing for stricter regulations and demanding accountability from service providers to ensure that the data of their customers are in safe hands.

The CCPA enforces businesses to implement a process that allows them to obtain the consent of a parent or a guardian and the minor if they’re between the age of 13 and 16 to collect and share their data for the business’ purposes.

This comes with the additional “Right to Say No to Sale of Personal Information” which is to be provided through a web link on the homepage of a business’ website that redirects users to a page where they can opt-out their consent protecting their data and personal information from being sold by the business legally.

Businesses and Companies are required to update their respective privacy policies with the newly required information, including but not limited to the description of California residents’ rights

While these are the more straightforward laws that are placed within the CCPA to ensure privacy protection and data protection, another measure the CCPA takes is to ask businesses to avoid sending opt-in requests to residents who have opted out of the option for a period of 12 months.

The used terminology, which is “avoid” while does leave a gray area for businesses to use, it takes into account that business activities mainly revolve around data gathering, in the absence of which companies cannot promote specific deals or show ads, for which a 12 month mandatory waiting period could be detrimental to the functioning of the business.

The power of GDPR can be seen through the European Union’s 1.5 Billion Euro fine for anti-trust AdSense advertising. This fine, which was levied in 2019, brought the overall EU anti-trust bill to 8.2 Billion Euros. GDPR expects companies to use data responsibly and its breach weighs significant financial damage to businesses, creating a force that ensures that companies adopt the best data protection, regulation, and use policies.

CCPA is a similar force, being in effect from the beginning of the year. It expects businesses in California to adopt the best security practices and comply with the regulations set to protect consumers.

For businesses based in California, transitioning to CCPA compliance is crucial, and it has to be done as soon as possible, to limit the potential fines that might be coming their way. For businesses that are not California-based, planning to make this change and implementing it is also crucial. It’s likely that other states such as New York will most likely adopt their own version of the CCPA, even if it is not adopted by the Federal government.

Hiring security specialists, focusing on compliance, and devoting resources to ensure that there is a successful transition to a post-CCPA world is something that businesses in 2020 should be looking towards.

Microsoft and Linux – The future is Cloud

The future of Windows seems to be shifting towards a cloud-based platform. Cloud PCs will work similarly to how other cloud-based platforms and services work. Most likely, users will have to pay a subscription to gain access to a pre-set app bundle to run on the PC.

What makes Microsoft more interesting is their adoption of Linux and transitioning towards a Linux-based operating system.

Sounds confusing, right? Well, you need to grasp hold of it if you are planning to continue using any resources from Microsoft shortly.

The future of Windows might stay the same on the front-end, with cloud-based PCs providing a similar UI to the Windows OS we’ve grown up accustomed to, but on the back-end, Microsoft might deploy a full-Linux setup.

A fulltime Linux setup is happening because most VMs are now running on Linux iterations. Even Microsoft Azure has around 40% of its machines running on Linux at the moment.

There are a few substantial benefits of using on the Back-end, especially for businesses. Here are the benefits:

1. Migration from an older PC to a new one, its updates, and patches will become easier than before. The service will upgrade the hardware, take care of the updates and release them directly, and deal with migration
2. For businesses, Linux is a much better platform for security. Linux is a safer platform for storing sensitive data with only the admins having the root access, helping keeping system vulnerabilities in check.
3. The service is more likely to adopt a more robust security system than you would on your own hardware, which means that you will gain access to enterprise-grade security, helping you combat the rising threat of cyber-attacks.

For businesses, it is imperative to start investing in robust security infrastructure, and at Tekrevol, we’re trying our hand with some as well.

From a security standpoint, Linux is key to OS in the next decade. If you too have a wide range of OS applicability critical to your internal systems, you really need to know how Linux can make your security more concrete.

How Will Cybersecurity Trends Impact Business strategy?

According to one study by Accenture, 68% of business leaders think that there is an increased risk of a cyber-attack on their business. The year 2020 will be one where tackling these threats will become a primary focus of business leaders and entrepreneurs.

Combating this problem will require these leaders to acquire more knowledge, skills, and tools to improve their organization’s security protocols. Protocols includes network protection and data protection against possible breaches.

We can expect an increased demand for network security specialists, ML design security specialists, and system security experts. In general, the demand for security specialists across technologies will also increase.

Businesses will have to incorporate new risk assessment models for technologies such as IoT, 5G, and AI-based products.

According to Gartner’s press release, cybersecurity risk is one of the top concerns that chief audit executives have with regards to their businesses.

In 2020, businesses will come to a tipping point where they will either develop strategies and technologies that help combat the risk of cyber vulnerability, or the lack of evolution will hurt their performance in the market.

Similarly, one can foresee big corporations acquiring digital security startups for record-high acquisitions to keep up with this rising threat.

How businesses achieve compliance with government regulations and establish strict security protocols with regards to modern tech will define their success in the year 2020. So, if you’re a business owner looking to scale, transferring your focus towards establishing a robust security infrastructure has to be a central part of your business strategy.

Wrapping Things Up:

The future is digital, there is no denying it but simply focusing on the possible benefits isn’t going to cut it. For businesses, it is crucial to realize their responsibility towards consumers and take the necessary steps to ensure data protection and other cybersecurity avenues.

It is also vital for them to focus strongly on the security of their own platforms, services, and products to ensure that the adoption of modern technology drives positive results. The technologies we’ve talked about have great potential, but the journey into the world of technology requires avid preparation to ensure security and safety.

Businesses today have to invest more into optimizing their security, create new strategies, implement new infrastructure, and leverage modern tools to ensure that they are ahead of the and ready to fight any cyber-threats that may come their way.

The post Cybersecurity, Modern Technology and Business Threats appeared first on ReadWrite.

Colleges and universities face a distinctly modern conundrum: They want and need to keep students safe, but smart security technologies that can track and monitor students’ activities on and off campus threaten their right to privacy. Schools and technology vendors must collaborate to find solutions that increase campus security while also protecting individual privacy.

The Privacy Problem

The very nature of some of these advanced tools requires the collection and storage of sensitive personally identifiable information. The risk of a data breach is one obvious concern — but so is the destruction of the university experience as we know it.

College is a time for personal growth and learning.

Imagine how violating and restrictive it would’ve felt if the administration of your college could’ve determined where you were on campus at any time and who you were speaking with on social media.

But it’s a growing possibility that schools will overstep the fine line between student safety and individual rights.

Major Risks Accompany New Security Tools

Facial recognition technology poses a particularly acute risk to individual privacy. Schools already track students to some extent with their ID cards — it would hardly be a big stretch for them to implement facial recognition technology to increase tracking abilities.

Law enforcement has already explored this tool, but it’s proven largely ineffective and invasive. For instance, when London’s Metropolitan Police trialed the technology throughout 2018 and 2019, it stopped 42 individuals but only identified eight of them correctly.

The Danger of Social Surveillance

Advanced social surveillance is another emerging risk for student privacy. Universities already have a lot of data at their fingertips that poses a security risk for both students and staff. That danger grows when you fold in advances in data and natural language processing that make social media posts and other information easy for administrators to track and analyze.

The last thing a university should want is for these technologies to be used against its students — just imagine the public relations crisis that could occur. 

In addition, schools and universities haven’t even begun to contemplate all the data complexities that come with using these new security tools. How will the data be stored? When will it be deleted? Can law enforcement access it? If so, when? Who else can access it? These are just a few of the many concerns that must be addressed.

Privacy and Security Aren’t Mutually Exclusive

The privacy concerns accompanying new security tools are considerable. But that’s not to say that colleges and universities shouldn’t employ the latest technology to increase student safety. Campus administrators just need to do so carefully.

They should work hand in hand with security companies to strategically employ and use the technology, setting up strict rules for how and when the tool will come into play and by whom the information can be accessed and used.

If colleges and universities implement new security tools with the following three strategies in mind, they’ll be more likely to keep the privacy — and safety — of their students intact:

1. Earn stakeholder buy-in. 

This includes faculty, staff, and students. Inform each stakeholder audience of the key security concerns and threats of any technology you’re considering.

Open a dialogue about how people feel about security on campus and crime-prevention measures before you implement anything.

You may find people feel comfortable with some security technologies but not others.

The University of Washington Bothell provides a solid framework for accomplishing this. The school surveyed students, faculty, and staff on campus security to understand where people felt safe and what areas needed additional security. The survey found that more than half of the participants were either moderately or highly concerned about a campus shooter, and the majority agreed that security cameras would make them feel safer.

2. Enact specific solutions to specific problems. 

Tools like facial recognition and social media monitoring promise a lot but are hard to implement at scale to target specific problems.

Instead of relying on one solution to solve all your problems, start with the problem first.

Determine a specific problem you want to solve, then adopt a specific technology solution to solve it.

Luckily, the security industry is flooded with new technologies that can address virtually any problem that colleges and universities might encounter — without invading privacy.

From threat-detection technology, which can detect threats without invading privacy, to systems that detect intruders to help schools respond to theft, there are plenty of options that beef up security without requiring the collection and storage of students’ PII.

For example, a handful of universities, including Temple University and Duke University, recently replaced ID cards with students’ phones. While this method requires students to relinquish a similar amount of PII, it’s both more convenient and a step toward advanced security across campus. It helps limit the possibility of intruders picking up a dropped ID card and gaining access to residence halls and labs.

3. Plan security holistically.

No security solution should be considered in isolation. You must consider a number of “side effects,” such as the data it requires and creates and the extra processing it needs. You should also consider how the new solution will work with existing security processes and personnel. 

Before launching ahead full speed, design a trial period that will reveal how the new technology will work and what processes will be required.

Campus security and student privacy are not mutually exclusive. By approaching security smartly and working together with security firms to implement specific solutions to specific problems, colleges and universities can advance security without transforming the campus into a surveillance state.

Image credit: Ameer Basheer — Unsplash

The post We Don’t Have to Sacrifice Students’ Privacy for Campus Security appeared first on ReadWrite.

In November of 2019, news broke around Google’s $2.1 billion acquisition of Fitbit continuing the search giant’s push into the health market. Here is physical versus digital health and what you need to know about privacy and healthtech.

In December, we learned that the US Justice Department is now investigating the deal after many, including watchdog groups Public Citizen and Center for Digital Democracy, expressed concerns about giving Google access to even more data on American consumers.

What’s going on in privacy and healthtech?

It seems like big tech acquisitions happen on a daily bases – so what’s so significant about Google’s big FitBit purchase to warrant attention from the DOJ and what does this mean for healthtech? It all boils down to privacy and the ongoing debate around data ownership.

While healthtech companies and the innovations that they bring to help motivate, manage and improve our physical health are extremely valuable, we can’t lose sight of other factors. It’s unfortunate that people often ignore their digital health. Mainly — which companies have access to our incredibly personal and valuable health data? What they’re doing with it?

From the increase in major health data breaches and hacks to key considerations of using the latest healthtech – here’s what consumers need to know in order to optimize for both physical and digital health.

Health Data is Valuable — Hackers Would Agree

The number of medical records hacked during the first half of 2019 reached 32 million, doubling the previous record set in 2018. This includes the largest breach to date, in which 19 million medical records were stolen from clinical laboratories Quest Diagnostics and LabCorp. The numbers seem to grow every year, alongside users’ justified concern around the security measures taken to protect this sensitive data.

It’s no coincidence that more than 25% of all data breaches are related to healthcare.

Hackers are smart to identify some of the most valuable and vulnerable data, in this case, medical records. These records provide access to troves of personal information that can be sold on the dark web to enable identity theft.

Very few data resources offer such insight into people’s lives, which makes medical records and the companies holding them a highly coveted target. To put it in numbers, personal health information is considered three times more valuable to hackers compared to other types of personal data, including credit card information.

These alarming stats come at a time when healthtech solutions are on the rise and there’s a rapid (and much needed) digitization of traditional healthcare providers.

Activity trackers and other wearable devices.

As activity trackers and other wearable devices become part of our daily routine, we sometimes don’t categorize certain solutions as possible gateways to our medical information.

No, this doesn’t mean we should simply stay “off the grid” in hopes of keeping our data safe, especially given the massive benefits healthtech brings to our modern-day lives.

Rather, we need to be more vigilant about the kinds of products and companies we decide to volunteer our personal health information to.  Here are a few important considerations to take in order to protect your healthcare data.

Consider the Why — Always Focus on Value

Why should you give this specific company access to your medical data? What sort of value are you getting in return, and is it worth it? A recent study conducted by Mine.com revealed that many of us allow hundreds of online tools and services to access our data.

Even years after they’ve ceased to give any value in return, and in many cases, after a one-time use only or without so much as opening a user account.

Digging into this further, our research shows that users have over 2,500 unique health and wellness services in their digital footprints, that’s around 8 companies on average and 40% of which are from a one-time use and recommended for deletion.

The top US-based health and wellness services found in our users’ digital footprints include Headspace.com, fitbit.com, myfitnesspal.com, 23andme.com, cvs.com, skimble.com, and zocdoc.com.

We either forget about these services or feel overwhelmed by the need to manage them, which allows companies to continue collecting our data, health-related or otherwise. This is an important consideration because it allows us to separate the tools we use and need from the unnecessary data baggage.

You wouldn’t want your medical information to be deleted from the web altogether, as this might make it impossible to receive medical treatment should you need it. We must start by focusing on what truly brings you value.

Consider the Who — Trust is Crucial

Who really gains access to your healthcare data? Can they be trusted? Verifying the identity of companies that provide medical technology is crucial because it helps us understand who we’re dealing with and allows us to make informed decisions.

If possible, read the company’s privacy policy (it should be accessible to everyone but in many cases is hard to comprehend). Consider the fact that smaller startups may not have the means to properly protect your data.

Huge corporates can use your information in many different ways, some of which you might not approve of such as selling data to advertisers.

It’s also important to note that the business world is dynamic, which means that the company enjoying access to your data today may change ownership tomorrow. A couple of recent examples include the acquisition of FitBit by Google mentioned earlier.

There has also been a collaboration between the DNA-testing company 23andMe with pharmaceutical giant GlaxoSmithKline. Both news items were met with suspicion from users who were rightfully worried about the implication of such deals on their private data.

Consider You — Maintaining Physical and Digital Health is Possible

It’s very possible to continue using the latest healthtech services and tools while protecting data ownership by managing your data on a regular basis. Once the power shifts to the people to take control of their data, the above stats, questions, and considerations will no longer seem as threatening. Then the relationship between consumers and healthcare technologies will become much healthier.

While the healthtech industry is different in many aspects, one thing remains the same. Just like any other technology we interact with, there are pros and cons. The same way hackers recognize the value of healthcare technology, so must we.

New, innovative solutions can greatly improve our lives (and even safety) like never before.  A few months ago, Apple Watch’s fall detection feature saved a man’s life by automatically calling 911.

Instead of being afraid of progress or rejecting new solutions, we must ask the right questions, and make technology work for us, not against us.

The post Physical vs Digital Health: What You Need to Know About Privacy and HealthTech appeared first on ReadWrite.