PC PORTAL

Experienced. Trusted. Solutions.

biometrics

By

3 Pitfalls Facing Privacy in 2018

Earlier this month, CES attendees got a taste of the future with dazzling displays of toy robots, smart assistants, and various AI/VR/8K gadgetry. But amid all the remarkable tech innovations on the horizon, one thing is left off the menu: user privacy. As we anticipate the rocky road ahead, there are three major pitfalls that have privacy experts concerned.

Bio hazard

Biometric authentication—using traits like fingerprints, iris, and voice to unlock devices—will prove to be a significant threat to user privacy in 2018 and beyond. From a user’s perspective, this technology streamlines the authentication process. Convenience, after all, is the primary commodity exchanged for privacy.

Mainstream consumer adoption of biometric tech has grown leaps and bounds recently, with features such as fingerprint readers becoming a mainstay on modern smartphones. Last fall, Apple revealed its Face ID technology, causing some alarm among privacy experts. A key risk in biometric authentication lies in its potential as a single method for accessing multiple devices or facilities. You can’t change your fingerprints, after all. Biometric access is essentially akin to using the same password across multiple accounts.

“Imagine a scenario where an attacker gains access to a database containing biometric data,” said Webroot Sr. Advanced Threat Research Analyst Eric Klonowski. “That attacker can then potentially replay the attack against a variety of other authenticators.”

That’s not to say that biometrics are dead on arrival. Privacy enthusiasts can find solace in using biometrics in situations such as a two-factor authentication supplement. And forward-thinking efforts within the tech industry, such as partnerships forged by the FIDO Alliance, can help cement authentication standards that truly protect users. For the foreseeable future, however, this new tech has the potential to introduce privacy risks, particularly when it comes to safely storing biometric data.

Big data, big breaches

2017 was kind of a big year for data breaches. Equifax, of course, reined king by exposing the personal information (including Social Security Numbers) of some 140 million people in a spectacular display of shear incompetence. The Equifax breach was so massive that it overshadowed other big-data breaches from the likes of Whole Foods, Uber, and the Republican National Committee.

It seems no one—including the government agencies we trust to guard against the most dangerous online threats—was spared the wrath of serious data leaks. Unfortunately, there is no easy remedy in sight, and the ongoing global invasion of user privacy is forcing new regulatory oversight, such as the upcoming GDPR to protect EU citizens. The accelerated growth of technology, while connecting our world in ways never thought possible, has also completely upended traditional notions surrounding privacy.

The months ahead beg the question: What magnitude of breach will it take to trigger a sea change in our collective expectation of privacy?

 

Five ways free antivirus could cost you

Talent vacuum

The third big issue that will continue to impact privacy across the board is the current lack of young talent in the cybersecurity industry. This shortfall is a real and present danger. According to a report by Frost & Sullivan, the information security workforce will face a worldwide talent shortage of 1.5 million by 2020.

Some of this shortfall is partly to blame on HR teams that fail to fully understand what they need to look for when assessing job candidates. The reality is that the field as a whole is still relatively new and is constantly evolving. Cybersecurity leaders looking to build out diverse teams are wise to search beyond the traditional background in computer science. Webroot Vice President and CISO Gary Hayslip explained that a computer science degree is not something on his radar when recruiting top talent for his teams.

“In cyber today, it’s about having the drive to continually educate yourself on the field, technologies, threats and innovations,” said Hayslip. “It’s about being able to work in teams, manage the resources given to you, and think proactively to protect your organization and reduce the risk exposure to business operations.

Beyond shoring up recruiting practices for information security roles, organizations of all types should consider other tactics, such as providing continual education opportunities, advocating in local and online communities, and inevitably replacing some of that human talent with automation.

The post 3 Pitfalls Facing Privacy in 2018 appeared first on Webroot Threat Blog.

By

10 Cybersecurity Predictions for 2018

It has been a turbulent year of devastating ransomware attacks (e.g. NotPetya) and gut-wrenching breaches (e.g. Equifax). Undoubtedly, the question on everyone’s mind is, “what’s in store for us in the New Year?” Webroot’s top 10 cybersecurity predictions for 2018 covers everything from ransomware and breaches to mobile, cryptocurrency, and government.We’ve grouped our predictions to help you navigate this glimpse into one possible cybersecurity future.

Malware will get smarter and threats more serious.

Malware campaigns will use AI to make secondary infection decisions based on what they’ve learned from previous campaigns. – Gary Hayslip, chief information security officer

We will see the first health-related ransomware targeting devices like pacemakers. – Eric Klonowski, sr. advanced threat research analyst

We haven’t seen the last of breaches.

I predict a minimum of 3 separate breaches of at least 100 million accounts each. I’d be willing to bet the data has already been compromised, but the affected organizations won’t learn of the breach until next year. – Tyler Moffitt, sr. advanced threat research analyst

Not even biometric security will be safe from malicious actors.

We will see the first biometric-access-based exploits using facial recognition or fingerprint access. – Eric Klonowski, sr. advanced threat research analyst

Consumers will want more from governments to keep them safe.

Consumers fighting back: 2018 will see major a major backlash from consumers (perhaps in the form of class action lawsuits), necessitating more regulations around data protection, particularly in the U.S. – David Kennerley, director of threat research

Infosec will become a C-level priority.

The CISO role will be mandatory for all organizations who do business with the Federal Government. – Gary Hayslip, CISO

Being a mobile-first society will come with greater costs.

We will see the first widespread worming mobile phone ransomware, perhaps spread by SMS or MMS. – Eric Klonowski, sr. advanced threat research analyst

Cryptocurrency will continue to rise and impending legislature is inevitable.

Malware distribution will rise and fall in conjunction with Bitcoin value. – Christopher Cain, associate malware removal engineer

GDPR will set a tone, for better or worse, and businesses should prepare on all sides.

Companies who trade with the European Union will suddenly panic over GDPR requirements and just encrypt everything in a knee-jerk response. – Jonathan Giffard, sr. product manager

The boom in the IoT space will bring stricter oversight to device manufacturers.

Data collected from IoT devices will be aggregated and used to develop an even larger, more involved picture of customers’ habits, constituting a major breach of privacy without consent. – Gary Hayslip, CISO

Do you have any cybersecurity predictions for 2018? Share your thoughts with us on Twitter with the tag #CyberIn2018.

The post 10 Cybersecurity Predictions for 2018 appeared first on Webroot Threat Blog.