We may no longer be afraid of GDPR, but data leaks are still scary. What important lessons did we learn in 2018? What are our predictions for online security for 2019? Get ready with us.
The most important highlights of the past year
A scarecrow called GDPR
In May, GDPR regulations forced companies to deal with an issue they should have long since resolved. The GDPR is simply the enforcement of earlier requirements that were laid out in the Personal Data Protection Act. At present, however, up to 70 % of companies are unable to guarantee even the most basic individual rights, such as the right of access within the 30-day legal period.
One significant change has occurred, however. Every incident involving data leakage must now be reported by the company within 72 hours. Violations can no longer be swept under the carpet and this may spark a serious public debate on privacy.
In spite of everyone's initial concerns, the authorities have only issued a severe fine to one organization. A Portuguese hospital was instructed to pay € 400,000 due to a malfunctioning system that provided patient data to unauthorized people. In the near future, we are likely to see similar fines in other countries because of ongoing delays in investigations.
We must not ignore the influence of political decisions
American lawmakers citing national security concerns, warned against introducing the Chinese brand Huawei onto the US market. This problem, probably at the instigation of the US recommendation, was also addressed at the end of the year. Our CEO, Petr Žikeš, spoke for czech media about the eventual consequences of the Huawei case for the Czech Republic.
“So far, it has not been proven that Huawei has been involved in spying for the PRC. If the NUKIB indictment proves true, the risk would in particular mean China's access to very sensitive information such as ČEZ.”
Petr Žikeš, CEO Safetica
The Russian software Kaspersky was also banned due to concerns over American national security.
Along this line, there is the recurring case in which security forces are trying to put backdoors into Apple products. This is definitely something we should keep our eyes on. Although these cases may not be new, their consequences are far-reaching and we will be following them for a long time to come.
It is no wonder, then, that such events have led to the establishment of the CyberSecurity Tech Accord initiative. Because we believe that it is vitally important to continue the conversation on internet independence, we have decided to join the CyberSecurity global initiative.
The biggest leaks in 2018
Our fingers cannot type fast enough to list all of the massive data leaks that occurred in 2018. But we can point out the Facebook, British Airways, Reddit and Under Armor leaks, as well as the recent release of 500 million personal records from the Marriott hotel chain.
These statistics only confirm that every company has already been hacked. They just may not know about it yet. We have already told you about one such case, when 800,000 personal data records were stolen from Swisscom. To top it off, this leak was announced five long months after it occurred.
What do we need to do to prepare for 2019?
When will we experience the first incident?
It is just a matter of time before there is a massive and very real leak of personal data, and the company involved will no doubt face severe fines for non-compliance with the current regulations. The above cases indicate that this probably will not take long.
What does our smart future have in store for us?
Our cars, homes and futures may all soon be smart, but they will also be vulnerable. Attackers are well aware of this. They now have smart cars in their sites, and may soon be able to control them with ease. It will no longer be a mere threat to property, but to the health and safety of all those involved.
Everything begins with the individual
The most effective way to penetrate an organization is still through social engineering. Old school infiltration methods aren't going anywhere. Perpetrators will still try to infiltrate companies using regular employees, because they are the weakest link in the chain. And this can happen without the company – or anyone else – realizing it.