If you thought matters around cyber security and internet privacy were complicated now, just wait and see what will happen in the coming year.
Whilst the most recent news has been around cyber security, ransomware, cloud security and IoT insecurity, no one seems to know what to do or who to turn to after the ‘proverbial’ hits the fan, let alone before.
Our heightened awareness about the dangers of internet usage has led to a surge in demand for cyber security experts, but they don’t just happen. Students wishing to take advantage of what looks to be a growing market will take a few years to complete their studies, let alone garner enough experience to be of real value.
Most of the bright ones are being scooped up by government security agencies and the big-name internet companies, and the shortage of skill is being felt by small to medium enterprises that can’t afford to buy in the skills (if they can find them).
Then we have the looming specter of European GDPR legislation that will place the burden of data privacy on businesses. Knowing where customer data is being stored, who has access to it, how it can be used and removing it on request of the ‘owner’ are just some of the many issues that will need to be addressed.
And it won’t just affect European businesses. Countries trading with Europe and hosting internet services used by Europeans are rushing to introduce similar legislation to ensure they do not lose the business.
Lawyers are, no doubt, sharpening their skill sets now, ready for the inevitable rash of legal actions that will be brought by the European power brokers keen to pull businesses into line and provide comfort to its netizens that they are watching out for them. Up until now the laws have not kept up with the technology, but GDPR moves the line definitively closer to the regulators.
All the issues above are going to place a massive strain on businesses, and the odds of satisfying the market demand for cyber security and privacy experts will be slim. So who will they be able to turn to? These will most likely be the very same companies that are providing them with the cloud and internet services that are most exposed to risk and privacy issues. Sounds like the fox guarding the hen house, doesn’t it?
It is also likely that specialist firms will start emerging to audit systems on behalf of SMEs, not unlike the revenue and service assurance fields that have grown in the communications space. Whichever way you look at it, there will be costs involved and, for many, the costs may outweigh the risks.
This is a bit like taking out insurance but not knowing what the premium will cost. Businesses will not only need to assess the risk but they will also need to budget for the cost of coverage, or the cost of litigation if they choose to ignore the risks.
So if you’re not concerned about ransomware attacks, litigation by regulators keen to show off their new powers, a smart-ass hacker or even disgruntled customers wishing to get even, then you have nothing to worry about.
Of course, if you run your businesses without any access to the internet whatsoever, you also have nothing to worry about. Let me think … yup, that should account for at least 0.01% of businesses in 2017. And they probably won’t be around much longer anyway.