4 predictions for 2020: Looking into the regulatory crystal ball
Introduction
Moving into the second month of 2020, data privacy and security is still headline news. At the end of January, the United Nations called for additional investigations into the Jeff Bezos iPhone breach. Meanwhile, Cisco Systems fixed a vulnerability in its Webex application that enabled remote attackers to gain access to meetings.
The first harbingers of the 2020 regulatory compliance landscape crawled out of the proverbial woodwork when the United States Senate proposed establishing a Cybersecurity State Coordinator. The National Institute of Standards in Technology (NIST) is considering a DevSecOps framework and the United Kingdom proposed an Internet of Things (IoT) cybersecurity law.
The short story: 2020 is going to be another year of sweeping information security compliance requirements. The bigger question is: What types of changes can we predict for 2020?
Data is the new currency
Malicious actors want data because it has financial value. According to the 2019 Data Breach Investigations Report, 71% of the data breaches perpetrated by malicious actors were motivated by money.
Data’s commodification makes it a new type of currency. Organizations collect it and share it for financial reasons.
Both the 2018 India Data Protection Regulation and the never-passed New York Privacy Act included a new term: “data fiduciary.” At first glance, this terminology may appear innocuous, but for organizations, it could be disastrous if it gains traction.
Legally speaking, a fiduciary duty is one of the highest standards of care. At its core, a fiduciary duty requires people or organizations with guardianship over something of value to act in the best interests of the “something’s” owner. For example, a Board of Directors owes shareholders a fiduciary duty, meaning it must conduct business in the best interests of the shareholders and company. Since the Board acts on behalf of (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Karen Walsh. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/IN07xbyFZJM/
