Data Privacy and Cybersecurity Trends for 2022 – Techstrong TV

With Data Privacy Week in the rearview mirror, Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, and Charlene discuss some of the biggest trends in cybersecurity. The video is below followed by a transcript of the conversation.

Charlene O’Hanlon: Hey, everybody. Welcome back to Techstrong TV. I’m Charlene O’Hanlon and I’m here now with Lisa Plaggemier, who is the Executive Director for the National Cybersecurity Alliance. 

Lisa, thank you so much for taking a few minutes and talking with me today. I really appreciate it. 

Lisa Plaggemier: Yeah. Thanks for having me. 

Charlene O’Hanlon: You bet. You bet. So, I think we’re a little behind the ball, because by the time this runs Data Privacy Week will be over, but let’s talk about Data Privacy Week and some of the things that you’re seeing in your position. As Executive Director of the National Cybersecurity Alliance, you guys are seeing a whole bunch of stuff, I know, for sure, but I’m interested in talking with you specifically about some of the things that you guys are seeing as it relates to cybersecurity trends for 2022 and some of the things that maybe you’ve seen over the last 12 months or so as the cyber – it seems like 2022 or 2021 in particular was a very tumultuous year for cybersecurity and affecting a lot of changes, both on the corporate level and the governmental level. So, I’m interested in kind of getting your thoughts on what’s been happening and what we might see in 2022, but first, I want to give you congratulations, because I know your predecessor, Kelvin Coleman, who has since moved on to IBM, so I want to congratulate you for taking the helm over at the Cybersecurity Alliance. I think it’s a great organization and certainly, you guys are doing great things, so congratulations.

Lisa Plaggemier: Well, thank you. Yeah. Calvin’s shoes are hard to fill. He’s a great guy. It’s an organization I’ve been on the board with for a few years before I was in this role, and I’ve always believed really strongly in the mission of the organization. 

Charlene O’Hanlon: That’s great. 

Lisa Plaggemier: Yeah. So, it’s a privilege. Honestly. 

Charlene O’Hanlon: Excellent. 

Lisa Plaggemier: As far as what we’re seeing and the kinds of predictions we’re making for 2022, I think that consumer sentiment is shifting a little bit. You know, the days of shock and awe with cybersecurity, scary stories are over, I think. You know, the Target, Equifax, Yahoo!, name a giant breach that hit the TV headlines and the typical sort of reporting would be a big shock and awe, you know? If it bleeds it leads kind of headline, and maybe at some point a very smart security talking head is saying a lot of things that the average person can’t understand about what it was that just happened, and your average consumer is just left with this feeling of, you know, somehow I got hosed and I’m not even quite sure what happened. All I know is that my Social Security number is out there somewhere, or a bad guy has my username and password, and I don’t know what happened, and I don’t understand anything about it. I may be a little bit angry, or a lot angry, and you know, maybe I’ll end up with some credit monitoring and that’s about it. 

Charlene O’Hanlon: Right. 

Lisa Plaggemier: And you know, another few weeks goes by and there’s another headline. So, I think now there is more and more of an appetite on behalf of consumers to do more to protect themselves and to want to understand what’s actually happening in laymen’s terms, as opposed to the shock and awe headlines. 

When it comes to – I’ll take the security side first, right? We haven’t done enough, I don’t think, in the industry to really explain things in terms that people can understand. We did a report earlier this year at the National Cybersecurity Alliance together with a company called CybSafe out of UK. The report is called Oh Behave, and people can find it on our website. We asked people about their attitudes and beliefs about security, and we asked them if they found security intimidating, if they found it frustrating, and not surprisingly the answers to both of those were by and large yes. 

I think if you think about, you know, the images of the hackers in the hoodies on the nightly news, you know, the words that we use, like threats, and attacks, and defenses, and all of this militaristic language that the average person can’t relate to, it’s no wonder that people fine this stuff frustrating and, you know, a little scary and intimidating. Then you layer on to that some of the complex terms, like multi-factor authentication, which should have a more consumer friendly name, because it’s a consumer facing thing, right? 

Charlene O’Hanlon: Right. 

Lisa Plaggemier: We’re asking consumers to use it. So, I don’t think we’ve done ourselves any favors in that sense and I do think there’s more of an appetite out there for people to just, you know, like, “Give me the bottom line, like tell me what’s really going on here. What do I need to look for in the companies I do business with? What can I do about it myself? Don’t give me 20 pieces of advice. Just give me a couple that I can actually turn around and implement.” 

Then, likewise on the privacy side of the house, I think there’s more and more appetite for people to have just better visibility and better control over their own data. We had, as part of Data Privacy Week we had a linked in live event, a three-hour event, which is available recorded on our site and on LinkedIn. There were quite a few data privacy folks on there saying that they can – and actually, a speaker from Consumer Reports saying that according to their research they can see a time, not too far in the distance, where a consumer will pay more for privacy. They’ll actually pay more to have more control over their data, so whether it’s tools that give them that control, or maybe saying no to sharing all of their information – 

Charlene O’Hanlon: Yeah. 

Lisa Plaggemier: Paying for an application, as opposed to getting free e-mail when really you’re – all of your data is the price that you’re paying for that free service. So, those are two of the things that we’re looking at for this year. 

Charlene O’Hanlon: Yeah. I’ve heard about the pay more for privacy, which I think is a great thing. To me there seems to be kind of a level, maybe a low level, of apathy that still exists a lot with consumers when they’re talking about cybersecurity, because there is this big unknown and because they were – we’ve all been barraged with the headlines for the last, you know, two plus years about one data breach after another, and yes, you get free credit monitoring, but you know, by the way, your Social Security number is all over the dark web and it’s not a question of if, it’s a question of when. So, I think people have just been kind of beaten down by the constant threat, if you will. 

So, I think they just kind of give up after a while and so the idea of now having to pay more for something that should be inherent in security, you know, in online practices, at least in their minds, you know, I wonder when we say they’re willing to pay more, how much more do you think they’re willing to pay before they say, “What a minute. This should not be on me to keep my data protected, my personal information protected. You want to do business with me? You want this information from me in order to do business? Then it’s up to you to protect that information, not me.” 

Charlene O’Hanlon: So, where do you think consumer sentiment is going in that respect? 

Lisa Plaggemier: Well, somewhere in that mix is going to be people looking at the federal government for more legislation. I think if you’re in California or one of the states that has data privacy protections already in place, or you’re in a state that’s looking at doing that, I think at some point folks start to look at congress and say, “Where is some legislation around this that is consistent across all 50 states rather than being dependent on which state in the country that I live in?” 

I had the great fortune to live in Germany for 13 years and, of course, they have a history of, you know, an evil regime tracking its citizens, you know, for some really awful purposes. And so, they have some of the strongest data protection laws in the world and I have to tell you, being a consumer there it was really nice to not get robocalls, not get junk mail, not get, you know, spam phone calls every night while you’re trying to eat dinner with your family. They just don’t have that kind of information available. Companies aren’t able to use that information in the same ways that companies can here. So, I know we talk a lot about, as consumers we want personalization. We want convenience,  you know, all of those things. We don’t want to slow down innovation, but there’s a middle ground. It doesn’t have to be the wild, wild west, you know? 

Charlene O’Hanlon: Right. 

Lisa Plaggemier: Yeah. 

Charlene O’Hanlon: Sometimes I wonder if the companies that, you know, are advancing all of these new technologies, they’re telling us that we want to have personalization, and they’re telling us that we want to have a level of convenience that we don’t currently have because, you know, I firmly believe you don’t miss what you don’t have, right? You don’t miss what you’ve never had. 

Lisa Plaggemier: Yeah. 

Charlene O’Hanlon: So, you’re telling me about this great new technology, but you know, your data is going to be possibly breached and privacy is going to go out the window. But hey, you know, you’ll get customized e-mails and things like that. It’s like is it worth it at the end of the day? 

Lisa Plaggemier: Is it worth the tradeoff? Yeah. I think the pendulum is starting to swing, for sure. 

Charlene O’Hanlon: Yeah. So, well, from a technology standpoint then to that end are there certain things that you guys are seeing as far as, you know, some of the ways that companies are stepping in from a technology standpoint to help us, you know, just kind of quell the chaos or control the chaos? 

Lisa Plaggemier: Yeah. So, I’m not a super technical person, but I can tell you, you know, we’re really about raising awareness and changing end user behavior at the National Cybersecurity Alliance and so one of the cohorts for a lot of materials we put out are the people doing training and awareness programs out there, both in security and privacy. I am seeing, I just talked to a Fortune 10 company this morning that is going to be doing some PSA, some short training videos and actually going to spend money on media buy to get those out in front of the American public. 

Charlene O’Hanlon: That’s great. 

Lisa Plaggemier: If you think about the – just in the awareness space, just thinking about, you know, who’s doing what as far as trying to educate their customer base or the American public, you’ve got Apple, who’s done a lot of ads on privacy this year, Facebook is doing ads, saying, “Please legislate.” Then you’ve had other – Microsoft has added free security training for their Microsoft Office customers. There’s just a lot more being done at the awareness level, just trying to raise awareness and influence people’s behavior. 

I would like to see- I’m a big proponent for us adding a carrot instead of a stick to those messages. So, along the lines of my conversation earlier about pictures of hackers in the hoodies, using all of that fear uncertainty about militaristically, which all of those things can be so alienating to so many people, it just causes a flight or fight response, right? Like, I just want to run away from the stuff. I don’t want to engage. You know, to your point about breach apathy or breach fatigue, both of which have been researched and documented. Those are really things. 

I think that if we want people to engage with something we need to use a little bit of marketing language. I heard Bruce Schneier talk about this at a virtual event lately, we should be saying it’s crack. We should be saying it’s easy. We should be saying it’s simple. You know, if you think about something, like a password manager, our research showed that of the people who do not use password manager, which is a lot of people, the most popular answer for how do you manage all of your passwords was, “I write then down in a notebook,” much to our chagrin. 

Charlene O’Hanlon: Yeah. 

Lisa Plaggemier: So, when you ask people about password managers, you know, why they don’t use them, they say, “Because I don’t trust the password manager companies.” That’s just a – I think that’s leftover, bad publicity from the early days of password managers when a few of them did have security incidents, and then a lack of understanding of how password managers work. So, if we can clean up that misperception with some positivity around not fear of the hacker in the hoodie and somebody breaking into an account, or your password is already out there for sale on the dark web – 

Charlene O’Hanlon: Right. 

Lisa Plaggemier: But rather once you do this, you’ll feel so much better, once you get all your passwords in this tool, and just the perception of these things being quick and easy, most people think that to start using a password manager is going to eat up a whole Saturday afternoon, right? I’d rather be watching my favorite sports team and not setting this thing up all day. The reality is that, you know, you install it on your browser. You put a few things in there, you know, maybe your most important financial services accounts, and then after that you just let it run and do its thing and it will ask you if you want to add every site that you visit. So, it is really quick and easy and it can think of a long, complex password to meet any rule you could possibly come up with a lot faster than I can, but you know, instead of telling people this is quick, and easy, and you’ll a peace of mind once you have it done, a lot of very well intentioned security professionals would rather tell people, you know, “Your data is for sale on the dark web,” and try and scare you into taking action. I think we need to lean into positivity. 

Charlene O’Hanlon: I think you’re right and to your point, the password managers, I will adjust. I love my password manager. 

Lisa Plaggemier: Me too. 

Charlene O’Hanlon: I change my passwords a lot more frequently than I probably would otherwise, because it prompts me and it does, you know, help me improve my security posture overall. 

Lisa Plaggemier: Right. 

Charlene O’Hanlon: So, I highly recommend using password managers. I suggest it to people, and they all say, “Oh, so-so-so,” you know? So, there you go. You can lead a horse to water, but you can’t make them drink. 

So, Lisa, I know we could continue this conversation for at least another hour, but unfortunately, that’s all the time we have, so I do want to thank you very much for being on and I sure hope you’ll come back and have future conversations with me. 

Lisa Plaggemier: I’d be happy to. Thanks for having me. 

Charlene O’Hanlon: All right. Great. Great. Thank you. I appreciate your time. 

All right, everybody, please stick around. We’ve got lots more Techstrong TV coming up, so stay tuned. 

Avatar photo

Charlene O’Hanlon

Charlene O’Hanlon is Chief Operating Officer at Techstrong Group and Editor at Large at Techstrong Media. She is an award-winning journalist serving the technology sector for 20 years as content director, executive editor and managing editor for numerous technology-focused sites including DevOps.com, CRN, The VAR Guy, ACM Queue and Channel Partners. She is also a frequent speaker at industry events and conferences.

charlene has 55 posts and counting.See all posts by charlene