2015 will be the year of security revelations (and regulation)…
I’m not referring to revelations of new data breaches (that trend will certainly continue) but revelations that security enforcement has not kept up with the exponential adoption curve of new technology. 2015 will be the “uh oh” year of manufacturers, consumers, insurers, and governments alike realizing that security, while once pretty low on the totem pole of priorities, is no longer a feature but a requirement. 2015 will be the year that the government steps up their game from simply creating policies and recommendations to shifting to the creation of proactive enforcement programs with actual consequences. 2015 will be the “this is not enough” year of requirements; the revelation that compliance alone is not a solution will expand security budgets and change industry recommendations.
Here’s my rationale:
Agencies like the FCC, which have instituted PCI requirements and HSS, which constructed HIPPA, have played important roles in levying fines against companies post-breach — this will soon shift to pre-breach for inadequate protection. IRS-like audits will become the new norm and companies will be forced to address the problem head-on.
Insurance companies will begin to recognize that treating data breaches like workman’s comp is an illogical comparison. Proactively evaluating the true risk of an organization by taking a much more holistic assessment of their overall security posture, and treating that assessment as one that mimics an attacker, will become a necessary step in order for insurers to take on cyber liability.
Will added scrutiny hinder innovation or perhaps cause the adoption of technology in the workplace and our personal lives to slow? Maybe. But one thing is clear, technology is here to stay and the security of that technology is an absolute necessity.
dumps fullz bank logs fullz