Thales eSecurity Blog

2020 Predictions: New Challenges for Data Privacy and the 5G Hackathon

Ashvin Kamaraju
Ashvin Kamaraju | CTO More About This Author >

Today’s innovations and technologies provide tremendous opportunities for enterprises. Along with innovation and technology proliferation, new challenges that will shape business during 2020. The importance of data and the power of being an insights-driven enterprise are increasing the amount of damage that data breaches can cause. The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) that’s often built with only a few security controls and therefore creating a larger attack surface that enterprises have to deal with., In addition, malicious actors can and will adopt technologies such as AI and machine learning faster than security leaders can.

At the same time, consumers are deeply concerned with how their data is collected and used. A barrage of news about data breaches, government surveillance, and corporate misconduct has soured consumer sentiment on current data practices privacy regulators and authorities strive to protect consumer rights and shape the future of data protection.

So what’s in store for data privacy and the rollout of of 5G technology?

Consumer Rights and Privacy Fines

2018 was a breakthrough year for consumer rights and data privacy regulations with the introduction of GDPR. GDPR is widely known for making a global impact since every company processing personal data of European citizens is subject to the provisions and requirements of the regulation. To appreciate the impact the GDPR has had, one only needs to look at the fines imposed by the various National Data Protection authorities last year, which have totaled approximately €500 million.

Last year brought a considerable shift in the global privacy legislation landscape and 2020 is going to be just as busy from a data protection standpoint. In fact, the new California Consumer Privacy Act (CCPA) just went into effect on January 1.

While CCPA legislation may not be an omnibus style law like the GDPR, it has been inspired by it, particularly around data subject rights. More countries are implementing regulations to help with international data exchange, and we can expect to see additional legislation that incorporates elements of GDPR this year.

Another development we may potentially see in 2020 is progress around the European Union’s ePrivacy Regulation, which will replace the existing ePrivacy and Electronic Communications Directive 2002/58. The new law has been designed to work alongside the GDPR, addressing the definitions of privacy and data. It also strives to enhance areas such as cookies, unsolicited marketing and confidentiality for online privacy.

Unfortunately, privacy compliance is still lagging. What is certain is that we won’t see all organizations becoming compliant in 2020. Unfortunately, it’s still the case that too many companies don’t want to invest in privacy or simply don’t pay enough attention to achieving compliance. As a result, we can expect to see data protection authorities enforcing compliance and levying fines as many investigations are ongoing and others will certainly get underway.

Customers are more aware now than ever before of the rights associated with data privacy regulations around the world. And as breaches hit the headlines nearly every week, 2020 will be the year customers start to ask more questions and demand more control over where organizations are storing data and how they are protecting it. Forrester predicts that privacy class-action lawsuits will increase by 300% in 2020. As a result, data discovery, classification and remediation by protecting sensitive data through automated workflows will become an important initiative for enterprises.

The 5G Hackathon

Privacy issues will be compounded even more in 2020 as a result of the increased connectivity brought on by 5G. Believe it or not, the fifth generation of wireless technology is already here. Telecommunications companies like AT&T, Sprint and Verizon have begun rolling out 5G service to major cities in the U.S. and consumers are expected to have full access to the technology by the end of next year.

5G tech will make the IoT a greater part of our everyday lives. Growth is expected to explode particularly among outdoor surveillance cameras, smart cities and connected cars, fueled by the ultra-fast 5G network to allow IoT devices to transfer exponentially more information. In fact, Gartner predicts that the 5G IoT endpoint installed base will approach 49 million units by 2023. While the availability 5G is exciting, it brings new cybersecurity challenges that pose threats to the majority of IoT devices. In the rush to beat the competition, security will be an afterthought as opposed to a forethought. This makes the expanded IoT landscape a nightmare for cybersecurity experts who must figure out how to protect cell phones, security systems, vehicles, smart homes, and a variety of other devices from being breached.

Hackers will try to profit from the proliferation of IoT data. In the impending 5G enabled world, attack surfaces will be larger than ever before, providing more opportunities for consumers and businesses to be hacked. In addition, high bandwidth will empower criminals to launch much larger data breaches and attacks that could cripple entire enterprise networks. Some of the most common types of attacks that companies need to prepare for are botnets, distributed denial of service (DDoS), RFID spoofing, Trojan viruses, malware and malicious scripts.

On the privacy side, matters become more complex. 5G service providers will have extensive access to large amounts of data being sent by user devices, which could show exactly what is happening inside a user’s home. At the very least, metadata could describe their living environment, in-house sensors and parameters, such as temperature, pressure, humidity and so on. Such data could expose a user’s privacy or could be manipulated and misused. In addition, service providers could decide to sell this type of data to other service companies such as advertisers for the purposes of opening up new revenue streams.

Conclusion

The global rollout of 5G, combined with the expansion of the IoT, will make the 2020s a record-breaking decade for cyber-attacks on connected devices, putting consumer privacy at risk. The increase of privacy breaches will result in increased fines for organizations not complying with privacy and security regulations at the federal level. As a result, high-tech vendor and government organizations should join forces to prevent the exploitation of 5G and IoT by threat actors and preserve the features that address what it was developed for–technical progress and improving the quality of living conditions.