At a glance.
- Business privacy trends.
- The future of identity security.
- AirTags and the potential for stalking.
Cisco reports on business privacy trends.
Cisco has released the results of its 2022 Data Privacy Benchmark Study, in which nearly five thousand professionals across twenty-seven geographies were surveyed about corporate privacy practices. As Cisco summarizes, the big takeaway is that 90% of respondents say they consider privacy a business imperative, with 83% viewing privacy legislation as having a positive impact on company operations. “With 94 percent of organizations saying they are reporting one or more privacy-related metrics to their board, and privacy investment rising with an average budget up 13 percent, there’s no doubt that privacy continues to grow in importance for organizations, regardless of their size or location,” commented Cisco Vice President and Chief Privacy Officer Harvey Jang.
Respondents said their privacy ROI was 1.8 times spending on average, an attractive return if slightly less than last year’s estimate, possibly due to adapting to the pandemic and new privacy legislation. Data localization requirements could also be putting a strain on ROI, as 88% of respondents say adhering to requirements increases costs. The price, however, is considered worth it, as data localization is seen as essential by 92% of respondents.
The future of identity security.
The surge in remote work has made the concept of identity essential to security, as limiting system access only to authenticated authorized identities seems to be the strongest approach to securing a company’s network. SecurityWeek forecasts how the growing need for no-perimeter IT will impact privacy trends in the coming year. The challenge is that the volume of identities has experienced a surge in recent years, making it more difficult for cyber professionals to manage these identities and giving cybercriminals an increased attack surface.
One Identity’s VP of global IAM strategy Larry Chinski observes, “Identity security will become all the more vital as the ‘metaverse’ gains traction. Ninety-five percent of businesses report challenges managing the number of identities that currently fall under their organization’s umbrella (human, digital, RPA, etc.). As adoption of the metaverse increases, identity security and management issues will only become more profound – and a bigger threat to business resiliency.”
Digital identity fraud is the most common identity-based attack. Companies must also contend with non-human identities, or machine identities – devices, services, and workloads – which typically outnumber the human identities within the company and are privileged accounts, creating an even larger identity sprawl challenge. Identity-based attacks against the cloud are facilitated by cloud misconfiguration, and credential-based attacks on cloud identity systems present further threats.
Apple offers privacy guidance for AirTag users.
Amidst growing concerns that Apple’s AirTags could expose users to privacy risks like stalking, the tech giant has launched a new “Personal Safety User Guide,” a collection of strategies and support documents aimed at helping users who worry their personal safety might be at risk. As Apple explains, the guide offers “strategies and solutions to help you regain control” if someone has potentially gained unauthorized access to a user’s device or account, and it contains a list of troubleshooting recommendations for managing settings in order to secure data from intruders. 9to5 Mac notes that the guide takes a lot of guidance Apple had previously released and centralizes it in one searchable, easy-to-navigate hub, but it remains to be seen if Apple will modify AirTags to make users more confident their data is secure.
WeLiveSecurity examines the privacy risks posed by AirTags, and other connected gadgets like smartwatches and fitness trackers. The market for these products is set to grow by 12.5% annually and will likely exceed $118 billion by 2028. Cybercriminals can potentially infiltrate these devices by manipulating location-based data, and many of these gadgets also connect to the user’s other smart home devices or pass data on to third-party data collection companies. As well, the associated apps, Bluetooth services, and cloud-based back-end servers present a large attack surface for hackers.