In accordance with a study[1]
performed by Gartner consultants, expenses with products and services
associated with information security will reach $124 billion in 2019, a growth
of 8.7% in comparison with 2018. This estimate reflects the challenges, without
precedent, involving cyber security and data protection faced by companies (of
all sizes, it is important to mention).
Digital threats develop at the same pace as
technology progresses. We are not talking about a distant reality here, but
rather about what is happening around us on a daily basis: technologies that
are becoming more and more usual in a digital society, including facial
recognition, the Internet of things, Internet 5G, drones, big data, artificial
intelligence, DNA mapping, self-driving vehicles, smartphones, smart watches.
All technologies above are changing the limits
and expectations of privacy, posing new challenges to civil society, the
government, regulatory agencies, companies and organizations. If 2018 brought
to light so many incidents, it made the reality of facts quite clear, that is,
action and caution must be exercised to protect our data, no matter if we are
in the capacity of data subjects, operators or controllers.
Information security is a key factor to
transform the digital society. And, in view of what had been studied so far,
some behaviors may be crucial in corporate environments to prevent problems in
the future, such as compliance with data protection regulations, local and
international, risk analysis involving digital businesses and protection of
intellectual property in online environments. To adopt a conduct compliant with
applicable laws and regulations is the first step towards mitigation of so many
risks.
And what about the year that is just beginning,
what can we expect? Well, the first weeks of 2019 already combined two huge
events. On January 17, a digital security researcher found a database with
approximately 773 million unique e-mails and 21 million unique passwords[2],
in one of the largest data breaches of the history. On January 21, the French
data protection authority, CNIL, ordered Google to pay a 50 million Euro fine
for lack of transparency and informed consent regarding its advertisements, as
well as improper information.
Hence, it is clear that companies dealing with
data are subject to security incidents. And, here, we include them all: giant
technology companies and small neighborhood ventures. The cost associated with
these incidents is high: identification of the problem, notice to users,
regulatory fines, loss of reputation and business.
These considerations lead us to conclude that a
preventive conduct is the best strategy. Get to know your business, what sort
of data is collected and how it is treated. Look carefully to the tools you use
and, if necessary, seek an expert.