There has been a slow buildup in the general public’s awareness of data protection and cybersecurity issues over the last few years. What was once a niche interest area — served predominantly by legal and compliance experts toiling away trying to persuade company boards how important privacy was, and technical experts doing much the same thing for cybersecurity — is now front page news and a topic most people are at least familiar with.
That’s due to a multitude of factors. One can point to the groundbreaking disclosures by whistleblower Edward Snowden as a watershed moment in the public’s understanding of the power and scope of data collection. But just as easily could we look at the Cambridge Analytics scandal, the gigantic Equifax data breach, or the advent of the GDPR, the EU’s landmark data protection law which came into force in May 2018.
On the last point, it’s worth noting that the GDPR is not a completely novel set of rules — many of the principles and rules it consists of came from its 1995 predecessor. There are also laws like the EU’s ePrivacy directive, which came into force in 2002 and regulates electronic communications.
The important point is this: although these issues of privacy and cybersecurity have been around for some time, they’re now considered truly important, in the sense of personal rights and as a business issue.
And one, perhaps unexpected, consequence of the coronavirus pandemic is that these issues have shot like a bolt right into the front of our collective consciousness. Businesses must contend with their entire workforces shifting to remote working; they must also quickly recognise that if cybersecurity and privacy policies are not updated to adapt to that reality, it could spell the end of the business.
Not only that, but privacy matters have come to the fore as part of the debates around how to tackle coronavirus. A common weapon in governments’ arsenals is contact tracing apps, which look to track how people are interacting and if they might have passed the virus on to others. But huge swathes of the population have now read stories in the popular media, and academics have given testimony to politicians, all about the privacy problems that may go alongside such apps.
The effect on cybersecurity workers
This article was written on the same day as low cost airline EasyJet announced that it had suffered a major data breach which it said may have affected nine million people. Quite apart from the damaging effect this may have had on a company already suffering at the hands of the coronavirus, it is worth considering the effect this has on people’s — and especially executives — perception of cybersecurity matters.
Which CEO wants to see a story on the front page of the BBC website about a data breach at their company? None, of course. And while it is certainly difficult to avoid some data breaches, the only real way to reduce the risk of one taking place is to hire a skilled cybersecurity workforce.
Executives already know that, of course, but with every high profile data breach, they also likely consider an addition to the data security budget.
Communications giant Verizon also published its annual data breach study today — and said in an accompanying press release that “hacking, phishing and attacks on cloud-based data [have] put a strong focus on security for remote-working”. It’s yet another sign that now more than ever, cybersecurity is essential.
Reasons to be cheerful
And therein lies the rub. Cybersecurity in these challenging times is essential but these are also, evidently, challenging times. Companies are being forced to slash jobs, put staff on furlough and reconsider all aspects of their budgets. Which means, unfortunately, some cybersecurity workers may be struggling at the moment. But the future is surely brighter. As all organisations come round to the realisation that information security is as important as any other role — finance or HR, for instance — demand will certainly increase when we get out the other side of this crisis.
And with the public now far more aware of cybersecurity issues than they were in the past, maybe there’ll be enough people to meet demand and fill the skills gap. There is reason for optimism.