As technology and the internet become more advanced and information is more readily available to those who search for it, there is an increased need for security in the workplace. We are currently in the “Wild West” age of the internet, where hackers and nation states attack servers, exploit information or expose weaknesses in systems with little to no repercussions. But that is about to change. Until recently, there have been few enforcable laws or regulations put in place. However, government bodies, compliance groups and security professionals are catching up to hackers. The scales are starting to slowly tilt in favor those who protect us from cyber criminals.
Over the next decade, hacking and cybersecurity are going to change rapidly. In fact, both of those are already changing as new laws and regulations are put in place in an effort to stop cyber criminals from doing damage to unwitting folks. However, despite these efforts, the days of the lone wolf hacker in a hoodie, if they ever existed, have come and gone. We’re now looking at organized crime where people consider hacking their day job. Just look to ransomware, it is literally the digital version of paying the mob protection money so they don’t trash your store. And it’s generally run by organized crime, either traditional mafia rings or cyber rings.
Laws and regulations are catching up, though. Much like the FBI caught up to organized crime families under the direction of J. Edgar Hoover, so the legal system is catching up to the untamed internet. Some of that is due to people who, much like in the organized crime family era, are turning away from crime and beginning to educating law enforcement on how things work. The dark web is no longer dark, the TOR browser is no longer unknown. Governments are creating laws and regulations that international businesses will have to follow and adhere to in order to do business globally. They are removing the ability for hackers to hide and business to hand wave when they get hacked and their users get pawned.
In fact, many countries, like the US, have already started creating laws and regulations that impact cyber activity. Many countries have or are in the process of mandating that in order to do business over the internet within their borders or with their citizens, a business will have to house data of its citizens within their borders so they can regulate how the information is handled. It will be the responsibility of the business to know the laws and regulations of the country in which they want to operate. And this means that if you can’t catch the criminals, you can at least hold the companies accountable for failing to maintain best practices that could help protect their users from becoming victims.
A word of caution here: Many companies never actually think about the laws of some far off place and how having users from that far off land puts them squarely under that country’s jurisdiction. It is no longer the free open prairie online that we grown accustomed to over the past decades. It would be wise, especially for a startups, to start seeking out experts who can help geofence their online operations and ensure that business can’t be unintentionally conducted in a country where the business doesn’t want to operate or understand the ramifications of operating. Should the business’ needs change, that geofence can come down or be adjusted. The cost of modifying the fence is significantly less than the fines they could face. And as the US seems to be allowing states to take the first steps, business may also need to make choices about which of the 50 states they allow customers to originate online from.
Up until recently we have existed in a digital world where businesses are still transforming business to be online and rushing to modernize to the digital age and evolving technology. This has helped enable hackers to run rampant over the internet. But as his phase starts end, companies are treating cybersecurity as essential and are organizing around it, as laws, compliance groups and regulations are catching up. In the next decade, criminal cyber activity is no longer going to be hidden but pulled out in the open, putting the need for laws and regulations smack in the faces of governments worldwide. The next decade will see more and more laws put into place, more cybersecurity organization and by the beginning of the 2030’s, we predict we’ll start to see a major crackdown on cyber crime that will tip the scales to the side of cybersecurity globally.