It doesn't take much of a crystal ball to predict that 2018 will be the year of enhanced online security. You can pull together a web security forecast by looking back at last year’s events.
We were headed toward more emphasis on consumer privacy anyway, but the massive Equifax data breach in September forced every consumer to face what geeks have known for ages: left to their own devices, companies that collect, handle and sell our data do not care about keeping us safe. As if that weren’t enough, Facebook has been selling our data to Russian election hackers.
These events will change the thinking of just about every American on the internet, and since the Europeans already relish their privacy and have begun to take steps to enhance it, we can look forward to a real difference in how marketers, developers and publishers operate online.
Here's our web security forecast for 2018
In light of the current online security landscape and the impact of its shortfalls on stakeholders far and wide, here’s our web security forecast for the coming year.
Apple’s Safari 11 will have an impact
Apple, which has made security a differentiator in its products for a long time, has blocked cookies automatically in Safari 11.
All the major marketing trade groups are fighting this change, saying they are "deeply concerned" with Apple's plan to override and replace user cookie preferences with a set of Apple's own standards.
Called "Intelligent Tracking Prevention," this change will provide consumers the gift of a 24-hour limit on ad retargeting. So that pair of shoes you looked at can only follow you around on the internet for 24 hours.
Cookies are code snippets that identify the originating computer and its user with the websites she visited. They can ease the process of typing login credentials with auto-fill or, at minimum, they can be a mild irritant when that pair of shoes shows up in a banner ad for a fortnight. But, from a security perspective, the cookies themselves and more specifically the data contained in them have potential to be the first of many attack vectors from a malicious hacker.
What might this change mean for advertising? We predict the emphasis will swing from performance ads based on data, to brand ads, which do not involve having to violate privacy by tracking consumers around the web.
A Brave new world
Through Brave's use of blockchain technology, it pays content creators viewed through its browser in micro payments. The blockchain is coming to advertising in other use cases as well, mostly to make the digital media supply chain more transparent.
We predict Brave will catch on with the geeks who favor ad blocking and security, although the general public probably won't know it exists. However, other forms of blockchain tech might very well serve the purpose of web security through decentralized application (dApps) contracts. A web surfer can specify in the contract that some of the more relentless tracking options be negated and this option can be enforced by the browser.
Here comes the GDPR
The big Kahuna of changes in our web security forecast is the launch of the Global Data Privacy Regulation in May 2018. The GDPR, as it is lovingly referred to, affects how marketers can interact with European consumers: they can only market to a consumer who gives permission. Because this regulation was passed by the European Commission, it carries the force of law and if you violate its terms you can be liable for a hefty fine.
Although the UK is in the process of Brexit-ing the EU, its companies handle so much data from EU members, it will follow the conventions of the GDPR.
America likely will be dragged along kicking and screaming; because most online businesses do not have a convenient window into where every data point comes from, it will be easiest simply to comply.
American small businesses might need to reassess their data security practices and policies.
When the EU’s latest data protection regulations launch in May 2018, at minimum all online businesses will need to “implement appropriate technical and organisational measures to ensure … the pseudonymisation and encryption of personal data."
For organizations that “require regular and systematic monitoring of data subjects on a large scale,” they “shall designate a data protection officer." The Data Protection Officer (DPO) designation can be an added responsibility for an existing team member or the opportunity for a fresh face.
Opportunities for small businesses
There will be a major opportunity here as small businesses who haven't paid much attention to these issues in the past re-examine how they handle customer data or who they partner with. While new regulations might seem onerous to some, the reality is that having a codified plan serves to provide a standard — and that creates compliance work.
Security provides a windfall
And then there's the obvious windfall for companies that sell data security solutions, which will be far more appealing. Our web security forecast predicts big opportunities in key industries.
Overall, existing service providers, as well as any startups in the data security and protection segment, will recognize the vast possibilities in providing new or integrated service offerings. IT shops will have increased interest from existing clients for web security solutions, and secure cloud providers will also recognize the opportunity to create new offerings from GDPR's regulations (i.e. DPOaaS (Data Protection Officer as a Service)).
Wrapping up our web security forecast
Obviously, web security and privacy are going to remain top of mind throughout 2018. If these aren’t topics you frequently consider, it’s time to start. Even if you only run a modest online store, it’s critical to spare no expense for privacy and security — and then assure the people you do business with that you’re keeping an eye out.