As 2020 kicks off and we reflect on the last year, it’s clear that consumers are seeking more transparency from companies about their data. In fact, 70% of Americans say they believe their personal data is less secure than it was five years ago, and it would seem they are hungry to take control of their own online identities.
Here are a few of my predictions on how this consumer call for action will (and should) be a catalyst for greater privacy, identity protection and security in 2020.
A New Wave Of Regulation Is Coming For Data Privacy
Since the EU’s General Data Protection Regulation (GDPR) took effect in May 2018, other countries and states, including Kenya and California, have been inspired by GDPR and taken action.
The California Consumer Privacy Act (CCPA) is a key indicator of where I believe we are headed in 2020. We should expect more, even stricter legislation surrounding consumer data privacy rights this year with others following in California’s footsteps, including Maine’s privacy law that is slated to go into effect in July 2020, "requiring broadband internet service providers (ISPs) to obtain a customer’s express, affirmative consent before using their personal information, including browsing history," according to the National Law Review.
Rather than waiting for specific data privacy legislation to be enforced in your company’s state, get ahead of the upcoming regulation, and look at existing laws outlined in the CCPA for foresight of what is likely to come.
Looking beyond 2020, as more states implement their own data privacy legislation, we should expect to see a call from CEOs of both small and large organizations around the world to come together to create a global data privacy regulation that offers consistent regulations across the board.
Standardization For Social Logins Across All Operating Systems
Sign in with Apple (SIWA) will serve as a guiding light for the overall demand for customizable login methods, and, more importantly, its focus on confidentiality and privacy of personal information. Announced in June 2019, and required to be implemented by April 2020 in some scenarios, SIWA will enable customers to enjoy a frictionless sign-in experience with Touch ID and Face ID to access third-party apps—and hide their real email addresses behind temporary ones that Apple creates on a per-app basis.
This signals a new era of social login standardization across the board for mobile apps in 2020. Expect to see other mobile operating systems take a page from Apple’s book and enforce a similar initiative for mobile apps available in their app stores, putting a higher priority on user privacy and secure app experiences.
Consumers, more than anything, want an easy and intuitive user experience. A consistent login across all channels supports an approach that is both secure and practical.
Hackers Will Stay Busy Stuffing Your Credentials
There is no doubt that credential stuffing—where a hacker attempts to sign in to a user’s account using usernames and passwords that have been leaked during data breaches—is on the rise and will continue throughout 2020.
Once hackers have access to billions of leaked credentials from breaches, they can access users’ personal and corporate accounts, everything from banking and online streaming platforms to email profiles and corporate accounts, all of which house highly personal information that can be sold on the dark web for nominal amounts.
The Disney+ attack in late 2019 was a warning for how credential stuffing will affect more and more people who sign up for streaming services. Many other consumer services have experienced credential stuffing, and with the increasing repository of breached passwords available for anyone to access, there is no end in sight.
With countless breaches and billions of exposed passwords, credential stuffing affects most enterprises—and they don’t realize it. These attacks cost an average of up to $6 million a year per company, but they aren’t top of mind for security leadership. If companies want to protect their bottom line and brand equity, they need to prioritize and establish clear ownership for mitigating credential stuffing attacks.
Credential stuffing will be a huge challenge for developers and security architects to solve in the coming year. It’s also an issue that needs to be brought to light: Too many consumers don’t realize the pervasiveness of credential stuffing, and many brands aren’t doing enough to protect user information.
2020 will be a pivotal year in many ways. The regulations around data privacy that companies will be bound to will hopefully serve as a great catalyst for consumers to reassess how they manage their data and credentials, and hopefully, it will prompt them to take the preventive steps to ensure their privacy. As indicated by initiatives like Sign in with Apple, companies are supporting this movement as well and are investing heavily in increasing security without compromising user experience.
Ultimately, the responsibility falls on the vendors that require login access and consumer information. Are you prioritizing your customers’ data and providing them with the level of transparency they are asking for? If not, it’s time for a new resolution.
