A recent EY Global Consumer Privacy Survey found that the data privacy expectations of consumers are shifting due to the pandemic and the correlating increased reliance on technology in the last year.

The survey was created to help organizations better understand how consumers’ data privacy needs are evolving by examining their attitudes towards sharing personal data and by analyzing the way their behavior is changing.

The survey and the results report addressed three critical questions and guidance for how businesses can navigate these changes:

Question 1: How do consumers expect organizations to handle their data?

The findings – deliver certainty the consumers crave. The survey found that more consumers are concerned about the security of the data they share with a company more than the actual data that is shared.

Yogen Appalraju, EY Canada Cybersecurity Leader summed the finding up saying, “Organizations that want to maximize the collection of personal data need to focus on establishing their data protection and privacy capabilities. Those that cannot provide assurance that data is collected and stored safely may start to see customers go elsewhere.”

Question 2: What do consumers want in exchange for their data?

The findings – tailor offerings to build trust. Consumers want to see a fair exchange of the value your product provides with the data they’ve shared. For example, the survey found that half of millennial consumers say they’re willing to share their browser search history with a large tech company in exchange for a more tailored and personalized online experience. However, older generations like baby boomers believe the lack of control over third-party access to data decreases the amount of trust they place in an organization.

Question 3: How is data privacy shifting for a post-pandemic world?

A unique shift in attitude towards data sharing comes as a direct result of the COVID-19 pandemic. As economies start to reopen, many businesses, schools, and organizations may require the collection of personal information to ensure health and safety. Half of the consumers polled in the survey believe the pandemic has made them more willing to give up personal data if they know it is contributing to research and/or overall community wellness.

Photo by Matthew Henry on Unsplash

author avatar
Green Key

Apple’s Security Protects the Bad Guys

Apple’s iPhone may be the world’s most secure device. Apple designed the operating system and manages the apps it approves in such a way as to create what is widely described in the tech community as a walled garden.

Here’s the problem: Like all defensive walls, only the most sophisticated, most advanced enemy can get it. But once in, those walls make it equally challenging for defenders to root them out.

“It’s a double-edged sword,” Bill Marczak, a senior researcher at the cybersecurity watchdog Citizen Lab, tells MIT Technology Review. “You’re going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they’re inside, the impenetrable fortress of the iPhone protects them.”

He says that as Apple makes the iPhone ever more secure and difficult to hack, attackers aren’t just sitting back. They are developing ways to take over an iPhone invisibly.

“These allow attackers to burrow into the restricted parts of the phone without ever giving the target any indication of having been compromised. And once they’re that deep inside, the security becomes a barrier that keeps investigators from spotting or understanding nefarious behavior,” writes article author Patrick Howell O’Neill.

According to O’Neill, Apple’s security measures force defenders to look for indirect clues to the safety of a device. iVerify, one of the few Apple-approved security tools, looks for anomalies such as unexplained file modifications to detect breaches.

Now, the security Apple has designed into its iPhone ecosystem is spreading to other of the company’s products, notably the Mac.

Says security researcher Patrick Wardle, “Apple saw the benefits and has been moving them over to the Mac for a long time, and the (special) M1 chip is a huge step in that direction.”

Though Apple’s rules are intended to protect users’ privacy and prevent malicious intrusion, the article says hackers are “creating code that exists in a place where Apple doesn’t allow outside security tools to pry. It’s a game of hide-and-seek for those with the greatest skill and most resources.

‘Security tools are completely blind, and adversaries know this,’ Wardle says.”

O’Neill tells us there is no likely fix to the problem. Apple, he says, “Argues that no one has convincingly demonstrated that loosening security enforcement or making exceptions will ultimately serve the greater good.”

Photo by Tyler Lastovich on Unsplash


author avatar
Green Key

‘Outlandish Job Requirements’ Are Causing an IT Shortage

Too many employers are asking for too much when seeking to fill entry-level cybersecurity positions, then lamenting that there’s a shortage of talent applying for the job.

“There’s a misunderstanding, I think, out the door of what the [requirements] really should be for junior, midlevel and senior roles, and what those expectations are,” said Neal Dennis, a threat intelligence specialist, in an interview with The Wall Street Journal.

Citing a report by the International Information System Security Certification Consortium (ISC2), the Journal said there is a need for 3.1 million cybersecurity professionals to meet security requirements. But companies leave positions unfilled insisting they can’t find people to fill them.

Researchers tell the Journal “outlandish job requirements are the problem,” not than a lack of workers.

“We’ve created this self-licking ice-cream cone of misery that continues to drive the narrative forward that we don’t have the ability to solve this problem, or we don’t have enough humans,” said Chase Cunningham, principal analyst at research firm Forrester Inc.

The Journal article notes that job postings for entry-level security roles frequently request two to four years’ experience and advanced knowledge, which can be evidenced by certifications such as the Certified Information Security Systems Professional.

But Clar Rosso, chief executive of ISC2, which issues the certification, points out in the article that it takes 5 years of experience before earning a CISSP. “Possibly the human resources recruiter doesn’t have experience in the area and they’re not able to say, wait, that doesn’t even make sense,” she told the Journal.

The solution, says the Journal, is for companies to rework their expectations and hire tech professionals with non-traditional backgrounds, then invest in training. “Apprenticeship schemes and firm career development paths for new cybersecurity workers would help,” says the Journal.

“Once that shift occurs,” Dennis said, referring to on-the-job training and certification prep programs, “I think that the skill shortage starts to answer itself. And then we’ll finally realize that there’s not really a people shortage, there’s just a knowledge shortage on the people who are available.”

Photo by Patrick Amoy on Unsplash


author avatar
Green Key