How Increased Awareness in Cybersecurity Impacts on Consumer Privacy
1/3/2020 1:21:09 PM
Pictured Above: Rohit Tandon sitting at his desk working on a computer and listening to an ipod.
The impact that technology has on the everyday lives of Minnesotans is changing exponentially. As we head into 2020, we wanted to reflect on where we were 10 years ago, the challenges and opportunities addressed by technology today, and where we might be headed in 2030. Technology touches nearly every aspect of the services that Minnesota state government provides, and the evolution of those services is underpinned by advances in technology, better business processes propelled by new applications or data management, and a focus on access for all.
Over the next few weeks, we will be sharing the perspectives of six employees from Minnesota IT Services (MNIT) who work hard every day for the State to ensure that Minnesotans have access to a better government.
Rohit Tandon is the Interim Chief Information Security Officer for Minnesota IT Services. He says he lives on technology now, even more so than a decade ago – if he writes something down on paper, he tends to be able to find, sort, and archive it only when it’s in a digital state.
Rohit: The mobile device as your central/only device was just becoming a thing. I remember I still had to carry around my phone and iPod so that I could listen to music, but I was really looking forward to a time when I could have an unlimited stream of music that I wanted to listen to on my phone.
As the phone was becoming a centralized place to gather information, it also was able to become your email, GPS, calendar, and even note taker. I used Evernote to take notes, instead of carrying around a pen and paper, which allowed me to be more efficient with categorizing and accessing information at work. I expected there to be even more of an infusion of this mobile platform – wherever I went, I could keep my technology with me and there was an App for that.
Over the past decade, this has completely turned out to be true. At work and home, I live on technology. By utilizing my phone and technology to manage daily checks and balances like my calendar, home security system and lighting, and even note taking, I can offload simple mental tasks and focus my energy into more meaningful activities at work and with my family.
Rohit: The biggest change is the increased security awareness. There has been a compiling impact on the visibility of cybersecurity from both consumer data breaches and election security. Previously cybersecurity was thought of a backend issue -- it was not at the forefront of business decisions. Then consumers felt the impact of data breaches at places like Target, Home Depot, and Equifax. There was a consumer push for more investment in cybersecurity. At the same time the 2016 elections put a lot of media pressure on security from a national level. We started thinking about what cybersecurity means for social media and news sites, and how the information that we put online becomes public.
The push for investment and understanding of cybersecurity then just compounded. For example, during the 2019 legislative session, MNIT received funding that will allow our security team to, among other things, deploy cybersecurity tools that will improve detection and blocking of attacks, create training that will help state employees spot phishing emails, and improve our response times and awareness of threats.
Another change over the past decade is that our tools have become much more mature in preventing and detecting cyber attacks. We can better understand the doors that cyber criminals unlock, or the data and information that is accessed, even when that behavior is anonymous. We also leverage AI in our software to understand and address anomalies in the behavior of what an end-user should be doing. It allows us to quickly address a potential incident for our state systems.
Rohit: I heard a great analogy from Sonil Yu. We treat our systems and devices as pets; we want them to live forever, taking care of them and becoming attached to them in a static state. However, as cyber criminals become more sophisticated, we have a constant need for updating our software, infrastructure, and systems. From what we’ve seen with the rise of ransomware and other attacks over the past few years, we need to treat our technology as disposable and become comfortable with a cycle of constantly replacing and investing in it as such. This probably sounds cold-hearted towards technology, but unlike pets we need to be comfortable letting go of our systems and devices when they are sick or aging but still alive.
I also think there will be a conscious effort to gain control of the privacy that we have given up. As cookies and bots grow more sophisticated, we should be thinking about whether we would be comfortable if the information that is on our screens would be broadcasted in a public square. The history of our searches, purchases, and activity online is creating a repository of information where some software may know more about you than your family. I think there will be a fight back for privacy, led by a younger generation that does not feel the need to expose all their information.
Rohit: I am going to take a wild guess and say quantum computing will change everything about encryption by 2030. Quantum computing could crack encryption by doing exponentially more calculations at a time, not just checking whether the code reads a “1” or “0” like current computing platforms. Encrypted data allows us to protect information and relies on the fact that it takes current computing processes an infinite amount of time to break the encryption. It is a security change that could revolutionize the industry.