Radar_Webcon_Generali_300x250_ad_3.7.17Radar-01
iapp-privacycore
OneTrust_Square Banner_300x250_DD_ROS_01_19
Enterprise communications and the power of data humiliation

Russian hackers are reportedly blackmailing U.S.-based progressive groups by breaking into their networks and scouring internal emails. This is how it reportedly works: The adversary gets sensitive information — say a strategic email conversation, or messages that could embarrass an executive or the organization — and demands a ransom with threats of public exposure. 

This isn't the first time we've seen this, and such exposure can be terribly disruptive — heck, it may have played a role in the 2016 U.S. presidential election. The slow drip of leaked Democratic National Committee and John Podesta emails over the course of last fall ground away at an uneasy electorate. Sony Pictures was also once a victim of leaked emails, after the alleged hacks by North Korea in retaliation for the studio's release of a comedy satirizing the nation's leader, Kim Jong-un. 

In other words, adversaries can use data as a source of humiliation — both at individual and organizational levels. 

Of course, rule number one here should be: Don't get hacked. Have a strong security posture to keep adversaries out. But that's not always possible. Many adversaries are state-backed and have time, expertise, and manpower to target and infiltrate. They're not just inserting malware or stealing data for profit on the dark web. They're using access to private communications as leverage to extort money and influence over an organization. It's the logical extension of ransomware. 

After many years of security products in the marketplace, technology geared toward privacy is now on a rapid rise. So much so, that earlier this year we at the IAPP started gauging and identifying the market. In our Privacy Tech Vendor Report 2017 we identified several categories that are truly unique from security technology. True, much of it automates and scales the daily functions of the privacy office. 

But on the edge of this market, we decided to include a category we called "Enterprise Communications." Vendors in this category aim to provide organizations with secure and private communications channels. We're not talking PGP emails here either. These are products that are designed to be easy to use, employ end-to-end encryption, and usually include data deletion capabilities to minimize a data trail. And they're specifically geared for the organization. These aren't just traditional security products; they're privacy-tech products as well. 

The hacks of Sony Picture and DNC were the main drivers behind our decision to include enterprise communications in our market report. The data accessed in these incidents was employed much differently than, say, a health care or financial data breach, in which adversaries try to sell stolen data on the dark web. 

And it will likely continue to grow worse. This data is used for coercion, for control over individuals and organizations, to influence the reputations of companies and outcomes of democratic elections. On an individual level, we've seen so-called "sextortionists" leverage private information — usually nude or revealing photos of women — to exert control of their victims. Again, it's the threat of exposure that coerces. That means these incidents are long-term nightmares for the victim. 

The organizational version of this might involve the publication of a tossed-off email from a high-level executive calling some regulator a nasty name, or an "off-color" joke between executives that would reflect poorly upon the organization as a whole, even a product idea that was quickly shot down for being egregious. These are things that can be exploited for long-term value in a way that the sale of a particular piece of personal information cannot.

Information is power, and our ability to communicate privately is part of the health of our organizations. Sometimes being candid about strategy, or another employee is necessary. But if that honesty is chilled by these types of hacks, business won't run as usual. 

We have clearly entered a new world where our digital technology can be weaponized. Keeping our communications as secure, and private, as possible is one way to help thwart these nefarious attacks.

photo credit: iPhone 5C via photopin (license)

Written By

Jedidiah Bracy, CIPP/E, CIPP/US

Comments

If you want to comment on this post, you need to login.

Related

Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

CIPP/E + CIPM = DPO

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

IAPP-OneTrust Website Scanning & Cookie Compliance Tool

Scan your website for cookies, tags, forms and policies and create a custom, dynamically updated cookie policy based on the results of your scans.

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

More Resources »

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds and unparalleled programs—plus a whole new spin on Active Learning!

Canada Privacy Symposium 2017

The Symposium returns to Toronto! Take advantage of Early Bird rates before March 31 and join your fellow privacy pros for a stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is SOLD OUT and the wait list is closed. If you got on the wait list, we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Join us in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens in May.

Europe Data Protection Congress 2017

Your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Registration opens in early June.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»