future of cybersecurityThere isn’t much of 2016 left, and what a year it’s been, especially when it comes to cybersecurity. Based on the data breaches and other security incidents that happened over the course of 2015, we already knew that nobody is untouchable by hackers. But that point was hammered home this past year with major data breaches within the IRS and Yahoo, ransomware rapidly growing into a threat for private citizens and big businesses (like hospitals) alike and the questionable security practices of Internet of Things makers coming under fire after a massive DDoS attack hijacked people’s webcams and security cameras to bring down tens of websites. Although there’s no way to know for certain what’s to come, there are some predictions we can make about the future of cybersecurity in America based on what we’ve seen over the past few years. Here are some things we can look forward to in the years to come.

Government regulations on cybersecurity are likely

Considering multiple branches of the government have suffered from serious cybersecurity issues in recent years, it’s not surprising that many people might be skeptical about the idea of the federal government instituting any regulations regarding security. However, a set of clear expectations for businesses when it comes to cybersecurity, whether it’s how consumer data is protected by the companies that collect and store it, or the minimum security required within Internet of things devices being manufactured, it’s necessary to get ahead of cybercriminals — or at least match pace with them. On November 16, a number of security experts were present at a House committee hearing to discuss the issues surrounding the Internet of things and cybersecurity. The experts made several suggestions for how lawmakers could take more action to circumvent cybercriminals.

Among these suggestions included the creating of a new federal agency specifically dedicated to cybersecurity, regulations which introduced consequences for manufacturers who deliver insecure products to consumers and a federally funded, independent lab to perform cybersecurity testing on products before they hit the consumer markets. One of the biggest obstacles to the idea of government regulations is the fact that humans are averse to change, and this is especially true when it comes to the government, but as one of the security experts mentioned, new technologies often bring about the need to create new legislation as well as federal agencies to help govern their use and protect Americans from those who would try to exploit them.

Although it may take some years for anything to get off the ground, it’s highly likely that some legislation will be passed to help protect people from having their data stolen and their accounts and devices hijacked. Some efforts have been made by the Obama administration, as we’ve noted, but only time will tell what will happen as 2017 ushers in a new crop of lawmakers and leaders. Simultaneously, it’s also important that any regulations passed don’t trample citizens’ right to privacy, which is another fear some people have regarding government regulation on cybersecurity issues.

Passwords are on their way out

Gone are the days when a simple six to 12 character password with a couple of numerals and an exclamation point was enough to secure even the most benign online account. These days, creating a strong, secure password is a feat — as is trying to remember the dozens of unique, complex passwords you create for your constantly-growing collection of online accounts. Although many people are turning to password managers to help them keep track of their passwords, overall, security experts and common folks alike are realizing that the old-fashioned password just isn’t good enough anymore. So what’s going to replace it?

Many websites and apps are utilizing two-factor authentication (2FA) to add an extra layer of security to people’s login attempts, but there are some clear vulnerabilities with this technology that can render it just as insecure as passwords. The true key to enhancing online account security is for password-free methods of verification to take the password’s place. Many companies are currently experimenting with new methods that utilize biometrics to identify a person rather than a static password. These include everything from selfies and fingerprints to more subtle methods of identification like your face shape and voice pattern. Companies like Google are focusing on combining multiple biometric elements for a stronger method of authentication that (hopefully) can’t be cracked or faked as easily by hackers.

Smartphone security will becoming more important than ever

As security expert Bruce Schneier mentioned during the recent House committee hearing, our smartphones are no longer simply devices that make phone calls. They are computers with the capability to make phone calls, as well as control various devices in our homes, access our bank accounts, make a payment at a shop without us ever having to reach for our wallets and much more. Despite this, the average person takes far fewer security precautions with their smartphones (and other mobile devices) than they would with their laptop or desktop computer. It’s more important now than ever before for people to implement strong security practices when it comes to their smartphones — such as never connecting to unsecured Wi-Fi networks and learning how to spot and avoid downloading fake apps. There are plenty of ways consumers can protect their phones, such as utilizing the security features available for keeping their screens locked and using a cloud storage service to back up their files to keep as little data stored on their device as possible.

Consumers also need to recognize that there are inherent risks all around them when it comes to having their data stolen and their devices infiltrated. Therefore, it’s important to understand the risks and know what to do in the event you become a victim of ransomware or find out your personal information has been leaked in a data breach. Do you know how to recognize a phishing email? One of the key tools to fighting cybercriminals is knowledge. Fortunately, you can follow our identity theft protection blog to get all the tips, information and news you need to know about protecting yourself no matter what the future of cybersecurity brings.