Summarising a year in a few hundred words is not usually an easy task - but this year, from a technology perspective, two words hold the key to every major story: data security.
Whether it is the fallout from alleged Russian interference in the US Presidential election, the new botnets created by poorly-secured Internet of Things devices, or ever-increasing regulation, data security has never left the front pages. The impacts of failures to secure data, and competing legislative attempts to impose tougher obligations to secure personal data, whilst allowing for greater Government surveillance, have set the narrative throughout the year. Add to this the continued rise of Artificial Intelligence - agents made of nothing but data - and the need for organisations to be taking data security ever more seriously is clear.
So what lessons can be learned?
Playing the Trump card
The 2016 US Presidential election has underlined that IT security really is an issue for the national and international stage. Senator Clinton's arrangements in relation to her personal email server had been the subject of criticism from the Republican campaign throughout the election, but became a particularly nasty 'October surprise' in the dying days of the campaign when FBI Director James Comey revealed that the investigations into the Senator's email servers had been reopened. Although the story had moved on by election day, Bill Clinton has indicated that he believed this late intervention played a crucial role in costing his wife the election.
That eleventh-hour revelation was the cherry on top of a veritable gateaux of hacking-related intrigue during the campaign. The revelation of masses of emails from Hilary Clinton's campaign on WikiLeaks caused furore around the time of the Democratic National Convention. These email releases, amongst other events, are now being laid at the door of Russia by US authorities. Whilst Russia continues to deny its involvement, public statements by President Obama and representatives of the CIA and FBI have been clear in linking the attacks to the Russian administration.
If the accusations are true, the implications for international relations are undoubtedly significant. Whoever may be behind it, the hacking stands as a warning to other democracies - secure systems are critical for those standing for office.
Less Yahoo! More Yikes!
Revelations from Yahoo in December that up to one billion of its user accounts have been compromised marked the largest data breach incident of the year, dwarfing the breach reported by Yahoo! Itself in September. Yahoo! Has not stated explicitly who it believes to have been behind the attack, beyond laying it at the door of 'a Government'. The attack appears to have relied on forged cookies, granting attackers access to accounts as if a user were already logged in.
Whilst the numbers involved in the Yahoo! incident are enormous, reports from insurers dealing in cybersecurity products show a significant increase in 2016. Numbers published by CFC Underwriting show a 78 per cent rise in claims. Worryingly, CFC's numbers indicate that 16 per cent of claims relate to ransomware attacks - meaning that the claimant has been locked out of its IT systems and the hackers are demanding payment before they will unlock them.
Given the very obvious customer confidence and trust implications of any breach - let alone the legal and regulatory consequences - these numbers underline that it remains imperative for businesses to act now and do all that they can to avoid being seen as the easiest target.
Dialling up the tension on law enforcement powers
It is one thing for hackers to gain access to data using covert means, but quite another for a government to subpoena information. The FBI tested the limits of this in March, when trying to gain access to a locked phone belonging to one of the shooters involved in the San Bernardino terrorist incident. It demanded that a 'back door' be added to the relevant phone via a software update. A stout refusal from the manufacturer led to legal action, with virtually every major technology company lining up to support the manufacturer. Public debate surrounding the case threw the issue of the extent of Government search and seizure powers into sharp relief.
Whilst the FBI managed to gain access to the phone in question via other means, this debate will surface again soon. In a post-Snowden world, the very considerable tension between law enforcement having access to data and individual privacy remains live issue.
In the UK, the same points have been raked over in the debates over the Investigatory Powers Act 2016, which (amongst other things) allows various public bodies to obtain access to which web sites an individual has visited. How long it will take before claims of excessive use of these powers surface remains to be seen.
Id-IoT proof doesn't need to mean insecure
Data security does not just mean computer security any more. When every smart lightbulb, thermostat or fridge is also an internet-connected device, they can all be compromised by hackers. The widespread use of default passwords and relatively lax security in the 'Internet of Things' (IoT) arena was thrown into sharp relief by a series of massive distributed denial of service (DDoS) attacks in October, largely powered by IoT devices. Now IoT vendors are left playing a rapid game of catch-up - the age old challenge of making devices secure but consumer-friendly has a swathe of new players.
GDPR - Greater harmony in the face of Brexit discord
As touched on above, the biggest regulatory news of the year was the final agreement on the EU's General Data Protection Regulation (GDPR). The GDPR was adopted in April, and after a two-year transition period, comes into force in May 2018. The Regulation updates and supersedes the data protection legislation in individual member states, bringing far greater harmony for businesses trading across the EU. Of particular note are: (i) the significantly increased fines for breach - now the greater of four per cent of global turnover or €20m; (ii) the obligation for organisations to appoint a dedicated Data Protection Officer; and (iii) direct obligations for those carrying out data processing activity. Therefore, those suffering major data breaches may suffer significant fines in the EU to add an extra sting to the cost of the breach itself.
The GDPR becomes law in the UK before any foreseeable Brexit date, and so UK businesses and those trading with the UK will need to comply.
And so to the future…
Other stories of interest saw everything from missing headphone jacks, self-driving taxis, consumer VR headsets and exploding phone batteries make the news… What might we expect in 2017?
The regulatory landscape is easy to predict - compliance with the GDPR will continue to be a major issue for business in, or that trade with, the EU. And there will continue to be hacks, data leaks and breaches on a grand scale - the only question is who will be next?
But 2017 may have a few surprises of its own - after much discussion, this may be the year that AI and automation really starts to have a major impact on jobs in some sectors. Watch out… the robots are coming.
Gareth Stokes, partner, Intellectual Property & Technology, DLA Piper
Image Credit: Tatiana Shepeleva / Shutterstock