S6, E237 - Navigating Chaos, Uncertainty & Doubt in 2025 Artwork

Privacy Please

Tune into "Privacy Please," where hosts Cam and Gabe engage with privacy and security professionals around the planet. They bring expert insights to the table and break down complicated tech stuff everyone can understand.

All Episodes

Privacy Please

S6, E237 - Navigating Chaos, Uncertainty & Doubt in 2025

March 12, 2025 • Cameron Ivey

Send us a text

We explore how uncertainty and chaos create both vulnerabilities and opportunities in privacy and security. Amid global turmoil, cybersecurity professionals must adopt a bias toward action to counter increased threats that thrive in chaotic environments.

• Chaos serves as a smoke screen for malicious actors, just as DOS attacks once distracted from network intrusions
• Recent Ghost ransomware attack affected 70 countries but received less attention due to global uncertainty
• Security resource contraction combined with increased noise creates fertile ground for more breaches
• AI may cause job losses primarily in roles created to support the initial AI boom
• States are tightening data breach reporting requirements with class action lawsuits doubling or tripling since 2022
• Some states introducing "safe harbor" laws to shield businesses that implement strict cybersecurity standards
• Elon's Department of Government Efficiency (DOGE) faces 11 lawsuits for allegedly violating Privacy Act of 1974

Support the show

Speaker 1: 0:44

Ladies and gentlemen, welcome to another episode of Privacy, please. I'm Cameron Ivey here with Gabe Gumbs, and today's show is about uncertainty. We're going to talk about creating opportunities in privacy, security and risk management, gabe. Okay, in times of chaos, we often see new ideas emerge. Okay, but that also presents challenges around our moral boundaries. Anyways, that's today's show. That's the theme today uncertainty. What are your thoughts on that, gabe? A lot of things going on around the world, a lot of uncertainty and a lot of chaos.

Speaker 2: 1:21

Let's throw doubt onto that Flyer.

Speaker 2: 1:23

Uncertainty chaos and doubt. Yeah, there's doubt about things getting better sooner. There's doubt about what direction things might go in. That's part of the uncertainty factor. The chaos, the chaos is equally tied up in that right. It's hard to know. Because of all of those uncertainties and doubts, it does create chaos. You've got a lot of different people planning for different things and moving in different directions.

Speaker 2: 1:45

And why is that relevant on a show about cybersecurity and privacy? I think one of the primary reasons it's relevant is chaos is a fertile breeding ground for bad guys. Bad guys love a good smoke screen to get busy. In the old days we'd throw smoke screens like just good old-fashioned DOS attacks and while you were busy trying to keep your networks alive and from getting drowned in, you know freaking ICMP echoes, 25 years ago we were busy freaking routing through your network. That hasn't really changed. The only thing that's changed is the tactics and maybe some of the techniques, but ultimately the leveraging chaos as a smoke screen for cybersecurity harm and privacy harm is very real. It's very, very real. It's scary and there's a lot of uncertainty. You've seen those financial markets. Oh boy, that volatility. I tell you what. Don't be looking at your 401k.

Speaker 1: 2:44

Hey Gabe, what do you mean? What 401k.

Speaker 2: 2:48

All right, you're talking about those people that all got laid off and now are Speaking of.

Speaker 1: 2:55

I mean, yeah, times have changed. I remember my dad, my father's father. It was all about working hard and getting to retirement, so you have retirement. I mean, I don't even think that exists for this generation.

Speaker 2: 3:09

It's not going to. It's hard to see for many it is. It's extremely hard to see for many. This kind of uncertainty is certainly unhelpful, very unhelpful.

Speaker 1: 3:20

Yeah, and retirement in general doesn't seem exciting anyways, because if I have nothing to do I'm just going to be be. What? Are you just going to sit there and travel, I mean, I guess, if you have the money?

Speaker 2: 3:32

make you a deal in uh 20, 30, 40 years from now. If we're still not doing anything, let's record another show. Check it, okay let's keep podcast or whatever podcasting becomes in 20, 30 years from now. Now, let's do that, let's do that.

Speaker 1: 3:48

I don't even know what it's going to be. I mean it's I don't know. I don't know either. So uncertainty, how does that present opportunity, gabe, when it comes to all these, there's so much chaos going on, and even in the tech world, with layoffs, with ghosts, with Doge, with ransomware attacks and people being laid off and all that kind of thing. Where's some of that opportunistic insight that you can think of that might be helpful for those that might be dealing with that kind of stuff? Where do you think the opportunity?

Speaker 2: 4:21

comes from. Last week we discussed the FBI warning about the ghost ransomware that attacked. What was it? 70 different countries. I think that's one clear example of where cybersecurity and uncertainty meet in the real world. Under other circumstances, 70 different nations being hit by the same ransomware group might otherwise cause a little bit more noise in the room.

Speaker 2: 4:44

And those kinds of things are not causing the same kinds of noise.

Speaker 2: 4:47

People getting laid off from cybersecurity positions, both in the government and in private sector, are very much contributing to that.

Speaker 2: 4:54

So you have this contracting of resources to protect ourselves and you have this amplification of noise that is able to mask other activities and, as I mentioned already, that becomes a recipe for more breaches. That becomes a very, very fertile ground for more breaches, because I don't just want to get into saber rattling and a lot of fear mongering. I do want to be clear, though, that this is a thing to be worried about, but there is action here to be taken right Like. This is a call to action. This is a call to all the folks that are in this line of work to take it seriously that we may not necessarily have the luxury of weeks and months to plan our next defensive steps. Have a bias towards action right now. Right now, even if they're small actions to secure your data, even if they're small actions to secure your privacy, collectively, as organizations and as individuals, I like that I don't think what's happening right now is on anyone's bingo card about, you know, dealing with all these layoffs and things.

Speaker 1: 6:00

I think the main effect would have been around AI, or at least the worry was. But we've always talked about how AI isn't necessarily a threat to take people's jobs. If anything, it's more of an opportunity to create more jobs. So is there a way that we can kind of look at it the way that we're going through things now in a positive light?

Speaker 2: 6:20

What could possibly be at the end's nothing positive on the other end of this, but I think, in order for us to get to the positive, it is exactly that, though. It's the coming together to solve these problems together. Yeah, the real opportunity here is for all of us to work closer on those things Again, as people and as organizations, as security professionals, as security builders, breakers, defenders. That's the real opportunity. The opportunity is to come out of this stronger, and that is the positive thing I think I do see at the other end of this is I think I do see some positive things coming out the other end of this. I think AI is going to cost some folks some jobs, but I think what it's going to cost is some jobs that were recently created to support the big AI boom, and, as the AI boom contracts, we'll see those jobs contract with it. I think we'll come out stronger as technologists and countries and businesses that are heavily relying on technology, but that call to action in order for us to come out to the positive side that's happening.

Speaker 1: 7:33

We'll be right back. No, no, we'll keep it right here. I should have said it on that longer pause earlier, but uh I'll take that all right.

Speaker 2: 7:43

So let's switch gears a tiny bit, but let's stay on the topic of uncertainty, or at least maybe where there is more certainty currently in the world. At the top of the year we talked about a lot of data privacy laws. There was some uncertainty coming into the years to where some of these were going, but I know you've got some updates on where some of the state level data privacy stuff is settling in, and maybe even at the federal level too.

Speaker 1: 8:06

Yeah, I mean this kind of goes back to our conversation last week around the FBI and the data breach that we had mentioned. So data breach laws right now are definitely tightening and businesses definitely need to stay on top of that. You know states like Pennsylvania, utah, florida, for example, they're expanding their reporting requirements, so class action lawsuits are definitely taking their I would say double to tripling from 2022 to 2023. So that surge is continuing to rise. Today Now there are some states that are kind of introducing safe harbor laws shielding businesses from liability, things like strict, strict cybersecurity standards. Ohio kind of started that back in 18. A Tennessee's version takes an effect this year but, similar to Florida and West Virginia, they were vetoed over concerns they might kind of decrease consumer protections. Lots of things going on. I mean, I think that kind of tells us that states are trying to keep up, they're trying to tighten things as the landscape of privacy continues to evolve as well with the data breaches and stuff. Gabe, what does that tell you?

Speaker 2: 9:33

tells me, tells me, tells me. Things aren't just getting held up, installed, which is great. I don't know that we'll get to anything at the national level any sooner, though, but it sounds like there's some, some clarity that will come through.

Speaker 1: 9:40

At least this process and conversations, yeah um, and since we were talking about doge earlier, just to give everybody an update if they're not really too into the weeds with it, so doge again has been facing lawsuits over alleged data privacy violations. Elon's Department of Government Efficiency is facing 11 lawsuits to today over its access of millions of Americans' personal data across multiple federal agencies. They basically violated the Privacy Act of 1974 with claims that it illegally accessed student loan records, tax information, government job applications, etc. The lawsuit is it's a pretty serious privacy risk, as we all know. But if you weren't aware of that, it's pretty. I mean 11 lawsuits.

Speaker 1: 10:28

I'm sure there's going to be more added on to it. Lots going on in that area. There's going to be more added on to it. Lots going on in that area. Anyways, gabe, I think that wraps up today's episode. So again, thanks for listening in. I know this episode was a little different than usual, but there's a lot going on in the world. We're trying to stay up with those things and we want to dig deeper into that stuff. So hopefully you enjoyed and we'll catch you guys on the next one.

People on this episode

Cameron Ivey

Host

Gabe Gumbs

Co-host