With GDPR from May 2018 changing the way many businesses operate and several high profile data breaches hitting the headlines, last year was not a smooth road. Moving into 2019, we can expect to see many businesses still scrambling to get to grips with compliance, securing data and regaining the trust of their customers, writes Dan Panesar, VP EMEA, at the cyber product firm Certes Networks . He looks at what we might expect to see in 2019 and the key trends shaping the cyber security landscape.
Although for many businesses it required an overhaul of process, ultimately GDPR has led to an increased awareness of how data should be protected and secured. For the most part, businesses now take their data more seriously, but for some internet giants however, there could be punishment on the cards. Countless complaints have already been lodged against huge brands such as Facebook, Google and Amazon for not protecting their data. There are rumbles that the EU is looking to take action next year and assess whether these large corporations are complying with GDPR. It was bound to happen at some point, but who will be first to be made an example of?
It’s not just the business aspect that will impact these organisations either – consumer trust is wavering. Facebook reported a drop of three million daily users following the Cambridge Analytica scandal. With another data breach under its belt for 2018, it wouldn’t be surprising if those numbers continue to drop. Reputation is important, so if users don’t feel their data is secure, organisations must work to instil their confidence. Compliance is more than just security; organisations must put the correct Information Assurance (IA) policies in place to make sure the whole business is in line with regulation.
We have already seen that a large-scale ransomware attack can bring the NHS to its knees – just think what these attacks could do to national infrastructure. Next year, targeted ransomware campaigns will focus on utilities and Industrial Control Systems (ICSs). These attacks will result in dramatic consequences such as blackouts and loss of access to public utilities.
The sophistication of ransomware has increased significantly on the internet over the past five years, starting with CryptoLocker, the first really successful crypto-ransomware, and culminating with WannaCry, the first fast-spreading ransomware. In 2018 hackers have shifted to targeted attacks that come with bigger payouts, recognising that launching ransomware against organisations that offer critical services increases the odds that the ransom will be paid. And, as 45 percent of all ransomware attacks in 2017 targeted healthcare organisations, such the NHS in the UK, this could be an area to watch in 2019.
Given the large financial and reputational risk associated with a data breach, cyber security is finally becoming an item on the boardroom agenda. Let’s face it, when a data breach happens, the finger is always going to point to someone on the board, be it the CISO (Chief Information Security Officer), CIO (Chief Information Officer) or CEO (Chief Executive Officer). Many organisations are placing a new found emphasis on their CISO. Those organisations who employ someone specifically to deal with cyber threats will do so either because they have the right IA mindset or because of the increasing pressures around governance, risk and compliance. It is imperative that boards of directors understand not only the risks associated with cybersecurity but also the strategies their CISO will put in place. The high profile data breaches we’ve all been analysing this year mean that cybersecurity will be driven up the boardroom agenda for many months to come.
With networks continually expanding beyond the traditional perimeters of an office network, extending to more users, devices and locations than ever before, getting security right is more important than ever. Software-Defined Networks (SDNs) are nothing new, but security has not evolved with them so the traditional method of securing the network no longer works. In 2019, the emphasis put on SDNs by businesses will lead to increased adoption of an overlay security model that doesn’t compromise the performance of the network. It is only by changing the security mindset to securing the data as opposed to the network that organisations can have true IA.
Cyber security is an ever-changing landscape with threats evolving daily. One thing is clear: digital transformation can only be enabled if organisations deploy effective data security. Those who secure their data properly will not be held back. The defeated will be those who stick with the old mindset and risk compromise.