Cyber security is a continually changing landscape and keeping up to date with the latest threats can be exhausting for most. Therefore, anticipating what’s next in the cyber industry is a bit like trying to predict the weather.
The year 2018 saw the European Union’s General Data Protection Regulation (GDPR) come into effect on the 25th of May which sent organisations scrambling to make sure that they were compliant with the new legislation.
We also saw cyber security make headlines last year with huge companies, Facebook, British Airways and Eurostar all suffering massive data breaches which led to eroded consumer trust in many organisations’ abilities to keep personal data safe.
Looking forward to the next 12 months, we’ve highlighted some of the catching trends we think will take centre-stage in the infosec community.
Last year was indeed a busy year for the Information Commissioner’s Office. One of the many things that the GDPR did was bring data protection to the forefront of people’s minds.
You can recap on some of the most hard-hitting headlines about large companies suffering data breaches by taking a look at our review of 2018.
Once the 25th of May came and went, many companies let out a big sigh of relief after months of rushing to become compliant before the sky fell in on the GDPR launch date.
Security processes were reviewed and privacy policies updated, and so, that’s it, we can finally see the back of the GDPR, right? Not at all.
We’re still yet to see an organisation become struck with one of the tremendous €20 million (or 4% of annual turnover) fines that set the bar as to what classes as ‘too far’ when breaching the new EU legislation. Once we see the first one come in, the information security industry will once again be sent scrambling to bring themselves over the line of compliance.
The Internet of Things (IoT) has been one of the most prominent emerging technologies over the last few years that has caused significant disruption to information security both at home and in the workplace.
Although, with new technologies also comes new challenges.
Due to the benefits and convenience that the IoT brings to the table, organisations are increasing the number of connected devices they use at a rapid pace without much thought for security. As it stands, the IoT is not secure and it’s creating gaps in firewalls that cybercriminals will look to exploit.
The accelerated demand for IoT devices has put the information security sector on a timer that could leave the fate of IoT devices balancing on a knife’s edge.
Ransomware and other pieces of malware are nothing revolutionary. It’s a constant battle for industry white hats to stay abreast of new threats and come up with the best ways to counteract them.
According to Sophos, ransomware programs have started to develop ways to infect systems such as going fileless and using built-in Windows tools, such as, PowerShell to pass firewalls undetected.
Because programs like this are essential for Windows to run and come from legitimate sources, traditional antivirus solutions fail to identify and quarantine them.
Infosec professionals have been rushing to find a way to combat these new threats that turn our trusted systems against us.
The price tag of a breach doesn’t stop at the value of the money or information compromised. Organisations falling victim to a cyber attack will also have to contend with the long-term reputational damage to their relationships with their customers, that most small to medium sized organisations won’t be able to recover from.
The Facebook and Cambridge Analytica scandal left the social media giant working to regain trust amongst its user base, however, this won’t be a straightforward task as 31% of people in a recent Creative Strategies survey said that they would be using Facebook less in future as a result of the breach.
As cyberattacks are on the increase with no sign of slowing down, small and medium sized organisations will now need to improve security and secure themselves against data breaches.
Cisco’s 2018 Cybersecurity Report revealed that 53% of mid-market companies in 26 countries had experienced a breach. The report also shows that just over half of cyber attacks caused damages exceeding $500,000, making surviving them an almost impossible task for such organisations.
Unsurprisingly, there is no silver bullet to this problem but there are actions that small and medium sized businesses can take to remedy this. But there are many measures that they can take to prevent such attacks from happening in the first place.
If you’re looking to increase security awareness in your organisation this year, why not take a look at our Cyber Security Awareness Training course for staff.
Digital Media Centre