From the HBO cyber attack which leaked episodes of Game of Thrones, to the worldwide Wannacry attack which targeted different industries in a range of countries, cybercriminals are becoming more sophisticated and organised when it comes to malicious attacks, employing a range of tactics to ensure maximum disruption and financial gain. As a result, 2017 has been a wakeup call for organisations, in terms of assessing their content and implementing processes to organise, help protect sensitive data, and defend against attacks.
Many Enterprises Will Scramble to Become GDPR Compliant at the Final Hour, While Some US States Adopt Their Own GDPR-like Regulations.
Starting on May 25, 2018, The General Data Protection Regulation (GDPR) will be the global law of the land. Any business, whether based in Europe or anywhere else, that interacts with personal data belonging to EU citizens will be subject to it. Failures to achieve and maintain compliance with the regulation will result in financial penalties of up to 4% of annual global revenues as well as severe damages to reputation and brand, which have global reverberations.
Multi-national businesses have started to set-up GDPR compliance teams and yet it seems that most have a long arduous journey to compliance. Unlike most statutory legislation emanating from the EU, GDPR is based on both the “letter and spirit” of the law, and this means the burden is placed on organisations to ascertain how to comply. This process of discovery will be foggy and filled with uncertainty as most compliance teams will likely struggle with how to best interpret the guiding principles, measure the impacts/ risk to their current GDPR responsive business processes/data, and finally establish a framework to monitor all this. Companies that haven’t invested in technology or kept up with the pace of innovation to protect data will feel the most pain.
In the US, some states will begin to implement their own GDPR-like regulations. For instance, companies now doing business in New York must comply with the New York Department of Financial Services’ Cyber Security Requirements.
Data Breaches will increase in frequency and scope in 2018.
High profile data breaches, such as Equifax, have dominated the news agenda in 2017, and the reality is that these will only increase in frequency and scope in 2018. Now is the time for enterprises to act and implement effective measures to secure data against cyber attacks – but many don’t realise that content management is the missing piece in their cyber security strategy.
Making the Cloud more secure will continue to be a top priority.
In 2018, we’ll see more collaboration between nimble private companies and the behemoth Blue Chip tech players on how to make the cloud more secure, including an increased focus on hybrid clouds, multi-cloud management and a modern container-based approach. This new hybrid cloud technology will allow organisations to test the capabilities of cloud without having to go all in.
Watch for the Rise of the Chief Security Officer.
As more enterprises take security seriously, we will see the rise of the Chief Security Officer (CSO) or Chief Information Security Officer (CISO) added to the C-suite. There will be a growing awareness among senior management that security is no longer purely a technological issue and can no longer be constrained solely to IT. Information security is really a risk issue and that means it’s a business challenge that needs broader solutions. There’s also more technology in the workplace than there has ever been before. The addition of DevOps, cloud, IoT, BYOD, and Big Data mean that an organisation’s attack surface is only growing, and it needs a guardian – and that’s the CSO.
[su_box title=”About Ankur Laroia” style=”noise” box_color=”#336588″][short_info id=’103383′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.