Protecting data privacy should be a board level priority for all organizations. Understanding both legal and operational requirements should not be passed over quickly as the devil is in the details on these matters. Companies should post privacy statements and consumers should read them to determine if the company’s policies are sufficient to protect their information and rights. Noting, this goes well beyond just reading a cookies banner. If these statements are not clear or complete, it may be wise to seek out suppliers that maintain proper levels of security and rights administration.  Read Less

2020 will be the year of API connectivity. Driven by the need for on-demand services and automation, there will be a surge in requirements for the use of technology that interconnects through APIs. Vendors that don’t interconnect may find themselves passed over for selection in favour of others with API access that add value to existing solutions. DevOps capabilities will continue to increase their significance in moving projects to products, with only 9% of technology professionals responsible for the development and quality of web and mobile applications stating that they had not adopted DevOps and had no plans to do so. This will drive an increased focus on DevSecOps and how opensource software is managed within projects. We will begin to see more examples of the theft of encrypted data as cybercriminals begin to stockpile information in preparation for the benefits of quantum-computing where traditional encryption will become easy to crack. The advances in quantum computing that Google has recently published bring this possibility closer to becoming reality. Significant issues will surface around the lack of adequate detection of threats that have bypassed prevention defences. To combat this, in 2020, we will see the addition of deception technology into security framework guidelines, compliance requirements, and as a factor in cyber insurance premiums and coverage.  Read Less

Why cyber criminals are targeting SMEs? Most cybercriminals prey on human error, manipulation, and the path of least resistance. A SME often has far less resources and a lower level of talent than an enterprise, making them prime targets for faster and less complicated attacks. With some basic research on an SME’s industry, their applications, and processes, an attacker can build an attack that they can “spray” across that industry. It is not necessarily a complex attack, nor are their aspirations for the largest of payouts. The ROI is simply based on being able to target like types of companies and their weaknesses and to be able to easily rinse and repeat their attack. Ransomware is also commonly a SME attack of convenience. The payout is immediate, and all too often paid, as the alternatives could be so severe that the business may not be able to recover. It provides new definition to application of “Account Based Marketing” strategies. What are the other cyber threats that SMEs face and the steps they can take to stay one step ahead of attackers? Although it is unlikely that an attacker would apply an APT to an SME for minimal likely payout, they will have endless opportunities to repackage exploit kits for mass malware or remote access tool (RAT) distribution. Sooner or later, a chink in the armor will be found and the attacker is in. Once the attacker is in, many SMEs have simply not made adequate investment in in-network detection tools, leaving the attacker with the freedom to roam throughout the network at their own pace in order to complete their attack. SME’s should not succumb to being a sitting duck and react only once the attacker has launched a successful attack. The best defence for staying one step ahead of an attacker is to add in the ability to detect threats that have bypassed their anti-virus and firewall perimeters both quickly and accurately. Gartner, Inc. recently highlighted deception technology as a critical security control for SMEs at their recent Security and Risk Summit. They emphasized the technology because it is extremely accurate, easy to manage, and does not require highly skilled operators, which has been the Achilles heel of other forms of detection technology. A quiet but silent set of landmines within a network, deception technology should be on every SME’s checklist to ensure that attacker’s do not go undetected or responded too.  Read Less