From a cyber-security perspective, last year was certainly eventful! In May, GDPR finally came into effect in Europe, a move that demonstrated how governing bodies are finally getting serious about protecting its citizens’ personal data. Suddenly, organisations who operate in Europe are faced with new consequences should they fail to protect their sensitive data, propelling us all into the next chapter of the global cyber-security story.
We also saw cyber-security take centre stage in the geopolitical landscape as the conversation around state-sponsored hacking and attacks targeting critical infrastructures raised tensions across the globe. A recent example is news from McAfee that a new organised hacking operation, ‘Sharpshooter,’ is specifically targeting critical infrastructure providers in sectors such as energy, finance and defence.
From a business perspective, there is also cyber-security anxiety among decision makers, with many citing security and privacy as a factor that is hindering their digital transformation progress. Results from our recent Cycle of Progress survey showed that 40 per cent of all respondents listed security concerns as a prevalent issue, with 37 per cent also citing privacy.
While this may paint a gloomy outlook, we can prepare our defenses for the rest of 2019 and beyond. To help inform these plans, here are some of the key cyber-security trends we anticipate seeing this year:
New regulations impact data protection policies
The introduction of new data regulations, such as the EU’s GDPR will have a significant impact in 2019. While GDPR is good news for improving data security, it presents a major challenge for businesses. And while it has been in place for some months, major penalties for non-compliance have only just started to emerge in 2019. Organisations of all sizes are having to completely rethink their data protection policies to cope with multiple sets of ever-changing international data privacy regulations.
AI plays a bigger role in cyber-security
Artificial Intelligence (AI) has emerged as one of the most transformative technologies in recent years. In fact, global AI-derived business value will reach nearly $3.9 trillion by 2022, according to Gartner. However, the technology could also be used by hackers to launch increasingly sophisticated attacks. The good news is that AI can also be used by businesses to identify and protect against such threats. For example, machine learning-based cyber attack prediction platforms can help security researchers to triage threats and address the most urgent ones as quickly as possible.
Demand for cyber-security skills continues to rise
The skills needed to deal with continually changing cyber threats must evolve and the challenge for businesses is to stay ahead of the game. However, we are facing a global shortage of cyber-security skills in the workplace. There are 2.9 million open cyber-security positions, according to a recent report from the International Information System Security Certification Consortium, or (ISC)², which is a significant increase from the 1.8 million noted in the previous year’s report. As more companies go through digital transformation, we will see an increased focus on nurturing the required cyber-security skills among the existing workforce, as well as recruiting more specialists.
Focus continues to shift from prevention to resilience
In 2019, we’ll continue to see a shift away from prevention to resilience when it comes to security breaches. These threats can no longer be completely avoided so the focus should now be on identifying and dealing with these breaches as quickly as possible. Resources previously focused on cyber attack prevention will continue to be reassigned to protection well into 2019 and beyond.
IoT technology drives next-generation security
As Internet of Things (IoT) technology is becoming more prevalent, the challenge of protecting sensitive customer data has become increasingly complex. Manufacturers and service providers must ensure that their devices, platforms and software ensure a certain level of security for their users. As well as consumer hardware, such as smart home devices, IoT technology is also used extensively in the retail and manufacturing sectors, making security a priority. The rise of IoT is helping to drive the development of next-generation security frameworks that can be adapted to support emerging technologies and new security threats as they develop in future. What’s more, data generated by IoT devices can help to spot security flaws as well.
Businesses of all sizes at risk from cyber criminals
While large enterprises are clearly a target for major cyber-attacks, some 58 per cent of data breach victims are actually small businesses, according to a Verizon report. With less budget to spend on security, smaller businesses can be seen by hackers as soft targets, offering a high return for a minimal amount of effort. Typical cyber threats include ransomware, Distributed denial-of-service (DDoS) attacks and malware. According to the report, personally identifiable information (PII) was compromised in 36 per cent of all data breaches over the previous year, highlighting the importance of safeguarding against such attacks. The healthcare sector was the most frequent victim of cyber-attacks, says the report, while breaches in the financial industry have fallen, following large-scale investments in cyber-security.
Read our previous blog on the cyber security threats.