What should CISOs be prioritising in 2019?

What should CISOs be prioritising in 2019?

There is no doubt that 2018 has been a memorable year for cybersecurity professionals and the industry as a whole. From overseeing the implementation of the General Data Protection Regulation (GDPR), to the record-breaking number of data breaches, CISOs have had increasing pressures on their shoulders. And, as technologies like Artificial Intelligence (AI) gain more prominence and emerging technologies such as quantum computing are pursued even further, 2019 looks like it could be another hard year for the industry.

With all this in mind, what might the next 12 months bring the security industry?

Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users behaviours, and organisations systems. Adapting to its surroundings, the malware will unleashing a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role– the Cloud Migration Security Specialist – to help the CISO securely manage the transition. Whether the role is internal or external, a vital part of supporting the CISO is to ensure that as workloads transition to the cloud they are secure from any potential hackers.

Payments Journal – New York CyberSecurity State of Mind

paymentsjournalThe conversation around data protection is heating up as governments start to think more strategically and globally about information security and breaches. It’s increasingly clear that we need standardized cybersecurity regulations and more intense enforcement to track criminals across borders. In the wake of tough new regulatory frameworks adopted by the European Union and California, the U.S. Commerce Department is seeking comments on how to set nationwide data privacy rules.

To read the full article click here.

Information Age – A CTO guide: Cyber security best practice tips

information-age-logo-text-onlyAs part of Information Age’s Cyber Security Month, we have provided three CTO guides on cyber security: the challengesthe technology and the best practices. This is the last one, and will focus on cyber security best practice tips, with some insights on how CTOs, or CISOs or those in charge of security, can protect their organisation from the growing list of cyber threats, as well as increasing human error.

Jason Hart, CTO at Gemalto suggests that the cyber criminals are exploiting the arrogance of organisations.

“Senior leaders must be situationally aware and ensure that employees only have access to the data that they need at any given point,” he says.

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“Very few understand the critical importance of knowing the impact of people, data and business processes, and this is the weakness that cyber criminals are exploiting. There are those that are simply ignorant, who just aren’t looking or considering the impact of a data breach and those that are arrogant and believe they know it all, thinking that massive investment in the latest security products will stop a breach. But it’s this very arrogance that makes them vulnerable. In both cases, there is a serious lack of situational awareness.”

To read the full article click here.

Information Age: A CTO guide: The main challenges facing the cyber security industry

information-age-logo-text-onlyIn this guide, five CTOs provide their view on the main challenges facing the cyber security industry, with insights on how to overcome them.

Jason Hart, CTO at Gemalto, also says that the biggest challenge facing the cyber security industry is the growing cyber skills gap.

“There’s no shortage of young people capable of pursuing a career in cyber security. But, the trick is to ensure we nurture their skills and guide them towards using their talents for good, rather than acting as black hat hackers. Thanks to institutions such as GCHQ, initiatives are now being run around the UK that are aimed at producing the next generation of cyber security experts.”

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“As demand for these roles continues to increase in a post-GDPR world, governments, businesses and educators need to invest in these young people. Of course, they also need to train existing staff, use relevant solutions and be situationally aware, to remain secure and continue to comply with regulations now.”

To read the the full article click here.

CRN Online – Black Hat 2018: 10 Execs On The Top Cybersecurity Threat America Faces Around The 2018 Midterm Elections

crnVoting Under The Microscope

The November 2018 midterm contests have generated more scrutiny from a cybersecurity perspective than any election in recent memory due to the unprecedented high-profile data leaks and Russian-backed social media disinformation efforts during the 2016 election cycle.

In addition to a potential reprisal of all the issues from 2016, some observers fear that the voting machines themselves could be tampered with by a nation-state actor or agent.

CRN spoke with 10 executives and technical leaders at Black Hat 2018 to separate fact from fear, and get a sense of the most realistic scenarios that could cause disruption in the runup to the election or at the ballot box.

“A compromised user name or password is the single easiest way in for bad actors since the system isn’t able to distinguish between the intended or an unintended user entering the right password, according to Jason Hart, Gemalto vice president and CTO for data protection. By gaining access to election data, Hart said bad actors can cause reputational damage and discredit a candidate or their entire campaign”.

ITPro – Tech firms welcome Cyber Security Export Strategy

itproBut experts caution against nation state hacking risks, and urge firms to get basics right

The UK government’s new Cyber Security Export Strategy has been welcomed by tech industry experts who believe it will help small businesses secure contracts with overseas buyers.

The plan, published by the Department for International Trade (DIT) yesterday, sets out to support the UK’s cyber security companies and small businesses as they look to grow, and make the UK a global leader in the fight against cybercrime.

Data protection CTO Jason Hart said he is happy to see the UK sharing its expertise, but stresses the need for businesses to get the ‘basics’ right to fully protect their valuable data.

“The UK has long been a cyber security leader, so it’s great to see some of this expertise being shared with other countries,” he said.

“With much of our world now connected by valuable data, hackers can easily access this data unless everyone gets the basics right when it comes to security.

“Businesses need to be protecting what matters by encrypting the data at its source and restrict access via identity controls. If the UK can help other nations follow these basic security principles then we’ll go some way to better protecting our valuable assets.”

To read the full article click here.

ComputerWorld UK – Cyber security tips for UK businesses

computerworldukHere’s ten cyber security tips your business needs, from an ethical hacker.

The amount of data we create is increasing rapidly. According to IBM, every day we generate 2.5 quintillion bytes, so much that 90 percent of the data in the world today has been created in the last two years alone.

To read the full article click here. 

Silicon Republic – Wanted: IT security superheroes to fight cybercrime

siliconrepublicFrom WannaCry to Petya, it’s no wonder the cybersecurity sector is crying out for talent to fight ransomware. Hays’ Carolyn Dickason explores the increasing need for talent in infosec.

“The Breach Level Index highlights four major cyber-criminal trends over the past year. Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high-value targets,” said Jason Hart, Gemalto’s chief technology officer for data protection, in the report.

“Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases, such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid.”

To read the full article click here.

SC Media – Struggle is real: UK businesses unprepared for cyber-attack response

scmediaBusinesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don’t have a response plan – or don’t even know whether or not they have one.

“Security training within businesses today is essentially not working. There needs to be different types of training for different types of individuals within the organisation. More importantly, the training needs to highlight the potential impact of security breaches to specific individuals,” Hart said.

“Security ultimately needs to be transparent to the individual user. We are a long way from that point today. But there are hopeful signs. The onward march of AI and behavioural analytics is helping drive the process and the move to cloud and microservices will help to accelerate it. Looking to the future, however, if this is to be sustained, we need to see more collaboration between technology vendors and cloud providers and vendors need to make security simpler and easier for users,” Hart said.

To read the full article click here.

Auto World News – Cuber Experts Predicted that a Major Bank Failure Will Happen at Some Point This Year, Cyber Hackers are Getting Powerful?

 

logo_autoworldnewsAccording to some cyber experts, a major bank failure will happen at some point this year. And if the attack could happen, it will leave thousands of accounts penniless.

Jason Hart, Technology officer of Gemalto said that hackers are also altering data with dire consequences. He also stated that data integrity attacks are very scary since it has the power to take down an entire company and beyond.

To read the full article click here.