Just Food – UK companies “lack understanding of cyber security threats” – government report

just-foodA UK government report highlighting a significant lack of understanding among directors of FTSE 350 companies of how cyber attacks can hit businesses has been dubbed “alarming” by a cyber security professional.

The Government report, published today, found only 16% of boards have a full understanding of the impact from and disruption associated with cyber attacks, despite 96% having an established cyber security strategy.

“It’s alarming to see that the boards of the UK’s biggest businesses don’t understand the impact of cyber attacks, especially given that the impact of a serious attack is absolutely proven to impact revenue, reputation and even individual jobs,” said Jason Hart, CTO of Data Protection at Gemalto and former ethical hacker, in response to the report.

To read the full article click here.

The Future of Cybersecurity – A 2019 Outlook

The Future of Cybersecurity – A 2019 Outlook

 

This post also appears on the Gemalto Enterprise security blog here.

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

What should CISOs be prioritising in 2019?

What should CISOs be prioritising in 2019?

There is no doubt that 2018 has been a memorable year for cybersecurity professionals and the industry as a whole. From overseeing the implementation of the General Data Protection Regulation (GDPR), to the record-breaking number of data breaches, CISOs have had increasing pressures on their shoulders. And, as technologies like Artificial Intelligence (AI) gain more prominence and emerging technologies such as quantum computing are pursued even further, 2019 looks like it could be another hard year for the industry.

With all this in mind, what might the next 12 months bring the security industry?

Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users behaviours, and organisations systems. Adapting to its surroundings, the malware will unleashing a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role– the Cloud Migration Security Specialist – to help the CISO securely manage the transition. Whether the role is internal or external, a vital part of supporting the CISO is to ensure that as workloads transition to the cloud they are secure from any potential hackers.

Payments Journal – New York CyberSecurity State of Mind

paymentsjournalThe conversation around data protection is heating up as governments start to think more strategically and globally about information security and breaches. It’s increasingly clear that we need standardized cybersecurity regulations and more intense enforcement to track criminals across borders. In the wake of tough new regulatory frameworks adopted by the European Union and California, the U.S. Commerce Department is seeking comments on how to set nationwide data privacy rules.

To read the full article click here.

Information Age – A CTO guide: Cyber security best practice tips

information-age-logo-text-onlyAs part of Information Age’s Cyber Security Month, we have provided three CTO guides on cyber security: the challengesthe technology and the best practices. This is the last one, and will focus on cyber security best practice tips, with some insights on how CTOs, or CISOs or those in charge of security, can protect their organisation from the growing list of cyber threats, as well as increasing human error.

Jason Hart, CTO at Gemalto suggests that the cyber criminals are exploiting the arrogance of organisations.

“Senior leaders must be situationally aware and ensure that employees only have access to the data that they need at any given point,” he says.

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“Very few understand the critical importance of knowing the impact of people, data and business processes, and this is the weakness that cyber criminals are exploiting. There are those that are simply ignorant, who just aren’t looking or considering the impact of a data breach and those that are arrogant and believe they know it all, thinking that massive investment in the latest security products will stop a breach. But it’s this very arrogance that makes them vulnerable. In both cases, there is a serious lack of situational awareness.”

To read the full article click here.

Information Age: A CTO guide: The main challenges facing the cyber security industry

information-age-logo-text-onlyIn this guide, five CTOs provide their view on the main challenges facing the cyber security industry, with insights on how to overcome them.

Jason Hart, CTO at Gemalto, also says that the biggest challenge facing the cyber security industry is the growing cyber skills gap.

“There’s no shortage of young people capable of pursuing a career in cyber security. But, the trick is to ensure we nurture their skills and guide them towards using their talents for good, rather than acting as black hat hackers. Thanks to institutions such as GCHQ, initiatives are now being run around the UK that are aimed at producing the next generation of cyber security experts.”

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“As demand for these roles continues to increase in a post-GDPR world, governments, businesses and educators need to invest in these young people. Of course, they also need to train existing staff, use relevant solutions and be situationally aware, to remain secure and continue to comply with regulations now.”

To read the the full article click here.

CRN Online – Black Hat 2018: 10 Execs On The Top Cybersecurity Threat America Faces Around The 2018 Midterm Elections

crnVoting Under The Microscope

The November 2018 midterm contests have generated more scrutiny from a cybersecurity perspective than any election in recent memory due to the unprecedented high-profile data leaks and Russian-backed social media disinformation efforts during the 2016 election cycle.

In addition to a potential reprisal of all the issues from 2016, some observers fear that the voting machines themselves could be tampered with by a nation-state actor or agent.

CRN spoke with 10 executives and technical leaders at Black Hat 2018 to separate fact from fear, and get a sense of the most realistic scenarios that could cause disruption in the runup to the election or at the ballot box.

“A compromised user name or password is the single easiest way in for bad actors since the system isn’t able to distinguish between the intended or an unintended user entering the right password, according to Jason Hart, Gemalto vice president and CTO for data protection. By gaining access to election data, Hart said bad actors can cause reputational damage and discredit a candidate or their entire campaign”.

ITPro – Tech firms welcome Cyber Security Export Strategy

itproBut experts caution against nation state hacking risks, and urge firms to get basics right

The UK government’s new Cyber Security Export Strategy has been welcomed by tech industry experts who believe it will help small businesses secure contracts with overseas buyers.

The plan, published by the Department for International Trade (DIT) yesterday, sets out to support the UK’s cyber security companies and small businesses as they look to grow, and make the UK a global leader in the fight against cybercrime.

Data protection CTO Jason Hart said he is happy to see the UK sharing its expertise, but stresses the need for businesses to get the ‘basics’ right to fully protect their valuable data.

“The UK has long been a cyber security leader, so it’s great to see some of this expertise being shared with other countries,” he said.

“With much of our world now connected by valuable data, hackers can easily access this data unless everyone gets the basics right when it comes to security.

“Businesses need to be protecting what matters by encrypting the data at its source and restrict access via identity controls. If the UK can help other nations follow these basic security principles then we’ll go some way to better protecting our valuable assets.”

To read the full article click here.

ComputerWorld UK – Cyber security tips for UK businesses

computerworldukHere’s ten cyber security tips your business needs, from an ethical hacker.

The amount of data we create is increasing rapidly. According to IBM, every day we generate 2.5 quintillion bytes, so much that 90 percent of the data in the world today has been created in the last two years alone.

To read the full article click here.