What should CISOs be prioritising in 2019?

What should CISOs be prioritising in 2019?

There is no doubt that 2018 has been a memorable year for cybersecurity professionals and the industry as a whole. From overseeing the implementation of the General Data Protection Regulation (GDPR), to the record-breaking number of data breaches, CISOs have had increasing pressures on their shoulders. And, as technologies like Artificial Intelligence (AI) gain more prominence and emerging technologies such as quantum computing are pursued even further, 2019 looks like it could be another hard year for the industry.

With all this in mind, what might the next 12 months bring the security industry?

Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users behaviours, and organisations systems. Adapting to its surroundings, the malware will unleashing a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role– the Cloud Migration Security Specialist – to help the CISO securely manage the transition. Whether the role is internal or external, a vital part of supporting the CISO is to ensure that as workloads transition to the cloud they are secure from any potential hackers.

IT Pro Portal – The rise of ransomware and data breaches have revealed the poor state of businesses cybersecurity

itproportalWhat can businesses do to avoid becoming a hacker’s easy target, and how should they keep their data safe?

As WannaCry and Petya made clear, high profile ransomware attacks are on the rise. In fact, in 2015 there were roughly 1,000 attacks a day, but by 2016 the FBI reports that number skyrocketed to 4,000 a day.

As the data possessed by organisations becomes increasingly valuable, these attacks, alongside data breaches and theft, are only going to grow in frequency. Organisations depend on data to make critical business decisions and investments. It’s the modern day oil, and means hackers are constantly looking for ways to leverage this data for their own benefit. But what can businesses do to avoid becoming a hacker’s easy target, and how should they keep their data safe?

To read the full article click here.

CSO – Protecting data: when confidence is overconfidence

csoonlineAccording to the recently released annual Data Security Confidence Index (DSCI), many businesses today are guilty of feeling overconfident about keeping hackers at bay, while at the same time failing to keep data safe.

American author, engineer and billiards Hall of Famer, Robert Byrne, once noted “confidence is overconfidence.” According to the recently released annual Data Security Confidence Index (DSCI), many businesses today are guilty of this flawed mindset; feeling overconfident about keeping hackers at bay, while at the same time failing to keep data safe.

To read the full article click here.

Help Net Security: The rising use of personal identities in the workplace

gemalto-122016-1

90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with 68% saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations.

 

“What’s clear is businesses feel their customers are not impressed with the authentication methods they’re using. This isn’t a surprise given focus is still on boosting perimeter defences and there remains a lack of investment in solutions like two-factor authentication and encryption, which aim to protect the most valuable thing, the data. It’s not just up to companies to start this process though, customers need to demand that they have access to these necessary security protocols,” said Jason Hart, CTO, Data Protection at Gemalto.

To read the full article click here.

10 years of cyber security; what the past decade has taught us

Cyber security

The difference ten years can make can be profound. 1966 looked nothing like 1976, and in each decade since, almost everything has changed. The Internet and globalization has meant that cultural shifts are less stark these days, but in terms of cyber security, 2006 feels like a long time ago.

This was a one year before the iPhone was launched, where 3G was just rolling out, and there was no such thing as apps. Streaming music, photo sharing, social networks were all in their infancy. In 2006, cyber security threats were very different to those today, as what was accessible to attackers was pretty limited.

Now, every aspect of our lives is stored in the cloud – from our banking and health records to our more personal identities – and we are generating significantly more data than ever before.

Evolution of threats

The type of threat has evolved to keep pace with this explosion in valuable data. Back in the early 2000s, most threats and malware were a nuisance, designed to simply disrupt or frustrate users.

Then in 2008, the Zeus Trojan was unleashed, that grabbed banking details via key-logging and form grabbing. Years later, 100 people were arrested for having stolen over $70 million thanks to the software.

This was the start of a much more professional approach to cyber-crime. Viruses, Trojans and worms started to be created to steal money or sensitive corporate information. Variants of the Zeus Trojan still plague computers to this day, and played a part in one of the biggest consumer hacks to date, that of Target in 2013.

It is key to remember, that as soon as something connects to the Internet, it becomes vulnerable. As we add connectivity to new things, everyone involved should be aware of the risks. Take connected cars for example. In car Wi-Fi and streaming video entertainment systems are becoming big selling points, but as demonstrated last year, weak security can let intruders in.

Shifting consumer perception

With such high profile breaches regularly hitting the news over the news, it has been interesting to witness how consumer attitudes have changed. Since 2013, there have been almost four billion records lost, and people are no longer shocked. At this scale, everyone from companies, to employees and everyday consumers now accepts that it’s a case of ‘when, not if’ they’ll be hacked.

Yet all is not doom and gloom. We surveyed millennials’ opinions to data security recently, in our Connected Living 2025 report. Two thirds said they would feel vigilant in the face of threats, well ahead of complacent and paranoid. This suggests people now understand the importance of protecting their data.

Breach prevention is dead (and so is the perimeter)

If the past ten years have taught anything, it is that perimeter defenses will be breached. No matter how tall or big the wall is, the enemy will find a way around it or under it.

Despite the increasing number of data breaches, companies continue to rely on firewalls, threat monitoring and other breach prevention tools as the foundation of their security strategies. Yet most IT professionals readily admit that their corporate and customer data would not be safe if theirperimeter security defenses were compromised.

This is not to say that perimeter security is not important. It just means that it should not be the only thing companies do to keep the bad guys out. Instead, IT professional should accept the fact that breaches are inevitable and work to secure the breach by placing security measures closer to the data and the users with encryption and multi-factor authentication.

Encryption and Multi-Factor Authentication Are King

Two additional developments have also made the dents in the capabilities of cyber criminals. Multi-factor authentication has shown its power in keeping records safe, and encryption is also becoming the norm so if data is lost or stolen, it’s useless.

Cyber security threats will continue to pose a significant problem. But as those born after the Internet hit the mainstream in 1995 approach adulthood, we’re well placed to face these threats head on. It’s a far cry from 2006, when 26.5 million U.S. military records were stolen, and the agency responsible waited three weeks to say anything to those affected.