Data security will rise to the top of the corporate agenda this year, as organisations fail to cope with new threats, predicts UK cyber security innovator Glasswall Solutions. Here we present its Top 5 predictions for 2016.
1 New Threats
Cyber security threats will continue to grow throughout the year, with email attachments the most dangerous point of vulnerability for businesses without effective defences in place. In 2015, cyber crime cost £36 billion and 94% of successful attacks were conducted via email attachments.
Criminals will continue to steal insights from leaky documents, websites and social media profies for use in social engineering, targeting employees and turning them into dupes who unwittingly assist in the hacking of their own companies by opening files hiding malicious exploits.
2 A change in corporate culture
This is set to be the year when a change in culture sweeps through organisations in response to the growing sophistication of cyber-attacks. C-suite jobs are now on the line in the US, and in the EU the forthcoming EU Data Regulation is likely to impose new responsibilities on executives in relation to data security.
From top to bottom, organisations must shift attitudes and take back control of document security. This will extend beyond the organisation’s own borders and into the supply chain where cyber security will become a major factor in the on-going relationship between organisations and their suppliers.
A trusting culture has been allowed to grow up in most organisations, from sharing and collaborating on documents to being accepting of incoming files and URL links. Decisions on what is safe will no longer rest with employees, but will be a matter of policy, determined in conjunction with experts in cybersecurity technology.
3 Heads will roll, but the CISO will stand tall
Continued reliance on outdated security solutions makes it inevitable that a serious data breach will occur in 2016.
Executives are walking the walk when it comes to boosting security in their own organisations. A major loss of data or breach of old-fashioned perimeter security is going to cost a chief executive his or her head in 2016.
In organisations where security is taken more seriously, the role of the Chief Information Security Offier (CISO) is going to have greater prominence. More and more CISOs are going to be appointed and, increasingly, they will report directly to the CEO and ultimately sit on the board if information security is to be taken seriously.
In businesses where they are already at work, over half report to the Chief Technical Offier, demonstrating a real lack of urgency about cyber-security at board level. This has to change.
Steve Katz, a member of Glasswall’s advisory board and the world’s first Chief Information Security Offier (Citigroup and JP Morgan), predicts a further development in 2016 – the emergence of the Chief Information Risk Offier, or CIRO. “Cyber security is now about managing risk, rather than just security and the board-level role of the CIRO should reflect that,” he says.
The European General Data Protection Regulation comes into force in 2017, imposing increased penalties and fies on companies that fail to protect data adequately, or are subject to a breach.
Minimum fies are likely to be set at 2% of global turnover, with the maximum running to 5%. Had the TalkTalk breach occurred under the EUDPR, the company’s five could have amounted to £90 million.
In addition, the new regulation will impose disclosure of data breaches in the public interest, meaning there is no hiding place for fims caught with their cyber trousers down.
As businesses realise what is involved, we can expect to see them struggle to achieve compliance throughout the year, scrambling to hire consultants or investigate outsourcing solutions as 2016 draws to a close.
Against the backdrop of increasing threat levels, 2016 is going to be a great year for cyber-security innovation, with the replacement of legacy and even relatively modern security technologies that are failing to protect users from the ever increasing wave of sophisticated attacks. As Frost & Sullivan stated in its 2016 predictions, “we can see widespread acceptance of a new approach to business risk and cyber-security, moving the focus from detection of ‘known threats’ to validation of the ‘known good’”.