From the TalkTalk breach to the Ashley Madison scandal and the VTech attacks, 2015 bore witness to an unprecedented number of cyberattacks. The publicity and customer disappointment that surrounded them certainly brought cybersecurity out from the fore and into the public eye.
With many of these attacks being on a very large scale, and felt by a host of different industries, it would seem that hackers are desperate to get their hands on our data, and are using increasingly sophisticated techniques to get to us through the companies we trust.
In 2015 it was clear for all to see: cybersecurity is no longer just an IT issue, it’s a business issue, and a serious breach can lead to customer loyalty, public image and share price all being severely affected. With this in mind, if businesses can make any resolutions for 2016, it should be to put cybersecurity at the forefront of their agenda and protect their data and customer trust alongside it. Here’s my take on the trends to look out for in the year ahead:
Insecure digital services are the biggest threat
Whilst securing digital services can be expensive, it’s much more expensive not to in the long run, as these days an upcoming threat is no longer an ‘if’, it’s a ‘when’. Acknowledging the need for security measures from the outset is the attitude CSOs should adopt in 2016, and digital service providers should build effective cybersecurity measures into their application development lifecycle from square one. It’s up to these companies to ensure that consumers and enterprises don’t place their trust in digital services that are fundamentally insecure.
Don’t let IoT send best security practice backwards
This is more important now than ever, what with the ever-increasing applications of the Internet of Things we’re already seeing in 2016. But the rush to join the IoT revolution means that security is, once again, becoming an afterthought for many companies. This shouldn’t be the case though, for as the IoT market size increases exponentially, hackers have an expanded surface area. What’s more, when devices are communicating to each other across manufacturers, there’s a security gap there that hackers can manipulate. If manufacturers focus on securing their smart products from the development stage, they’ll ensure that hackers don’t cause the exciting developments in IoT to take a step backwards.
The rise of artificial intelligence
Investment in artificial intelligence will aid IT departments in their efforts to identify breaches before the damage gets too severe. Through threat analysis, threat detection and threat modelling, the predictive security solutions that AI facilitates saves time compared to manual efforts, enabling a company to react to a breach much quicker and ensuring the company does not lose any further data. The potential for AI’s development in this area is huge, and if CSOs can find the right balance between AI and human endeavour, they’ll be taking a significant leap forward in their security efforts.
Is the password dead?
In 2016 it will be really important to educate your staff on the importance of security, too, so that your organisation’s security is bolstered at every single level. The humble password is on the decline, and companies must ensure that employees accessing company networks are authenticated via multiple layers of protection rather than a traditional one-word password. This is especially true for companies that hold valuable intellectual property and sensitive data.
Combating ransomware is imperative
Combating ransomware should be another area of focus for CSOs this year, as it’s becoming an increasingly popular business model for cybercriminals, and will continue to pose a significant threat. When a breach occurs via a ransomware-based attack, it’s important not to pay out - the ransom is, after all, what funds cybercriminals in the first place and contributes to the continuation of this method. Companies should focus on combating ransomware, rather than paying it off. What’s more, with new rules proposed by MEPs, technology firms and those running critical services will have to report cyberbreaches. Having this information in the public eye will make paying off ransom less effective, as these breaches can no longer be brushed under the carpet.
What the Safe Harbour ruling means for data hosting
With the new rules on disclosing breaches proposed by the European Parliament, and the Safe Harbour ruling that occurred in October, cybersecurity is a growing government priority. The Safe Harbour ruling in particular has forced major technology companies to overhaul their operations to stay on the right side of the law. For businesses in Europe, these tougher European Data Protection Laws mean that contracts with cloud vendors and managing data flows will be a huge priority when it comes to staying within the law. Meeting growing privacy concerns of European customers that want to know how and where their data is being stored should be at the top of their lists, too.
It’s certainly set to be a challenging year for IT departments worldwide. Now more than ever companies must ensure they’re doing all that they can to protect business and customer data, so their reputation doesn’t hang in the balance.
Mike Turner, Vice President & CSO, Capgemini
Image Credit: Shutterstock / Florence-Joseph McGinn