Will we see more organisations disclosing new incidents? How and why are cybercriminals selecting and attacking their targets?
Supply chain attacks will increase
Cyber security dominated the headlines in 2018, with breaches still leading the news cycle as the year draws to a close. But what can we expect from 2019? Will we see more organisations disclosing new incidents? How and why are cybercriminals selecting and attacking their targets? What can organisations do to stop such attacks? These are all questions we’ve posed to selection of cyber security experts…
Simon Hember, Director, Acumin Consulting
Cybersecurity is a constantly evolving sector and when it comes to job titles there are few firmly agreed descriptors in use. Without standard terms CV’s may not clearly specify skills that align with the job description but that doesn’t mean the candidate doesn’t possess what’s required. In a climate of cyber-skills shortages, it will be increasingly important to demonstrate flexibility in hiring for cyber. As a developing sector cybersecurity teams must work closely with HR to help them keep pace with technological change, and the roles this will demand. For example, through 2019 we will see new roles emerge as technologies such as autonomous cars, connected medical devices and artificial intelligence boom. These will demand very specific skills to ensure implementation is secure and safe. How will your HR function recruit and support brand new roles, the likes of which will require supreme talent and board-level support to succeed…
Breach Disclosure and Risk Profiles
Carolyn Crandall, Chief Deception Officer, Attivo Networks
There are more U.S. breach notifications laws than Baskin Robbins ice cream flavors, and the inconsistency of these laws will continue to cause confusion and compliance challenges for companies throughout 2019. We will see an increase in fines levied and potential jail time for those who do not meet the expectation of these measures. States like California, Rhode Island, and Massachusetts have all been very aggressive in their enforcement of these laws, a trend likely to be closely followed throughout the next year.
Many organisations struggle with the lack of clarity of breach disclosure definitions and expectations. States that create notification laws that include defined processes will help organisations be better prepared and compliant to disclosure strategies in the event of a breach. This will promote more strategic thought processes for recording and reporting incidents and will reinforce that it is no longer enough to quickly notify on a breach incident, they will also need to accurately identify the full impact of the event. Going forward, organisations will be expected to fully understand how widespread the attack was, how deeply the attacker penetrated, and how to set the right controls in place to prevent their return.”
Companies will need to start looking at security differently, moving beyond IT risk management and into digital risk management. It’s no longer just about protecting a particular asset, server, or endpoint, it’s about protecting the entire business and maintaining a competitive advantage. More companies will need to take a closer look at their security risk profiles and assess whether the controls they have in place will scale to facilitate the needs of an interconnected on-demand business, while ensuring the protection of their networks.