Another year is upon us. 2018 was a cyber rollercoaster with massive internet scandals and data breaches. With that in mind there are a number of IT security topics that should be top of mind for 2019.
Take a look at a few we’ve identified…
Security by Design
We expect to see a greater focus on baked-in security, be this in application development, or in IT and company strategies. In 2018, with the enforcement of Europe’s data protection regulation known as GDPR, and a new privacy bill in California – not to mention the numerous scandals that hit internet giants like youTube and Facebook, regulators are likely to look much more closely at how companies collect and process information from users.
From a development point of view, too many development teams out there tack on security in the later stages of development. With the influx of IoT developers, racing against competitors to put products on shelves in an aggressive and poorly regulated market, it’s no surprise that security has taken a back seat. The downside of this approach is that applications and smart devices are regularly leaving companies and individuals at risk by leaking sensitive and valuable data.
Having a reputable team perform a risk assessment and provide recommendations on how security can be front and center of any system or service can vastly improve a company’s resiliency to both insider and external threats.
Should you have a new development project kicking off this year, consider having a knowledgeable DevSecOps representative – either in house or from the outside – to guide the security aspects of the build from the ground up.
Closing the gap between the C-suite and cyber security
We expect to see increased interest from the C-suite in all things cybersecurity. 2018’s many data breaches helped drive this point home.
IBM issued a report in the later part of 2018, which provided some sobering statistics, including:
- U.S. based breaches are the most expensive globally, costing on average $7.91M with the highest global notification cost as well, $740,000.
- A typical data breach costs a company $3.86M, up 6.4% from $3.62M last year.
- Digital businesses that have security automation can minimize the costs of breaches by $1.55M versus those businesses who are not ($2.88M versus $4.43M).
- 48% of all breaches are initiated by malicious or criminal attacks.
These are scary financials for any board member and/or senior staff member, including the CEO, CFO, CTO or CIO. Along with increased regulatory pressure, cybersecurity is certainly going to become a top agenda item in the C-Suite and boardroom
Companies would be wise to appoint an external or internal CISO now to prepare a tailored cybersecurity plan, prioritizing appropriately based on its goals, services, reach, and industry.
Targeted Phishing Revisited
Most instances of successful cyber attack take advantage of insiders/employees, be they complicit in the nefarious deed or be they duped by the attackers. Many of these attacks involve some sort of targeted phishing.
A number of cases in 2018 – some including SIM swapping and sophisticated social engineering tactics – show that landing a big fish so to speak, or targeting more valuable assets, has its financial merits.
Imagine a Human Resource director who has access to information that if stolen, could lead to lawsuits, staff demoralization, or PR crises. Would they be able to spot and thwart a targeted phishing attack? What about the Financial Director or the Head of Development?
Companies might want to ensure staff and users have appropriate levels of access to confidential data. A quality risk assessment can test your configurations to ensure that only the users with requirements and full authorization access specific information. Implementing the findings from this assessment can radically reduce your exposure to phishing-related attacks.
These employees should also be educated in best cybersecurity practices. If properly trained, they can act as beckons, alerting to suspicious activity.
Want more information?
We are here to help. At TBG Security, we have highly-trained cyber specialists, from CISO-on-demand to risk assessment officers and penetration testers to compliance experts. Want to learn more? Get in touch.