Is the worst still to come for cybersecurity in 2018? asks Paul Cant, VP of EMEA, BMC Software.
The last 12 months have certainly been memorable for the cyber security industry, with cyber attacks taking hold on a previously unseen global scale. International outbreaks like the WannaCry attack that convulsed the National Health Service in the UK and critical national infrastructure overseas last May, and the international spread of the NotPetya ransomware for example, wreaked havoc with digital defences. More recently, Tesla was the victim of a cryptomining scheme highlighting the need for organisations to do even more to monitor their infrastructure for threats this year.
In the first half of 2017, more data was lost or stolen than in the whole 2016. Established brands like second-hand electronic goods retailer CeX, telecommunications conglomerate Verizon, and consumer credit reporting agency Equifax all endured severe digital exposures, and some suffered devastating consequences. Now, statistically, the volume and sophistication of such attacks have only increased.
But as we look back at the last year, it’s time to take a moment to pause and consider what 2018 holds in store for cybersecurity. Has the storm been weathered or is the worst still yet to come? If it is indeed the latter, what can – and should – organisations be doing to ensure they have the appropriate measures in place to protect themselves from the crippling effects a breach of their digital defences can have?
Here’s some of the top trends we can expect to see this year in the world of security.
We are now less than six months away from the General Data Protection (GDPR)-compliance deadline. The regulation will come into force on 25 May 2018, and every company that processes the personal data of citizens across the European Union will face steep penalties in the millions for failure to comply. If companies are not taking the appropriate steps to protect all private data, they will ultimately be setting themselves up to fail.
Becoming GDPR-compliant will also free up more time to innovate and pursue new avenues for business, without having to live in fear of severe financial penalties. More importantly, they can reassure their customers, partners and stakeholders that any sensitive information in their digital estate is secure.
The biggest security breach is yet to come. This may seem like a bold prediction to suggest that we are yet to see the biggest security breach of all materialise, however if we take a step back and assess recent events, this becomes more plausible.
When taking into account the fact that two of the four largest breaches in history took place in the last 18 months (Equifax and FriendFinder), as well as the magnitude of the Yahoo! user accounts breach from three years ago finally having been disclosed, it wouldn’t be unreasonable to expect this trend to continue.
The inordinate quantity of bytes of data continue to grow at an exponential rate, and now amount to quintillions, this is exposing more and more sensitive material to breaches by the minute. Notably, the rise of multi-cloud and IoT devices too presents a larger attack surface for hackers to target and lay bare.
A proactive security posture is the cyber industry’s best friend. Implementing the necessary security measures to ensure sensitive data is protected will be the lever that protects reputations and prevents companies from becoming tomorrow’s next big headline.
DevOps and security
Though we are already accustomed to DevOps best practices enabling the building, testing and delivery of software rapidly, and reliably, the next stage is for DevOps and Security teams to come together to provide a more integrated set of processes. The result – security becomes a priority throughout the development lifecycle, not just an afterthought. Security and compliance is without doubt the area of the development lifecycle primed and ready for automation. Complying with The GDPR will require the adoption of “state of the art security technology” for configuration and compliance checks, not only for data centres but also for services in cloud environments.
Much stricter regulation and testing looms on the horizon, and DevOps and Security teams must collaborate to automate as much as humanly possible. This year, in 2018, the time is now for the two teams to overcome internal barriers and become as cohesive as possible.
