It’s the final month of 2017, and 2018 is rapidly approaching. What will the new year bring to the cyber security industry? The answer is unclear, but we have drawn up a few predictions for what we expect to see across the industry in the coming year.
More Cyber breaches – and larger
The types of information cyber criminals are targeting has undeniably shifted from financial data towards ‘longer-lasting’ data. This way the data compromised is likely to stay relevant for longer than for example bank card data. An illustrative example of this is the Equifax data breach; this included names, addresses, dates of birth, social security numbers and driving licences. Much of this data is unlikely to change any time soon – and some never will.
Organisations that handle and process such sensitive data have a responsibility to protect it. The repercussion of such data being compromised could be irreparable. After witnessing the fall-out after Uber confessed to covering up a data breach that happened year ago, cmpanies are now aware of the importance of not only protecting such data, but knowing how to handle the issue post-breach.
Large scale cyber-attacks will happen in 2018, this is an undeniable truth. Whilst security teams and law enforcement struggle to keep up with the pace of change around emerging threats and vulnerabilities, it becomes easy to fall in to the mind-set that this is a race that can never be won. The future needn’t look so bleak, it may be impossible to completely protect yourself against the unknown, but it is possible to ensure that appropriate and effective systems are implemented. Breaches will happen, but the avoidable ones shouldn’t. The best way for companies to maximise investment is by improving systems and processes, and undergoing regular technical assurance activities.
One change we can be sure will take place next year is the GDPR. If your organisation is already following good data protection practices or applying privacy by default, these new guidelines will cause little to change. Elsewhere though, the GDPR will drastically affect the ways in which companies store and use data. It is likely to encourage refinement of data handling and retention processes, more explicit and granular consent, and shift the prerogative of ownership to the data subject.
Organisations should expect to see GDPR-related initiatives introduced, this may be in the form of hiring a new data protection officer, specifically hired to be in charge of all data handling. Or in other cases, internal employees will be expected to fill this position. The potential for crippling fines should encourage cultural change and enable some sound process improvement to meet with little resistance.
Recently, BBC News revealed that net migration has decreased by more than 100,000 after the Brexit vote. This fall is likely to continue until the rights of EU National’s post-Brexit is established. Despite noticing no discrimination against EU nationals among our own client base, it is reason to presume that there will be some bias in hiring decisions made across the country.
The UK cyber security community has undoubtedly decreased in the absence of EU nationals. With the significant issue of the skills gap, hiring talent outside the UK is highly important. As a result of the diminished hiring pool, the cyber security landscape will become increasingly competitive as companies compete to attract from a smaller number of professionals.
The Internet of Things
As outlined in our recent blog post, the increasing popularity of the Internet of Things is a cause for concern. Many of these devices hold highly sensitive data (e.g. a baby monitor), and if they are not connected securely, they are vulnerable to cyber-attacks and issues. Smart homes are gathering data about individuals and storing it electronically, this data ranges from Netflix watching habits to private webcam footage from a baby monitor. This data is highly personal, and therefore allowing an internet connected device to gather it, we have to ensure all connectivity is extremely secure. As the IoT is fairly new, it will take time for legislations to be implemented to protect consumers from using devices lacking in security.
With valuable data stored and little security protecting it, we can predict that vulnerable IoT devices will be the target for cyber criminals in this coming year. This will continue to be the case until there are legislations in place and individuals are more aware of the importance of the security of IoT devices.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?Log in
Want to have an account with us?Register
Want to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.