Seven cyber security predictions for 2017
The face of cyber security is changing constantly, and 2017 will be no exception. Here are seven cyber predictions and trends that we’ve seen emerging in 2017 and will gain in importance as the year progresses and beyond.
1) Businesses handling EU citizens’ data will be concerned about General Data Protection Regulation (GDPR). The regulation, which is scheduled to come into force in May 2018, helps to protect EU citizens’ privacy and data. Firms that are not ready to comply with the mandate could face a hefty €20 million fine or up to 4% of their annual global turnover (whichever is higher). With the enforcement deadline so near, expect the GDPR compliance focus to shift from Legal to Chief Information Security Officers in 2017.
2) Businesses will get serious about monitoring and managing third party risk. Third party risk management is already a key priority for many organisations. Most have established regular assessment protocols but few go beyond a ‘one snapshot at a time’ approach. In 2017, the emphasis will likely shift to the need for continuous monitoring. The increased regulatory focus on vendor risk, coupled with the upcoming GDPR, mean that firms won’t be able to continue outsourcing their security risk to third parties. This will be driving substantial change in the marketplace this year.
3) Businesses will have to automate to keep up with criminals. The volume and sophistication of cybercrime is growing. But there’s a shortage of people with the right expertise to counter this ever-growing threat. As well as investing in skills and recruitment, the solution lies in automation of manual processes and the right system analytics. 2017 will be the year of Artificial Intelligence (AI) and deep learning for security. Boosting cyber security with an ‘uber’ brain is already transforming the industry but it will become the norm in 2017. User behaviour analytics will still be a key driver for the adoption of these technologies, and malware detection will be significantly improved as a result of AI driven approaches.
4) Businesses will work together to fight cyber criminals. Instead of reacting to a breach and scrabbling to recover their data, firms will continue adopting investigative strategies to anticipate the breach before it happens. And the most efficient way of doing this is for firms to work together and share cyber threat information. It helps firms to detect threats earlier, and collectively fix vulnerabilities. We expect cyber information sharing to become a common practice this year.
5) Digitally mature businesses will start increasingly focusing on data integrity. Confidentiality, integrity and availability are the three pillars of information security. It goes without saying that your data should be safe and available when needed. But it is now time to start making sure that it is also tamper-proof. 2017 with therefore be the year of focus on data integrity. Much talked about blockchain is going to be a big help. It is based on a central shared ledger, making tampering with or alteration of the data stored in it next to impossible. Market participants are only able to add data to it, not modify it.
6) Businesses will start investing in much more comprehensive cyber insurance. The cyber insurance market will continue to evolve with next generation offerings providing end-to-end coverage. It is anticipated that cyber security companies and insurance firms will work closely to evolve cyber under-writing tools, catastrophe modelling and mobilising their Security Operation Centre (SOC) resources for post-breach support. More and more firms are interested in a one-stop model for their coverage that also includes a commitment to residual risk reduction and post-incident support. We expect new cyber insurance products building on these capabilities to become available in 2017.
7) There will be more security from the cloud for the cloud. One thing is certain: cloud is not going away, and more enterprises are going to not only migrate some of their key services to the cloud but also to start designing their future intelligent infrastructures on cloud-based models. Cloud access security brokers (CASB) will evolve from offering discovery, proxy traffic ingesting and basic control enforcement tools to become comprehensive security orchestrators in the cloud environment, providing integrated security capabilities such as security information and event management, data loss prevention and federated identity.