The seven trends in security your CISO needs to know about.
The face of cyber security is always changing. And 2017 will be no different. So expect to see new regulatory changes impacting investments, new threats emerging, new technologies (and better use of existing ones). Here are our top seven cyber predictions for 2017:
One: All businesses with EU citizens’ data will be concerned about General Data Protection Regulation (GDPR).
If you’re not ready for the GDPR, you could risk a hefty €20 million fine or up to 4% of your annual global turnover (whichever is higher). The regulation helps protect EU citizens’ privacy and data. And the enforcement deadline is May 2018, so expect the GDPR compliance focus to shift from Legal to Chief Information Security Officers.
Two: Businesses will seek continuous monitoring of their third parties.
2017 should see you get a much better idea about how good your third parties are. The increased focus from regulators in financial services coupled with the GDPR mean you just can’t outsource your security risk to third parties. And this is driving a change.
While third party risk management is already a key priority for several organisations. Most have established regular assessment protocols but very few go beyond a one snapshot in time approach. The emphasis will now shift to continuous monitoring. Which means, you’ll be able to score and benchmark them, track how they’re changing, then act if you need to. And ensure you are compliant with ever-changing regulations.
Three: Businesses will have to automate to keep up with criminals.
Cybercrime is growing. But there’s a shortage of people to fight it. The solution? Automate your tasks and analyse user behaviour, so you can do more with less people. 2017 will be the year of Artificial Intelligence (AI) and deep learning for security. Boosting cyber security with an uber brain is already transforming the industry but will become the norm in 2017. User behaviour analytics will still be a key driver for the adoption of these technologies. Malware detection will be significantly improved as a result of these AI driven approaches.
Four: Businesses will work together to take the fight to the criminals.
Instead of reacting to a breach and scrabbling to recover your data, you’ll need to start thinking more like a detective. To go out and hunt down these criminals. And the only way that will happen is if we all work together and share information. We need to detect threats earlier, and help each other fix vulnerabilities.
Five: Digitally mature businesses will start to focus more on integrity of data.
The three pillars of information security are: confidentiality, integrity and availability. It’s all very well making sure that your data is available and safe. But now it’s time to start making sure that nobody is tampering with it. 2017 is the year for integrity. And blockchain is going to really help. It works by having a central, shared ledger, so it’s going to make it next to impossible to intercept and alter data. People can only add to it, not change it.
Six: Businesses will get much more comprehensive cyber insurance.
The cyber insurance market will continue to evolve with next generation offerings that will provide end to end coverage. Cyber security companies will partner more closely with primary and secondary insurers to evolve their cyber under-writing tools, catastrophe modelling and mobilising their Security Operation Centre (SOC) resources for post breach support. Customers will be interested in a one stop model for their coverage that will also include significant commitment to residual risk reduction and post incident support. New cyber insurance products that integrate these capabilities will start hitting the market in 2017.
Seven: There will be more security from the cloud for the cloud.
Of all predictions, one thing is certain: cloud is not going away and more enterprises are going to not only migrate some key services to the cloud but go as far as design their future intelligent infrastructures based on cloud models. CASBs will evolve from discovery, proxy traffic ingesting and basic control enforcement tools to comprehensive security orchestrators in the cloud environment providing integrated security capabilities such as Security information and event management (SIEM), Data loss prevention (DLP) and Federated Identity. CASB based architecture will deliver in 2017 security for the cloud from the cloud.
The world’s biggest companies are facing an unprecedented number and variety of digital attacks by ruthless criminal entrepreneurs. Whilst awareness of the threat has never been higher, the majority of businesses do not comprehend the methods and motivations of the attackers, the scale of the threat or indeed how to counter it.
Make sure your company is fully prepared to face the growing threat.
Download the full, ‘Taking the offensive, working together to disrupt digital crime’ report by completing the form.
He brings to BT not only a wealth of technical know-how around cyber security but also deep expertise in risk management. In fact, a main theme in Ramy’s career is helping large companies such as Motorola, Volkswagen, Kaiser Permanente and VISA develop their enterprise risk management programmes. Before joining BT Ramy was the head of the cyber security practice for Accenture and served as the Vice President for global risk management at Visa. Ramy also serves on the ‘Risk and Compliance Committee’ of the board of a California based healthcare company and the advisory board of several startups focusing on optimizing operational risks. Ramy has a bachelor’s degree in electrical and computer engineering from McGill University, a Master’s of Science from the McCormick School of engineering at Northwestern University and a Master’s In Business Administration from the Fuqua school of Business at Duke University.
Connect with Ramy on LinkedIn.
Follow Ramy on Twitter.