agenda
magazine
13
01732 759725
Heads will roll
1
New Threats
Cyber security threats will continue to
grow throughout the year, with email
attachments the most dangerous point
of vulnerability for businesses without
effective defences in place. In 2015,
cyber crime cost £36 billion and 94% of
successful attacks were conducted via
email attachments.
Criminals will continue to steal
insights from leaky documents, websites
and social media profiles for use in
social engineering, targeting employees
and turning them into dupes who
unwittingly assist in the hacking of their
own companies by opening files hiding
malicious exploits.
As the cost of these attacks grows, we
can expect to see a bigger effort within
businesses to understand the nature of
the threat. For example, it comes as a
surprise to many that 75% of threats
within files are not in JavaScript, Macros
or URLs, but in the manipulated DNA of
files we use every day.
2
A change in corporate culture
This is set to be the year when a change
in culture sweeps through organisations
in response to the growing sophistication
of cyber-attacks. C-suite jobs are now
on the line in the US, and in the EU
the forthcoming EU Data Regulation is
likely to impose new responsibilities on
executives in relation to data security.
From top to bottom, organisations
must shift attitudes and take back control
of document security. This will extend
beyond the organisation’s own borders
and into the supply chain where cyber
security will become a major factor
in the on-going relationship between
organisations and their suppliers.
A trusting culture has been allowed
to grow up in most organisations, from
sharing and collaborating on documents
to being accepting of incoming files
and URL links. Decisions on what is safe
will no longer rest with employees, but
will be a matter of policy, determined
in conjunction with experts in cyber-
security technology.
3
Heads will roll, but the CISO will
stand tall
Continued reliance on outdated security
solutions makes it inevitable that a
serious data breach will occur in 2016.
Executives are walking the walk when
it comes to boosting security in their
own organisations. A major loss of data
or breach of old-fashioned perimeter
security is going to cost a chief
executive his or her head in 2016.
In organisations where security is
taken more seriously, the role of the
Chief Information Security Officer
(CISO) is going to have greater
prominence. More and more CISOs are
going to be appointed and, increasingly,
they will report directly to the CEO and
ultimately sit on the board if information
security is to be taken seriously.
In businesses where they are already
at work, over half report to the Chief
Technical Officer, demonstrating a real
lack of urgency about cyber-security at
board level. This has to change.
Steve Katz, a member of Glasswall’s
advisory board and the world’s first
Chief Information Security Officer
(Citigroup and JP Morgan), predicts
a further development in 2016 – the
emergence of the Chief Information Risk
Officer, or CIRO. “Cyber security is now
about managing risk, rather than just
security and the board-level role of the
CIRO should reflect that,” he says.
4
Regulation
The European General Data Protection
Regulation comes into force in 2017,
imposing increased penalties and fines
on companies that fail to protect data
adequately, or are subject to a breach.
Minimum fines are likely to be set
at 2% of global turnover, with the
maximum running to 5%. Had the
TalkTalk breach occurred under the
EUDPR, the company’s fine could have
amounted to £90 million.
In addition, the new regulation will
impose disclosure of data breaches in
the public interest, meaning there is no
hiding place for firms caught with their
cyber trousers down.
As businesses realise what is involved,
we can expect to see them struggle
to achieve compliance throughout the
year, scrambling to hire consultants or
investigate outsourcing solutions as
2016 draws to a close.
5
Innovation
Against the backdrop of increasing
threat levels, 2016 is going to be a
great year for cyber-security innovation,
with the replacement of legacy and
even relatively modern security
technologies that are failing to protect
users from the ever increasing wave
of sophisticated attacks. As Frost &
Sullivan stated in its 2016 predictions,
“we can see widespread acceptance of
a new approach to business risk and
cyber-security, moving the focus from
detection of ‘known threats’ to validation
of the ‘known good’”.
Data security will rise to the top of the corporate agenda this year, as
organisations fail to cope with new threats, predicts UK cyber security
innovator Glasswall Solutions. Here we present its Top 5 predictions for 2016.
Continued
reliance on
outdated
security
solutions makes
it inevitable
that a serious
data breach will
occur in 2016
