It’s time to take stock of security for another year. 2018 has seen some corkers, from the BA data breach to Cambridge Analytica, but as ever, it could always be worse.
Cyber security is the last line of defence for personal security. Companies and individuals alike have lots to lose if their digital security is lacking, and whether the attacker is a terrorist or a disgruntled employee, there’s plenty to combat over the next year. From public infrastructure hacks to sleeper agents and the looming threat of GDPR fines, how can companies protect themselves in 2019 – and from what?
David Francis, head of security at KCOM, weighs in.
The next public disaster will be a cyber-attack.
We saw with WannaCry that one virus can spread across the whole NHS fairly quickly, wreaking havoc as it goes. The next target will be the UK’s power and telecoms networks. A successful sector-wide attack could cause major disruption to the country, switching off people’s lights, heat and communications. If that were tied in with a health network hack, the impact could turn deadly. The real threat is that there doesn’t even have to be a large, well-funded terrorist organisation behind it. It could just be a lone gun with the right skills and software.
Sleeper agents with time bombs will sink your company.
Do you know when you’ve been attacked? It takes companies an average of 206 days to discover a breach, so the answer is ‘probably not.’ And the threat doesn’t just have to be external: you could have sleeper agents placing time bombs in advance. They don’t necessarily need to be onsite at the crucial moment.
It could be a developer with a grudge placing a time bomb in the system to erase crucial intellectual property, or even an outgoing executive quietly deleting things in the background. If done quietly over a period of time, you could lose your backups as well, with no way of tracing the culprit. Companies need to have measures in place to track data movement to prevent this kind of insider threat.
We’re going to get our first big GDPR fine.
If 2018 was the year of compliance, 2019 will be the year of retribution for everyone’s favourite data privacy regulation. The period of grace is drawing to a close, and the new year will see the ICO taking its first high-profile scalp over treatment of personally identifiable information. That will set the precedent by which all further cases are judged – letting companies know along the way just how strictly enforced the rules are going to be, and how heavy the fines. Now is the time to check your compliance levels – don’t wait for the hammer to fall.