The world of technology moves forward by leaps and bounds, yet with the same pace new challenges and problems in the field of security arise. Whether it's a new legislation such as GDPR (General Data Protection Regulation) or new trends concerning use of new technologies in companies, 2017 brings many changes and new risks that organizations should prepare for.
What are the key security trends?
- One of the undisputable facts is that the volume of data in companies continues to grow. This trend will be even more prominent thanks to ongoing adaptation and utilization of IoT (Internet of Things) devices in the business environment. Big Data doesn’t any longer touch only corporations - more and more smaller companies encounter the need to collect and manage large volumes of data. As a result, data security grows in importance, too. Big data translates into an increased possibility of serious incident and enormous impact for companies.
- The lack of security experts in companies will raise their value and open new opportunities for outsourcing of IT security. According to research of (ISC)2, the world-wide deficit of IT security professionals will continue. Just in Europe, due to the new personal data regulation, the need for about 28 000 professionals arises for the role of Data Protection Officer (DPO) which is going to be mandatory for some organizations. Facing the lack of candidates for this position, companies will search for partners who are able to be helpful in this area.
- New changes in legislation support development of IT security. The GDPR brings a legislative framework for strengthening of security in organizations, as well as clear requirements and sanctions in case that companies don’t comply with the regulation. Fines of up to €20 million, or 4% of global turnover are ‘‘motivational‘‘ enough for companies to start caring about the security of their data.
- Security problems and deficiencies will result in serious incidents in small and medium businesses. According to the research run by Safetica Technologies that involved 949 end users in companies, 87% of organizations face the problem of important documents being shared via non encrypted external media. In 57% of companies, employees send work documents to their private cloud and in almost all companies (98%) unencrypted data are sent via emails. It’s only question of time when an incident will come – unless the organization implements preventive measures for data protection.
- Updates of important systems and applications, as well as readiness to face new threats will be crucial for keeping pace with external attackers. As analysis by ESET shows, almost 40% of vulnerabilities detected in year 2016 were of critical character. Also such attacks as DROWN took place, that touched almost 25% of the most used internet domains. Prepared infrastructure, correctly managed processes and above all regular training sessions for users should be the basis of each company that doesn’t want to be hit by a cyber attack.
How to prepare for these changes?
In the context of what is expected in this year, it’s good to make use of these tips:
- Don’t underestimate the protection of the know-how of your business and personal data. The amount of data in companies will grow and if the security measures are not set right since the beginning, it’s possible that the risks will grow above your head.
- In case you haven’t started preparing for GDPR yet, find out whether you will need a DPO and start to look for one soon. The demand for IT security professionals will strongly exceed their supply on the labour market in the next years.
- Don’t forget to follow trends in legislation and prepare for them. Cyber security is on the schedule and there are only 17 months left till the GDPR comes into effect.
- Remember that human factor is a risk for sensitive data. Unencrypted USB flash disk or email can very easily get into the wrong hands. Set your security policies, train your employees and get a Data Loss Prevention (DLP) solution as a prevention.
- Also make sure to secure the infrastrucute and network against external attackers. The base for that should be good technologies supported by processes in the organization.
It’s apparent that 2017 is a breakthrough year for many companies, as far as IT security is concerned. Also small and medium businesses that secured their entire infrastructure just with an antivirus until now will have to rethink their strategies. If they fail to do so, the likelyhood that they’ll face a leak or loss of important data is indeed very high.
Written by Matej Zachar, Project & Security Manager @Safetica Technologies
“You can never be too paranoid.” - that’s what Matej believes in. His passion is security, yet he loves hiking. Other than that, this gentleman also plays guitar and cooks