Although we can't predict the future, security trends, threats and weaknesses need to be anticipated so they can be defended. Part of my job is to to build a clear picture of cyber threats and challenges - both now and on the horizon. With that in mind, here are five of the biggest security issues for 2017, and how Ideal will be helping our customers respond.
New European legislation
Businesses should be looking ahead to two key new pieces of European legislation, which will take effect in mid-2018. The General Data Protection Regulation (GDPR) is a major reform of the law on personal data, giving European citizens greater rights over how their data is handled. In parallel, the Network and Information Security Directive (NISD) is intended to improve the protection of this data in critical industries and services, such as utilities, banking and healthcare.
Together, the impact will be far reaching in that companies will be forced to tighten up their security controls to mitigate against data breaches, or potentially face major fines of up to 4% of global turnover. Organisations need to be prepared well in advance of GDPR coming into force on 25th May 2018, and we will be working alongside our key security partners to help customers ensure they're using - and documenting - suitable controls.
The Internet of Things
DDoS (distributed denial of service) attacks are likely to surpass ransomware in terms of their media coverage and severity of impact. Expect there to be a lot more focus on the contribution of insecure internet of things (IoT) devices to the processing power and bandwidth behind such attacks.
The scale of the biggest DDoS attacks (in terms of data) is on the rise, but in some cases, restricted DDoS attacks have been used to create a smokescreen and a distraction from more targeted hacking. We'll continue working with our key security partners to ensure customers have the best possible protections in place.
Security in the cloud
While cloud solutions are often positioned as secure systems, in reality responsibility for the security of business data still falls on the business - companies can't always rely on cloud providers to provide an appropriate level of protection or control. Ideal can help protect customer data in the cloud through solutions including CloudLock from Cisco and Aperture from Palo Alto Networks.
Again, EU policymaking is going to have an impact here. Privacy Shield - the replacement for the EU-US Safe Harbour agreement - means that the personally identifiable information of EU citizens must be secured in line with EU data protection standards whenever it is stored in the cloud. The need to comply with EU standards is part of the reason that many vendors now offer cloud services specifically located in Europe - Palo Alto Networks, for example, now has a separate EU instance of its WildFire cloud-based threat analysis environment, hosted in the Netherlands.
Attackers stand the best chance of success if they strike when an organisation's security response might be weakest, such as overnight or at the weekend, so 24-7 security monitoring and response is going to become more critical. Organisations have to be prepared for cyber-attacks taking place at any time during a 24-hour period. It's also vital to have the best visibility of an incident - for example, real-time analysis could reveal the difference between a full-scale DDoS attack, and a sub-saturation attack designed as a distraction from a targeted data breach.
Security operations centres (SOCs) and their supporting technologies - such as security information and event management (SIEM) products - are two key considerations to help organisations defend themselves. Accordingly, we're developing an advanced, managed security service offering for our customers - watch this space.
There'll be no getting away from Brexit this year, but I expect that its impact on cyber security will be limited - certainly in the short term. The UK will still be an EU member state when the GDPR and NIS come into effect on 25 May 2018, so relevant organisations will still have to be compliant. Just as importantly, they'll need to remain compliant post-Brexit if they want to continue trading with EU-based companies.
The same kind of principle is likely to apply to other regulations affecting the way we do business. Whatever is agreed in negotiations over the coming months, I can't see the UK implementing cyber security standards that are less stringent than their EU equivalents. Quite apart from anything else, the government's recent investment in the National Cyber Security Centre shows that they're really taking the generic cyber security threat to the UK extremely seriously.
Whatever your security challenges for the new year, Ideal has the expertise and solutions to help you deliver on your strategy. Call us on 01273 957500, or get in touch online.