CSO put out their list of cybersecurity predictions for next year. Included in the list: GPDR anarchy!
What do you think?
Is 2018 going to bring more challenges or more progress? Both?
What's on the horizon that they missed?
As lead of the EMEA (ISC)² Advisory Council GDPR Task Force, I totally agree with this prediction:
By the end of the summer, we will see a frighteningly high GDPR fine ($10 million? $100 million?), which will serve as a wake-up call across the globe.
European Data Protection Authorities must show their willingness to enforce their regulation and consequently target major internet players....
A new global study released by Pegasystems Inc. revealed 82 percent of European consumers plan to exercise their new rights to view, limit, or erase the information businesses collect about them.
Gartner predicts that, “by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.”
The top three new GDPR empowerments in the minds of consumers are:
Consumers that suspect companies are improperly using their data are more likely to exercise their GDPR rights than others. For example, the survey found that businesses caught selling or sharing customer data with other companies would cause the most alarm for respondants. The top three scenarios that would trigger consumers to launch a GDPR data inquiry include:
In addition, 93 percent said they would erase their personal data if they weren’t comfortable with how they thought companies used it.
The survey showed that retail companies have the most reason to be concerned about GDPR. By far the most respondents selected retail as the industry they were least comfortable with storing their personal data – nearly three times as much as the next closest industry. The top three are:
Its a short but relevant list, however, I think they missed the fact that increased compliance costs, will lead to a case of pay now or pay later situation for many organisations.
Machine learning is only aspect of enhanced techniques, involving Artificial Intelligence, if properly integrated within organisations, this will have good benefits i.e. identification of false positives for security analysts. However, as human beings, we have a finite lifespan, and we need to ensure that knowledge and inherent experience is pooled for all, or else a great deal of knowledge disappears and lessons learnt will be lost. The mining industry have commenced capturing all the years of exploratory data and ensuring it can be easily analysed for relevant patterns over and over again.
Crimes Incorporated are using the same techniques, and it is likely these enhancements will lead to increasingly sophisticated attacks with frightening speed, and disappear almost as quickly as they are detected.
At this time of year, a lot of predication's come out of the woodwork: https://www.cshub.com/news/threat-intelligence-market-to-rise-dramatically
To name a few including: https://securityintelligence.com/news/cybersecurity-spending-poised-to-rise-in-2018-gartner-reports/
Which point to higher costs in compliance - which could lead to a pay now or pay later type approach by organisations.
Thanks for sharing
Now is the time that all the security organisations and the voice of reason come out of the woodwork. Gartner has its perspective too: https://securityintelligence.com/news/cybersecurity-spending-poised-to-rise-in-2018-gartner-reports/
"According to Cyber Security Hub, Grand View Research predicted that spending on threat intelligence products and services will reach $12.6 billion by 2025. All signs point to an increase in cybersecurity spending and investment."
A lot of organisations, are still dealing with the digital transformation initiatives, which are brought on by consumer demand, technology, Cloud and IoT.