The dawn of a new year traditionally sees individuals resolving to abandon bad habits or adopt virtuous new ones. On the cyber security front, many Australian businesses would do well to turn over a new leaf in 2019.
A survey of 307 IT managers launched by cyber security consultancy Aura Information Security this month suggests a significant proportion are not confident their planning and preparation is sufficient to ward off an attack from hackers or cyber-criminals.
More than half the respondents had been personally targeted by a phishing or ransomware attack in the previous 12 months. Around two thirds forecast cyber-attacks would become more frequent and complex in the future while 40 per cent believed Australia’s cyber security practices lagged behind those in other developed countries.
I believe these observations are on the money. My predictions may be a sobering read for local companies which don’t make cyber-security a priority, now and in the new year. These are the trends we’ll hear plenty about, in 2019 and beyond.
No more Mr Nice Guy – GDPR and mandatory data reporting regimes get serious
Stringent new data security and privacy legislation came into force this year, at home and abroad. In Australia, the Office of the Information Commissioner’s mandatory data reporting regime compels companies to report and remediate breaches and suspected breaches within 30 days, or face stiff fines. In Europe, the EU’s GDPR legislation gives organisations just three days to do the same. Regulators in both jurisdictions have taken a softly, softly approach to date but 2019 will see them getting serious about fining companies which don’t tow the line.
Head in the clouds about off-site security
The business benefits associated with cloud computing are undeniable. So are the data security risks, if insecure cloud practices aren’t addressed with stringent security measures. Expect a rash of cloud-related breaches in 2019, as companies belatedly realise racing to migrate before ensuring data is locked down is a seriously risky idea.
Ransomware hijacks the Internet of Things
Australian businesses are fast finding innovative and useful applications for Internet of Things (IoT) technology. The term IoT refers to the linking of an array of smart devices, from wearable sensors to washing machines, via the internet. Many of these networks will become the subject of ransomware and crypto-locking attempts in 2019, as hackers try to infiltrate corporate systems via what they hope will be a poorly protected back door.
We’re too small to be a target, aren’t we?
The small to medium business space will remain a happy hunting ground for cyber-criminals, courtesy of the fact that many leaders in the sector are reluctant to allocate adequate resources to high tech protection. They don’t have the time, they don’t have the budget and they just don’t expect an attack will happen to them.
Don’t worry, we’re insured – or are we?
Designed to help businesses recover from data loss caused by a security breach or other adverse cyber event, cyber insurance has grown in popularity in recent years. There’ll likely be a spike in claims in 2019, off the back of GDPR and mandatory data reporting legislation enforcement.
How many of these claims will be honoured is open to question. We observe many organisations treating their policies as an alternative to robust security provisions; seemingly unaware that insurers require them to take reasonable measures and disclose them accurately. The devil’s in the detail and organisations which get it wrong may receive a rude shock if a claim is declined.
The incident waiting to happen
Sometimes hackers and cyber-criminals catch companies by surprise. Just as often, they home in on a weakness security staff have been meaning to patch for months. Unless enterprises make addressing vulnerabilities a key priority for the ICT team, we expect to see 2019 throw up a goodly number of easily preventable incidents.
Getting tougher on the weakest link
In an interconnected business landscape, it’s no longer sufficient to ensure your own enterprise is secured. Organisations in the supply chain which are less vigilant can represent an easy in for hackers, as a number of large organisations, at home and abroad, have learnt the hard way. 2019 may be the year more companies begin demanding security controls and certifications from their suppliers – and showing them the door if they fail to comply.
Resolutions that will make a difference
What steps can leaders take to ensure their businesses don’t become cyber-security statistics in the new year? Making – and keeping – these resolutions will make your enterprise safer.
- Accepting the threat is present and real and giving executive backing to a strategy to mitigate it
- Implementing ongoing training to teach employees to recognise potential threats and adopt responsible data protection behaviours
- Allocating sufficient funds to cover protection measures commensurate with your organisation’s risk profile.