Ward Solutions today announced its cyber security predictions for 2017. Ward believes that cyber criminals will change their tactics in 2017 to exploit growing fears of brand damage and escalating fines. The provider expects them to change their ransomware attacks to focus increasingly on acquiring customer data held by organisations and then threatening to disclose these data breaches to relevant authorities such as the Data Protection Commissioner. Ransom prices could increase significantly for the price of their silence.
While ransomware attacks and data breaches are set to grow this year, Ward expects that ‘breach fatigue‘ will set in amongst the general public, resulting in organisations being held more accountable by key stakeholders such as shareholders and regulators. This could result in more serious repercussions for information security, with poor incident handling and non-disclosure causing particular challenges.
Pat Larkin, CEO, Ward Solutions, comments: “The general public are increasingly growing tired of being told that their personal data may or may not have leaked into the wrong hands. This fatigue offers huge opportunities for cyber criminals as consumers drop their guard. It also places an increased responsibility on organisations to secure and protect all of the customer and third party data that they collect and handle.”
Looking at the growing threat of cyber warfare, Ward believes that 2017 could see state sponsored cyberterrorism escalate to a point that prompts a military response.
Pat Larkin comments: “2017 could be the year that sees a country respond to a cyber-attack with a show of military force, resulting in the first bullets or missiles flying in response to cyberterrorism. We would hope that Governments and security agencies engage in coordinated preventative measures so that this particular prediction isn’t actually realised. In Ireland, we also need to be more prepared and joined-up in our approach to the growing threat of cyber-attacks too. It’s imperative that our critical infrastructures and assets are proactively protected from these growing threats.”
Among a number of significant warnings for business and state organisations, Ward also believes that most Irish organisations do not yet realise the scale of the challenge to become compliant with the impending General Data Protection Regulation (GDPR) legislation, which is due to come into force in May 2018.
Looking more closely at security threats for the business community; Pat Larkin, said, “GDPR compliance is set to be the central topic for discussion in information security in 2017. Organisations that act now to become compliant can get ahead of the crowd and begin 2018 safe in the knowledge that they are will not be liable for fines of up to 4% of annual global turnover or €20M, depending on which is greater.
“Many Irish organisations have grossly underestimated the workload required to become compliant by the time the legalisation comes into force in May 2018. When they finally realise the scale of the challenge they will be forced to seek assistance from a limited pool of knowledgeable external resources, and achieving compliance in time will end up costing much more than they bargained for.”
GDPR is a common theme running through many of the findings stemming from Ward’s end-of-year review, with the regulation to have more far reaching consequences for business than many might assume. The legislation will also affect other frameworks such as the Payment Card Industry Data Security Standard (PCI DSS), in that breaches that might previously have been kept a secret by the merchant, acquiring organisation and credit card provider, will have to be publically declared from May 2018.
Other information security developments that Irish organisations should be aware of in 2017 include an increased focus on supply chain assurance demands from business partners, as well as the effect that impending legislation will have on organisations’ cloud strategies, as they grapple with failings of due diligence, risk assessment and the implementation of effective controls. Despite this, the adoption of cloud services will continue to rise in the coming year.
Pat Larkin said: “2017 will see some continuation of the information security trends that we have witnessed in 2016, but also some new developments driven by the approaching GDPR regulation. We really hope that this year will be the year that Irish organisations move from a reactive philosophy to a holistic information security model, which will better prepare them to defend against the advanced techniques employed by cybercriminals.”