2019 is coming. It’s time for Falcongaze analysts to take a look at main trends in information security for the next year and present it before you. Please take time to read and be aware.
The EU General Data Protection Regulation (GDPR) entered into force in May 2018. It touched companies who deal with personal data of EU resident customers. Now organizations must get permissions from clients to work with their personal data. GDPR has unified collection, processing and storage of any data, which allow to identify a person. The list contains cultural, social, physiological, genetic, mental, and economic identifiers of personality. Such as video recordings made by hotel CCTV cameras, as well as customers’ names at online courses.
For sure, it is complicated to comply with these wide GDPR requirements. Taking into account a fine value imposed for breaking the Regulation and a number of companies, which fall under GDPR provisions, the trend for security policies’ correction will remain relevant in 2019.
Just an information security compliance audit could take from 3 to 5 months. Moreover, it will cost around € 2 million to meet the Regulation requirements as Lattelecom Company stated.
Note that GDPR doesn’t force to use any specific protective means. Organizations can choose on their own a software, which they think will suit them as the best solution. The main thing here is effective information security.
So according to the latest Gartner report in October, 88% of the interviewed companies said that they had installed or were going to install in the next 12 months a software responsible for data security and privacy.
Already we have mentioned above one of the financial burden sources. Therefore, next year organizations will face the necessity to get information about introduced regulations, correct security policies, purchase security software solutions, and hire security specialists. And all that aspects require additional expenses.
Besides that, companies will have to increase budgets to not only comply with laws but protect themselves against growing cybercrime. In August Gartner reported about security costs for organizations in 2017. It appeared to be $101,5 billion – for $12,3 billion more than in 2016. Still wondering for 2018. However, considering the leakage statistics and cost dynamics for previous years, it seems obvious that the expenses will increase significantly.
Companies will have to do a lot for protection, e.g. close vulnerabilities in software designed earlier, because cybercriminals are still ready to exploit them.
Internet of Things (IoT) protection brings a lot of headaches to cybersecurity specialists. Quick release of solutions ahead of the competitors made developers save on everything including security of designed “smart” things. Doing so they created a considerable scope for cybercrime.
What does mean IoT security? Code integrity, identification of real users, rights designation to control the device, ability to repel attacks both virtual and physical. Actually, most of IoT devices are not secure. It is possible to connect them through an external interface using the password as set on default, for example well-known “admin”. Let us recall a recent story about CareLink device programmers by Medtronic Plc. They contained a vulnerability, which allowed to attack pacemakers via Internet giving ability to harm patients directly. 34 thousands of device programmers contained a flaw.
One of the ways to overcome the problem is a government standardization and certification. Thus, the German government has published standards and security guidelines for routers. Though some experts criticized them and called failed, the trend for developing standards for IoT devices will be one of the main in 2019.
Companies more often use ‘cloud’ not only as a place for their data storage but also as complete platform performing different services. The analysts expect that companies will spend on ‘cloud’ up to 22% more in 2019. Comparing to 6% rise for the rest of IT services.
What is the reason for such growth? Convenience and cost savings. You don’t have to install software on PCs and deal with data storage. Some more ‘pros’: set-up of individual parameters; auto update; lack of support costs etc. However, security will remain an issue for SaaS for a long time. Considering not only a hacker threat but also GDPR privacy requirements.
For example, one security officer told a story about his colleague who connected a free cloud service to the company network. After that, he transferred through it an information about security issues in the software produced by the company. The transfer used ‘http’ connection, which means that Google indexed the data. Therefore, it was easy to get a public access to it.
Such example prove vulnerability of cloud resources. However, modern business needs them. So improving security is one of the main trends for solution providers.
Finally, let's take a look at integration – a trend that evolves in the field of security software.
Depending on tasks, a company security system could include DLP system, anti-virus protection, web proxy, firewalls, VPN, data encryption, vulnerability scanning etc. When these tools work as a joint product, the company will get the highest efficiency of security system.
Likewise Falcongaze, a developer of SecureTower DLP system (intended to prevent sensitive data leak), has provided an ability to integrate its new software version with SIEM, IRP and BI solutions.
Given the complication of security threats, the trend for collaboration of different developers will only deepen.
Follow the main information security trends and stay out of risk in 2019.