Data Security Predictions for 2017
‘this year has been a year of high profile hack after high profile hack. It seems we still are to learn the lessons of the vital role of data security procedures in order to keep ourselves safe’, says Colin Tankard, Managing Director of data security company, Digital Pathways. Here, Tankard outlines his predictions for the data security world in 2017.
1. Nation state hacks will increase but will be focused on commercial espionage rather than political drivers. This is because of the general decline in prosperity in Asia and the need to seek new products or technologies.
2. There will be a rise in hacks into cloud-based networks, simply due to the increase in companies and individuals embracing the service and thinking it is secure. Invariably users do not protect their data themselves and expect the service provider to do it. This misconception is exposing data to easy exploits that could be fixed by users encrypting their data before they hand it over to an unseen cloud service provider.
3. There will be an increase in BotNet storms leading to more DDoS attacks. This has built up over the past two years due to the increase in interconnected devices through the Internet. The more devices attach, the more botnets can be installed and controlled.
4. We will see an increase in home-attached devices being compromised. Smart TV’s WiFi kettles, home security systems and wireless cameras are all connected to our home networks and most of these do not have robust security within them. Often there is no password change facility, or they use weak chip sets with known vulnerabilities which, when compromised, can identify the wireless encryption key thus allowing the hacker to fully connect to the network.
5. 2017 will also see the enforcement of a number of Acts (Patriot Act, RiPA, Draft Communications Data Bill etc.) in readiness for the General Data Protection Regulation (GDPR) coming into force in 2018. The result of such enforcements might not be directed at an individual or organisation but could still stop them having access to their data due to a third party being the target of the enforcement and the servers they were using being impounded, thus denying the valid user access to their data.
6. We will see a change in attitude to disaster recovery as, historically, data was backed up, at best, on a weekly basis, with each back up being over written the following week. But now, with the increase in ransomware attacks, companies are finally realising that they need more historical data back-ups are starting to hold back-ups for weeks, if not months, in order to ensure that they can go a long way back in time before the ransomware was first installed.
7. We will see the dawning of network monitoring for all sizes of organisation. Often seen as a luxury, now it is a must in the early detection of a network or data breach, as it is taking, on average, eight months for an organisation to detect a breach.
8. With the impending GDPR regulation coming in May 2018 organisations will need to implement forms of user monitoring and especially install protective marking of data to ensure it is not leaked to unauthorised individuals. This will help organisations avoid the high fines allowed within the GDPR rules which, currently, are set at 4% of worldwide gross turnover.
9. The decline in mobile apps will begin, as this space is getting too crowded. The cost of developing, supporting, marketing, upgrading and maintaining the mobile app is much higher than originally anticipated and coupling this with the very real issue of app security, means that the risk of a breach via an app is too risky for most companies to underwrite.
10. Lastly, I would like 2017 to see a WiFi enabled coffee mug invented, in order to notify any interested parties that I need a top up!