17 April 2018

Information Security 2018: What Does the Future Hold?

As Facebook struggles to regain its footing following the recent Cambridge Analytica crisis, the world is looking at data protection and information security with increased scrutiny. So, what better time to look towards the Infosecurity Europe conference in June, and the trends we expect to see there and throughout 2018?

Prioritisation

We have already been seeing a steady growth in the importance of information security over the last couple of years, however, recent news means we can expect to see even more of an increased focus on it and the need for organisations to prepare for cyber-attacks.

In October’s Gartner Survey of over 3,000 CIO’s, digital security was ranked as the second most problematic technology to implement (following AI) for 2018. 36% stated they planned to implement a plan, while 35% had already (at least in part) begun to address digital security concerns. This is a huge step up from the same priorities that were set for 2017, in which infosec was ranked 7th on the list of CIO primacies, and it will be interesting to see how recent events affect this.

Throughout 2018, as the need for information and cyber security grows, we can expect to see infosec gain traction in the market place, and undoubtedly for spending in this area to dramatically increase.

Tackling the skills gap

A huge priority throughout 2018 for the infosec community will be addressing the lack of skilled workers there are in this industry. The statistic that by has been thrown around a lot, meaning that in the case of an attack in the future, organisations will be less able to respond. This deficit already puts organisations at risk in the current infosec climate, and as the threat landscape develops and matures the potential cost to the UK and European economies could be immeasurable. So, over the next twelve months, and indeed for the foreseeable future, a focus for the infosec community will be tackling the skills gap, and the management of data protection while operating at a skills deficit.

Fortunately, there are ways to mitigate against the lack of skilled workers in this arena. In fact, at Infosec Europe, there is a talk devoted to implementing cyber security on a budget and ways to stretch resources. This includes advice on what skills are key to building a strong team, how to develop security professionals and what strategies are needed during the recruitment process.

It’s not ‘if’, it’s ‘when’

One quick look at the Infosec event website shows that a huge number of the speakers will be focusing on improving an organisation’s network defenses, as companies come to terms with the likeliness of cyber-attack, and these strategies cannot ignore the financial consequences. Across the UK, companies are facing the stark reality that they have no financial back up plan in the event of a breach, with 80% of businesses polled at the Cyber Beyond IT event this year admitting to being concerned about the financial implications of a cyber-attack, and 1 in 10 business leaders saying they would pay over £1m ransom to retrieve their data, if stolen.

Throughout the InfoSec conference, we’ll see talks on building in-house response teams, defending the borderless enterprise and strengthening defence to mitigate cyber security risks. With high profile attacks, including the NHS, Target and FedEx, companies are facing the reality that bad actors cannot be stopped, and cyber-attacks are now an inevitable cost of doing business.

Information risk and GDPR

Thus, with the acceptance of attack comes a shift in mindset,­ coinciding with the implementation of GDPR, which we’ve discussed in a previous OneChocolate blog . As organisations accept that they cannot prevent attacks, we will witness a shift towards addressing the information behind the firewall.

Data clean-up is at the forefront of the European business mindset, as the race to ensure compliance before implementation of GDPR in May ensues. However, data privacy and clean-up is something that, regardless of regulation, would need to be addressed by organisations as the importance of information security takes hold. As companies face the fact that, currently, they are lacking in proper defences, then reducing the impact of attack by limiting the amount of data stored will become a focus.

So, there we have it, a look into some of the infosec trends for 2018, both at InfoSec Europe and in general. As we continue through the year, it will be interesting to watch how recent events continue to shape both these trends, and other technological developments in the sector that will emerge for 2019.