1. Supercharged connectivity and the IoT
The Internet of Things (IoT) needs data to work, and with 25 billion things projected to be connected to the web by 2020, and the average user expected to interact with a connected device every 18 seconds, these exchanges will flood the world with data.
Of course, the more devices a business uses, and the more information these devices have access to, the more we are all exposed. But with modern technology designed to link and share, stringent security could be problematic, and organisations may be tempted to overlook it in favour of convenience.
But with the threat to reputations and even business continuation a real and present danger, when devising and deploying IoT solutions, organisations must ensure they are fully aware of:
- What devices are being used
- What data they have access to (and what they need to have access to)
- Where any threats exist (and the implications of these)
- What security measures (e.g. access controls) are necessary to minimise the risk.
2. Sophisticated crime syndicates
In 2017, cybercriminals are becoming more sophisticated and diversifying into new markets. They are committing fraud, stealing information, causing havoc and even influencing governments.
Crime as a service has become commoditised, and, in a bid to make as much money as possible, criminal syndicates are now sharing information and collaborating with one another on an unprecedented scale. In addition, as the market becomes more competitive, buyers of these illegal services can access them at a lower cost.
So, here again, an understanding of the risks and a robust disaster response plan are essential. To limit the impact of losing access to your data, you should also put a disaster recovery plan in place. To do this:
- Conduct a threat assessment
- Conduct a business impact analysis
- Establish a comprehensive backup strategy
- Define SLAs with any data management partners.
What’s more, business and IT must also cooperate more if they want to keep one step ahead of the criminals.
“Everyone faces the same challenges. We just don’t work together as well as the guys with the blackhats.”
Tech ONTAP Podcast
3. New data regulations
As the number of data breaches is expected to grow, tighter data protection legislation is on the way. In fact, the General Data Protection Regulation (GDPR) requires EU businesses to become compliant with the new laws by 25th May 2018, with a failure to adhere incurring a maximum penalty of €20 million or 4% of worldwide turnover.
While many IT managers are confident they have “some”, “good”, or “full” understanding of the General Data Protection Regulation, there are a number that admit they “don’t know what GDPR is.”
The GDPR introduces many changes for organisations including (but not limited to):
- A broader definition of personal data (bringing more data into the regulated perimeter)
- More stringent requirements for processing children’s data
- Changes to the rules for obtaining valid consent
- The mandatory appointment of a data protection officer (DPO) for certain companies
- New requirements for data breach notifications
- New restrictions on international data transfers
- New requirements for data portability
- Ensuring that processes are built on the principle of ‘privacy by design’.
These changes are going to require businesses to invest in policies and resources that ensure compliance; with the cost of any breaches about to become very expensive. What’s more, organisations are going to have to make sure they are aware of any additional regulatory changes (in all the jurisdictions they operate in). For example, exactly what happens after Brexit is still unknown and could depend on a variety of factors.