Benjamin Franklin, one of the founding fathers of the United States, wrote in 1789: “...in this world, nothing can be said to be certain, except death and taxes”.
Today, a data breach can be added to this famous maxim. Businesses in the 21st century should realise that data breaches are an inevitable side effect of our information-rich society and learn to bolster their defences.
Things get personal
Gartner predicts that IT security spending will exceed $124 billion (R169 trillion) in 2019. This is a 12.4% increase from the previous year. Gartner has identified that there’s an increased focus on building detection and response capabilities. Privacy regulations such as GDPR and the need to address digital business risks will be the main drivers for global security spending this year. The top four IT categories that global businesses will pour their valuable resources into are security services, infrastructure protection, network security equipment and identity access management.
Companies believe that requirements for data security and privacy by design will be the most challenging, but are well worth it as GDPR-compliant firms will be less likely to suffer a breach than those without these measures. If there is a breach in a GDPR-compliant company, fewer records will be impacted and there will be a shorter system downtime.
A new wave of ransomware
As the most profitable form of malware, ransomware is a constant threat to IT security. The researchers at Sophos predict that there will be more attacks in 2019. Recently, researchers have spotted a large wave of ransomware-spreading spam targeting Russian users. Known as Shade or Troldesh, it seems to be a follow-up attack from October 2018 – the attacker/s simply took a break over Christmas.
Ransomware has declined in recent years compared with other attacks, but that doesn’t mean we should drop our guard. Many IT security experts predict an uptick in ransomware attacks in 2019, so it’s wise to be on your guard.
Lack of insight
In the cybersecurity market, people spend too much time trying to pursue "magic technology" when they should be getting to know their system better. What is your overlapping system of controls and capabilities and how do you use them? Companies will often buy various tools and technologies when there’s no one in-house who can handle them appropriately.
If you believe that you bought a whole lot of techniques and you’re safe, then you’re wrong. Focus on where your highest priority is – for instance, cloud infrastructure security might be more important than installing a computer firewall. Unless you have very sensitive information stored on your computer, you should not allow work laptops to remain outside the safety of the company’s IT security policies.
The ransomware attackers behind the SamSam breach broke through by picking off machines with relatively weak passwords that were easily accessible from outside the company’s security perimeter. This shows that a system is only as strong as its weakest link.
The biggest threat to IT security undoubtedly lies in the fact that most companies don't actually know what they’re protecting. In 2019, you will need to figure it out and build a solid architecture to protect your greatest assets.
There is no quick fix for everything. The best advice we can offer is to take it one step at a time. Start with our comprehensive security readiness assessment, then develop the right technology to automate easy tasks, build up trained security personnel to follow up on critical alerts and design sound cyber policies and rules of engagement in the cyberspace.
No matter what 2019 brings, it is best to have IS on your side. Are you pondering whether to keep your cybersecurity solutions in-house or to outsource them? Then review your options by reading our e-book .