IN the midst of businesses becoming GDPR compliant, cybersecurity measures have moved from purely technical, to political. A recent survey involving some 900 security professionals at the “Infosecurity Europe 2018’” conference attempted to gain insight into the current state of cybersecurity threats. Some 56 percent of respondents said they believe that cybersecurity is becoming a political pawn. This shift indicates that cybersecurity isn’t only infiltrating personal lives, but society, as well.
However, data issues like GDPR compliance, or lack thereof, shouldn’t be the only focus for businesses. Here are the top 5 cybersecurity concerns for professionals in 2018. And please take note that the cybersecurity concerns are not limited to the European Union’s GDPR compliance; they also play a major role in the Philippine Data Privacy Act compliance:
- Phishing
Phishing is the reigning winner of internal threats, with nearly 55 percent of participants agreeing it is the biggest risk, said the survey, explaining that it is the human element of phishing that makes it appealing to cybercriminals. Unfortunately, no single precaution can be used to prevent a phishing attack, continued the report.
Most breaches are actually caused by human error, said the survey, highlighting the vitality of user awareness and education. However, it is becoming obvious that user education alone isn’t enough—businesses need a multilayered defense of technology, processes and people.
- Ransomware
Weighing in at 45 percent, ransomware was the second-highest internal worry for professionals. Since ransomware is a highly public threat, business pros feel even more pressure, having to respond to the security breach in the public spotlight, said the survey.
- The cloud
Participants said they were growing concerned about possible attacks in the cloud, with 52 percent worried that cloud-based threats will become an increasing reality in the future. While the cloud is extremely useful to businesses, it can quickly turn into a threat if not secured properly, said the survey. Cloud functionality is still so new, however, that most threats have yet to be realized, continued the survey.
- GDPR
Industry observers are still waiting for a breach with GDPR, but until then, it brings a host of different concerns for business, said the survey. Companies have been forced to completely rearrange and reorganize management of customer records, said the survey. And failure to be compliant with GDPR standards can be a huge hit to businesses, financially and socially, causing consumers to shy away from businesses that don’t protect their data.
We are certainly observing the same issues in the Philippines, implementing the data privacy protection and cybersecurity regulations.
- Cryptocurrency mining
Cryptocurrency mining is a relatively new trend, in which cybercriminals infect machines in order to commandeer their CPU power and steal Bitcoin, said the survey. Businesses still have some work to do to stay protected, with 29 percent of respondents not confident in their cryptomining protection and 24 percent unable to detect cryptomining activity.
The survey result certainly raises a difficult strategic question for compliance leaders: How do you balance worries about compliance/cybersecurity risk with worries about reputation risk?
Certainly, a company cannot ignore compliance obligations; they’re required by law or regulation. But let’s not kid ourselves, either: A compliance risk gone wrong usually leads to an investigation, a negotiated settlement and, perhaps, a corporate penalty. A reputation risk gone wrong, however—gets senior executives fired. Or it punishes the stock price and leads to lawsuits. Or it sparks a social-media campaign that punishes the stock price and gets senior executives fired.
Above all, in our modern world soaked in social media and brimming with distrust in organizations, reputation risk is what scares the board.
So compliance officers must figure that fact of corporate life into the programs they run. Boards will appreciate it, and in many instances, reputation risk is the bigger potential threat to an organization anyway.
I hope I have provided you with enough arguments to understand how important compliance management is. These and many other arguments were the reason I am focusing more and more on compliance management and on services that will protect companies and managers from fines, criminal suits and reputation losses.
Feedback would be appreciated—contact me at Schumacher@eitsc.com.