Ransomware, New Privacy Laws Are Top Security Concerns for 2019

  /     /     /  
Publicated : 23/11/2024   Category : security


Ransomware, New Privacy Laws Are Top Security Concerns for 2019


Its never too early for New Years predictions. The Information Security Forum is focused on four areas for 2019: ransomware; new privacy laws and regulations; IoT; and supply chain.



In 2019, enterprise security will be all about the data: where it is, who has access to it and who is protecting it.
For Steve Durbin, the managing director of the non-profit
Information Security Forum
(ISF) that focuses on data and how best to protect it, 2019 will mark a return to a more traditional approach to InfoSec, with less emphasis on the cyber attack of the day.
For me, 2019 is all about information security really coming back on trend, Durbin told Security Now in an interview before the organization released its list of the top security trends for 2019. We have talked a lot about cyber, but for me [2019] is more about traditional information security. Its about data and how that data can be shared, potentially compromised, and I think that is the overarch. Its all about digital data and the implications of that.
In fact,
ISFs top security concerns for 2019
-- increasingly sophisticated ransomware attacks, concerns about new privacy laws, the trouble with an increasingly connected world, and rethinking the global supply chain -- all have these concerns about company data at their heart.
(Source:
iStock
)

As Durbin explained:

Its going right back to the data, to the information, and so its about confidentiality, integrity, and availability -- the traditional InfoSec elements. Of course, you have people talking about technology and thats off to one side, but for me its the CIA in InfoSec that we are talking about and how it relates to that specific data, whether its around assets or personal information or whatever that might be. So, its that zeroing in on those traditional security arguments. I think in the past, we got excited about cyber and what you could do with all that stuff and for me 2019 is about people saying, Lets draw that back a bit and talk more about how we protect data assets.

That notion of protecting data is at the heart of why ransomware remains a major concern. Although somewhat eclipsed in 2018 by the rise of cryptomining and cryptojacking attacks, ransomware remains the overarching concern of enterprises, whether its large firms or smaller businesses. (See
WannaCry Continues Rampage 18 Months After First Outbreak
.)
One major concern is the increasingly sophisticated nature of ransomware, where the person or persons behind the attack are willing to spend more time mapping a corporate network and disabling the back-up systems, or encrypting the back-up files, in order to increase the pressure on the company to pay the ransom.
Its an issue Sophos Labs touched on in a recent report that focuses on ransomware campaigns such as SamSam. (See
Sophos: Living off the Land Is the Law of the Land
.)
Additionally, cybercriminals are bundling different attacks together as ransomware spreads, as well as sharing information and best practices. This gives rise to the issue of ransomware-as-a-service. (See
Kraken Cryptor Update Points to Rise of Ransomware-as-a-Service
.)
Were seeing two different trends with cybergangs. One, they are becoming much more collaborative … so they will share information about what works and what doesnt work, and they are becoming much more patient, Durbin said. So, we know that you can live on a corporate network for months without being detected and thats allowing them to see how the systems work and where the back-ups are and thats a real danger for all organizations.
The flipside of cybercrime is, of course, the law, and increasingly governments are creating new rules and regulations designed to address concerns about data breaches and other types of attacks.
These regulations, best exemplified by the European Unions General Data Protection Regulation (GDPR), are increasing, with countries such as China, Russia and
Vietnam
all updating or putting new laws on the books. (See
GDPR Presents New Challenges in Backup & Disaster Recovery Management
.)
In the US, California is setting new standards for data privacy and protection, although a federal law does not seem like a possibility yet. (See
California Looks to Pass Rudimentary IoT Security Legislation
.)
For Durbin, 2019 will be the first big test of GDPR and some of these other laws and frameworks. He noted that the data breach at British Airways is of particular interest to him. (See
British Airways Already Facing Lawsuits Following Data Breach
.)
Youre not going to see the big numbers just yet. I think everyone is waiting around in anticipation of the 4% coming out, said Durbin, referring to the maximum fine under GDPR. The British Airways breach is the one everyone is looking at. Some of the cleanup around that has been done exceptionally well and the ICO [Information Commissioners Office] will take that into account, but they will want to drill into what went wrong.
In addition to ransomware and privacy laws, Durbin and ISF identified two other areas of concern:
IoT
The Internet of Things remains a concern for security pros, especially as the office and home spaces are increasingly mixed, with employees taking corporate data home, which leaves it exposed to an array of connected devices, such as smartphones, smart TVs and other gadgets. By increasing the attack service, more data remains at risk.
Supply chain
By 2019, enterprises will give up trying to improve the security of their supply chain. Instead of focusing on the companies within the supply chain, businesses will put more emphasis on protecting individual components and intellectual property instead of the supply chain companies themselves. This again focuses efforts on corporate data and information and away from trying to ensure the security of a third-party supplier.
Related posts:
Want a Sustainable Security Workforce? Start Getting Innovative
Enterprises Face a Large, & Growing, Cybersecurity Skills Gap
ISF: Balance Is Key to Mobile Security
Cybercriminals Increasingly Targeting Crown Jewels Both Inside & Out
— Scott Ferguson is the managing editor of Light Reading and the editor of
Security Now
. Follow him on Twitter
@sferguson_LR
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware, New Privacy Laws Are Top Security Concerns for 2019