As I write the editorial for this second English language edition of CyberSecurity Trends, in the height of the European summer, it seems after the regular attention that cyber-attacks were generating during Spring that some calm has been restored. How long that will last none of us know.
The one story that continues to rumble on is to what extent Governments were and have been involved in cyber-security breaches that ultimately lead to more commercial attacks. This edition features a thought provoking opinion piece on cyberpower and where this might all go (page 8). There is also a useful introduction to the role of the World Trade Organisation and where the W TO stands on digitalization, in a VIP interview (page 18).
Increasingly we are becoming more connected every day. This edition has a number of articles sourced from across Europe that look at the impacts and risks of connected cars (page 14), connected cities (page 26), security in the context of the Internet of Things (IoT ) (page 20) and can we really mitigate the increasing connectivity risk by design, or have we already gone too far to truly protect privacy (page 16).
The goal of this publication remains to open up knowledge and information sharing across research and commercial activities, so providing a bridge between public and private dialogues, in an aim to help our world operate more safely giving the growing frequency of attacks that seem to endlessly get media attention. I would highly recommend all readers to look at the Biblio section (page 44) as there are fantastic summarized write-ups on a broad range of international publications in the field of cybersecurity.
Of course, increasing connectivity and the wealth of data that is collected brings other threats that are not just commercial. Some incredible research into how sexual violence has already crossed the physical world into digital world has been published using Australia and UK as the case study. The results are alarming and a wake-up call. This very well written summary of the research (page 31) is a must read for anyone in a Human Resource or Executive capacity. What controls are we putting in place in our organizations to stem the rapid rise of digital sexual violence?
In terms of corporate culture and the changes needed, this is another area that Executives and Human Resource teams will need to lead on. This is one of the core concerns raised in the VIP interview (page 38) regarding the challenges and threats in cybersecurity. With over one third of all breaches originating from insider threats (page 34) we have
an article discussing insider threats and mistakes and this applies to large or small businesses.
We continue to move rapidly toward the May implementation date for the GDPR. Whilst large companies already have teams working away on compliance, with SME’s there still seems to be a significant lack of awareness of the breadth and impact of these changes.
Many of the executives I meet from smaller mid-size companies in my role as CEO of iCyber-Security Group still have not even heard of the new data protection regulation revisions.
This is concerning especially given the potential fines and personal liabilities at stake.
For many of these smaller sized businesses they are likely to leave compliance either to the last minute or even after the deadline date. With such little time to make significant changes, for many of the directors of these businesses, the question will arise if self-certification is possible (page 24) and demand will grow for templates to be made available.
The GDPR changes are as much about organizational improvements in process and the training made available for staff as it is about technological compliance. Whilst data privacy and protection is undoubtedly driven by tools of a technical nature, the need for training at all levels of the organization becomes paramount to improving basic security.
Our industry does not help itself with the complex acronyms, technical product names and every vendor ’s solution seemingly covering all
possibilities. How we move toward something that makes it easier to discuss cyber-security protection and make it less “geeky” and encourage staff to learn and explore how to improve personal security is a huge challenge both in the work and home environment.
It is only by encouraging teams and families to discuss this more, to talk about concerns and fears and useful tips that we can start to make some progress toward a safer society. Possibly one of the first actions we can take is with passwords and our opening article explores why single use passwords (page 6) should be banned.
If you would like to contribute articles or have suggestions for us to cover in future editions of the magazine, or even wish to purchase hard copy versions of the magazine to give to your customers, please do contact us via email at firstname.lastname@example.org.
On our website https://cybersecuritytrends.uk you can also view publications in other languages / countries and purchase subscriptions for future editions.
The next edition to be published at the end of December will have a special focus on Training and looking at the tools needed for Application Security which represents the hottest growth topic on the agenda of C TO’s and CISO’s.