One of the benefits of being both editor of this magazine and an industry executive in a commercial cybersecurity business is the observation gained from real experience in the field. From my perspective, whilst the large story of the year so far has been the GDPR coming into effect on 25 May 2018, which clearly created some commercial opportunities, I have also noticed how slow the decision taking cycle has moved in the year to date.
Prior to the GDPR deadline in the earlier months of this year, even the easiest tasks of booking meetings and getting relatively simple legal documents reviewed became incredibly drawn out affairs. Some instances of tasks that would normally have taken days to close, became months to resolve whilst legal or technical resources tried to reach each other to clarify points between them. Post GDPR deadline, there was a brief catch up and multiple apologies for lack of availability, but this seems to have quickly reverted to the realization that other technology related projects which had been delayed or deferred now urgently needed attention, so once again we observe delays.
In this issue we have a number of articles looking at the subject of what next now that GDPR in enforceable. Whilst it should be business as usual there are still many areas that business still need to stay abreast of process, training and even implementation of projects to enhance compliance. The deadline came and went but in truth workloads still remain excessively high and grey areas of interpretation still exist. Against this backdrop demand for skills still outstrips the supply and I recommend reading the Money Talks article which sets out a raft of facts that only illustrates just how hard it is to hold on to your best resources.
Keeping your teams motivated, engaged, trained is a continual part of leadership but you can achieve significant boost and recognition by entering industry awards and allowing staff to attend conferences. Last year, I attended the Industry Awards which are promoted in this edition and wholeheartedly recommend both entering and attending the awards. For those who are London based attending the monthly CyberTalks networking events is recommended, details can be found on the website advertised in this edition. I regularly attend the Cybersecurity Trends conferences which is supported by the United Nations ITU. The next such conference will be held 11-13 September in Sibiu, Transylvania, details to reserve delegate places can be found on one of the adverts in this edition.
Whilst we have yet to have a high profile fine directly related to the new GDPR enforcement, we are starting to witness Next-Generation Cyberattacks. In April alone, U.S. defense and law enforcement agencies said they detected a new wrinkle in the latest attack methods. Instead of going after a vulnerable “backdoor” to a network, hackers were now targeting internet router devices.
Once the router is compromised, they can let their so-called “man in the middle” attack work its magic. As information flows back and forth between the user’s computer and the internet, the hackers monitor the information and collect what they want, or feed in new data to further confuse the victim.
These new cybersecurity attacks also point to yet another threat. Instead of a lone-wolf hacker sitting in a darkened room with a laptop, newer attacks increasingly appear in state-sponsored form. Analysts have taken to calling these “Generation V” attacks. That doesn’t mean that catchwords like “Russian hackers” or “North Korean attacks” are always accurate. But the attacks are becoming more sophisticated as the “black hat” hacker community encounters new cyberdefenses, then uses digital clues to more or less reverse engineer their way to a solution.
The scary part? As researchers at Check Point Software noted recently, these “large-scale and multivector mega attacks are using advanced attack technologies. Detection-only-based solutions are not sufficient enough against these fast-moving attacks. Advanced threat prevention is required.”
All of this means continued spend in the Industry in the search for effective solutions. According to new data from analysts at Juniper Research, they believe global companies will boost their spending even further. They see investments in cybersecurity products and services rising by 33% over the next four years. By 2022, corporations will be spending more than $130 billion a year on this stuff. Why? Well, the threat isn’t going away. For every hole in a network that gets plugged, hackers find another way in.
Another way to retain staff is by automating the task workload so that staff work on more challenging and interesting tasks rather than the menial, volume related tasks. Automation is an area of rapid advancement. In this edition we have excellent articles from Thales on automation in Airport Security and another article on why cyber criminals are probably winning. Looking back at history can often provide valuable lessons for the future and the article on the challenges that led to the fall of the byzantine Roman empire is worth noting for the communication challenges that arose, a situation that will undoubtedly happen in cybersecurity unless automation tools are embraced to free up time to get back to communicating between teams and business units across the Enterprise.
If we are to address complacency then it is Board and the Executives that need to set the tone of the culture to discuss and address these issues. Without an effective culture, collaboration even within the business will fail and breaches will remain common place. We invite you to join in the process and submit articles or suggestions for us to cover.
The goal of this publication remains to open up knowledge and information sharing across research and commercial activities, so providing a bridge between public and private dialogues, in an aim to help our world operate more safely giving the growing frequency of attacks that seem to endlessly get media attention.
If you would like to contribute articles or have suggestions for us to cover in future editions of the magazine, or even wish to purchase hard copy versions of the magazine to give to your customers, please do contact us via email at firstname.lastname@example.org.
On our website http://www.cybersecuritytrends.uk you can also view publications in other languages /countries and purchase advertorials for future editions.