30 January, 2016

Cybersecurity lessons we can learn from 2015 and predictions for 2016.

Last year saw new cybersecurity threats making headlines with worrying regularity due to major data breaches, attacks and online scams. The Ashley Madison hack, that linked cybersecurity and extra-marital affairs, not only affected 37 million individuals but also highlighted a rising cybercrime trend by hackers to use stolen data to blackmail consumers (which in this case has been now linked to two cases of suicide).

US organisations accounted for the majority of really large data breaches in 2015 (the Anthem Healthcare breach alone impacted 80 million people) but UK companies both large and small experienced successful attacks that impacted their bottom line and reputation.

The Talk Talk breach not only demonstrated the potential financial impact of a breach (£60 million) and the consequences of poor crisis management but the arrest of an Antrim teenager for this crime highlighted to the Northern Ireland business community that hacking is not just initiated in foreign realms. The breach at Moonpig was noteworthy as this was achieved via a mobile app and is an indication of where we can expect further issues in the future.

Overall the global costs of cyber-attacks to business continued to reach new heights and are estimated by Forbes to have risen to between £270 billion and £340 billion. In the UK the costs of a security incident to a small business were estimated to be between £75K-£311K (PWC – Information Security Breaches Survey 2015) and new Office of National Statistics figures estimate 2.5 million cyber-crime offences in the UK over that past year.

SO WHAT DO NI BUSINESSES AND LOCAL GOVERNMENT NEED TO CONSIDER FOR 2016?

  • Malware and in particular Ransomware will continue to evolve and adapt to evade defensive technologies making software patching still one of the most effective controls to minimise cyber threats.
  • The growth of Internet of Things networks and devices where security is not built in by default will lead to new opportunities for data theft
  • Attacks against cloud services will increase as more applications and data are migrated to cloud environments. Organisations utilising the cloud need to fully understand their own security responsibilities as the scope of the cloud providers’ security is often limited.
  • Larger organisations and government will increasingly mandate better cybersecurity hygiene from theirSME supply chains. UKSME businesses will take up accreditations like the Government’s Cyber Essentials Scheme to demonstrate their level of maturity.
  • The cyber insurance market will continue to show significant growth as organisations look to transfer some of their cyber risk. Insurers will demand evidence of better security behaviours to reduce premiums.
  • As organisations realise that it a case of when and not if they suffer a cyber incident, more focus will be placed on the ability to detect attacks through security analytics and on having adequate incident response processes in place. The boards of SME’s will also start to ensure cybersecurity is considered as a board agenda item.
  • The shortfall in skilled cybersecurity workers will drive further growth and reliance on managed security services.
  • The HMG 2016 National Cyber Security Strategy will drive closer partnerships between the public sector and industry, develop stronger UK cyber resilience and drive measures to help address the cybersecurity skills shortage
  • Businesses in NI will start to collaborate more with the law enforcement agencies through schemes such as the Cybersecurity Information Sharing Partnership to collectively tackle cyber-attacks.
  • There will be significant growth in the number of sophisticated attacks targeting NI companies by criminal organisations resulting in data theft, fraud and extortion.

Ensuring Northern Ireland is one of the safest and most trusted places to do business is more than a New Year’s resolution for Northern Ireland organisations – it’s essential!