More is More: Cybersecurity Trends to Watch
As we wind down to the end of the year, it’s always important to take stock of where the current state of cybersecurity stands, and anticipate the paths it will take in the year to come. Looking at just such an article from Health Data Management, I’d say what we can expect is, perhaps unsurprisingly, more of the same. With the emphasis on the word “more.”
Cyber threats and concerns for organizations of all stripes remain familiar. Insecurity in burgeoning technologies, like the Internet of Things creating an exponentially wider attack surface; lurking Malware strains; user vulnerability and the need for staff education to combat it; hacks sponsored by nation-states; even companies still using single factor passwords, rather than mitigating that risk with multi-factor authentication.
In all these cases, the common trend will be upwards. These risks aren’t going away, only growing more sophisticated. How organizations respond will determine their reputation, finances, stability, and boardroom employment. And we have yet to see anyone fall afoul of the worst of GDPR’s penalties, bringing the hammer down the hardest. We haven’t mentioned the Cathay Pacific data breach here yet, but it is one incident that Ian Kilpatrick, executive vice president of cyber security at Nuvias Group, believes could still be a prominent demonstration of those penalties, depending on what side of the May 25 cutoff Cathay’s breach ultimately fell.
As of now, we know that the airline experienced breaches over a prolonged period, whose zenith lasted from March to May. But it didn’t end there, and all told over 9 million passengers had their personal information compromised, including passport numbers and some credit card numbers.
Cathay has given all the usual responses: finding no evidence yet of misuse of the accessed data, growing its IT security staff, helping those affected. Meanwhile, Hong Kong’s Privacy Commissioner for Personal Data has launched an investigation into the breach, including why it took until late October for Cathay to make it public (which Cathay explains was due to the scope of the attack and the duration of their own investigation into the data stolen).
Kilpatrick states that C-suite executives are, for the more part, more cognizant than ever about the importance of data security, no longer relegating it to the back burner but demanding improvement. The higher-ups at Cathay may very well fit this description, but with the airline already facing struggles against lower-cost rivals, landing in this type of hot water is an extra challenge.
No matter what year it is, however, isn’t that just more of the same?