The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Sunday, 25 February

Cyber Crime and GDPR - Trends For 2018

David Ferbrache, chief technology officer in KPMG’s cyber security practice, highlights ten cyber security trends we can look out for in 2018. He said:

 

1. Everyone will be waiting for 25th May

“This is the day that the General Data Protection Regulation (GDPR) comes into force. Most firms have taken time to understand what GDPR may mean for them, and in many cases have reviewed (or even partially disposed of) their holdings of personal data. It is far harder to predict quite how sanctions under GDPR will be applied by the various regulators. We can expect a few high profile examples to be made early on, but perhaps not the tsunami some expect. Nevertheless, privacy rights are on the agenda, and we can expect zero regulatory tolerance for the long delays in notification of major breaches seen recently.”

 

2. Criminals will hunt out the weak points

“Organised crime groups are on the hunt for new ways to monetise stolen information and access to systems, and in a post Bank of Bangladesh world they will be increasingly creative in how they do this. We can expect more attempts to initiate fraudulent payment transactions (often with a social engineering elements), as well as ongoing interest in our core financial infrastructure including payment and trading platform gateways. Growing demands are being placed on fraud control and anti-money laundering systems to catch these transactions, while customers demand instantaneous financial transfers. If these controls fail, expect to see a $100 million pay-out from a cyber-attack”.

 

3. Governments will continue to block and tackle cybercrime

“As criminals industrialise cyber-attacks using crime as a service model to rent attack tools and ransomware, governments are increasingly looking for ways to disrupt the infrastructure used by criminals. Closer links with telcos and service providers are being built along with the operational processes needs to block sites hosting malware, detect and counter phishing attacks. Trusted DNS services and Domain-based Message Authentication, Reporting and Conformance (DMARC) will be rolled out at scale across the community by both the National Cyber Security Centre and by organisations such as the Global Cyber Alliance. These community measures linked to improved intelligence sharing will start to make a difference.”

 

4. A new model of cyber security will emerge

“As firms invest more in cloud computing, a new model for cyber security is emerging. Increasingly, firms can look to cloud providers to embed good IT security, but firms still own the problem of setting their requirements and determining just who can access what. The shift towards DevOps and agile development, build on these more flexible infrastructures also demands new ways of embedding security into the development lifecycle and an equally agile test regime. Security can no longer engage at the end of development cycles, and if it does, it risks being seen as a blocker rather than an enabler.”

 

5. Automation of controls and compliance will be the order of the day

“Firms are coming under pressure to contain their burgeoning cyber security budgets. Manpower intensive compliance processes are beginning to give way to continuous testing and controls monitoring, helping firms build a more accurate picture of their IT estate – helping the CIO as well as the CISO. The growing demand for supply chain security and third party assurance will also lead to a burgeoning industry of testing firms offering risk scoring and testing services for those third parties.”

 

6. Digital channels will demand customer centric security

“Digital channels are becoming more and more sophisticated demanding new consumer identity and access management approaches, dynamic transaction risk scoring and fraud controls, and an emphasis on usable non-intrusive security measures which don’t impact the consumer’s experience. Open Banking and the arrival of Payment Services Directive 2 will drive richer interactions between a new ecosystem of payment service providers and the banks who handle our money. A new world of open API is on the horizon, but concerns over criminal exploitation of these rich interfaces abound.”

 

7. The internet of insecure things continues

“Criminal groups continue to exploit insecure ‘internet of things’ devices as sources of attack traffic for denial of service attacks, leading to more and more extortion attacks but also an increasingly sophisticated response from the international community involving telcos, content delivery networks and Distributed Denial of Service (DDoS) mitigation firms. Unfortunately, this response won’t be consistent globally, and many nations may find themselves vulnerable to these attacks which will cause major disruption in 2018.”

 

8. The Shadow of State activity lengthens

“As countries invest to develop their cyber espionage and offensive capabilities, we will see more signs of their activities. Disclosures of high end techniques used by nations will continue, fuelling the opportunistic re-purposing of these vulnerabilities by less sophisticated States and organised crime groups. Expect more evidence of industrial control system attack tools being tested as States explore the potential of this new form of warfare.”

 

9. Balkanisation continues and paranoia grows

“States continue to intervene to protect their national security interests in cyberspace, risking an increasingly complex framework of international regulation and controls around the supply chain for critical infrastructure firms. While there will be some moves to align regulation across the global financial sector around the G7 fundamental elements of cyber security, this will take time and effort to achieve.”

 

10. Resilience and speed matters

“Regulators are focussing on resilience – the ability of an organisation to anticipate, absorb and adapt to disruptive events – whether cyber-attack, technology failure, physical events or collapse of a key supplier. Exercises and playbooks are in fashion as firms try to build the muscle memory they need to respond to a cyber-attack quickly and confidently, while cyber insurance is finding its place not just as a means of cost reimbursement but as a channel for access to specialist support in a crisis.”

 

Picture: David Ferbrache, chief technology officer KPMG

 

Article written by Cathryn Ellis

Share


Related Tags


Related Articles

Calls for Businesses to Face Annual Cyber Security Test

The MD of an ethical hacking specialist says organisations holding personally identifiable information should be required to undertake annual cyber security testing to...

 Read Full Article
KPMG Investigated For Carillion Accounts Shockers

An investigation has begun into the audit of the financial statements of Carillion conducted by KPMG including estimates and recognition of revenue on significant...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
UK GDPR Exemptions & Critical Infrastructure at Risk

The Government has outlined (week ending Sept 22) protections and flexibilities for the financial services, journalism and legal services as part of its plans to update...

 Read Full Article
WannaCry - Don't...Just Learn the Lessons

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus. There...

 Read Full Article
Two On Trial - Two Convicted

Back garden chemist jailed A man who sold controlled chemicals from a back garden laboratory has been sent to prison. On 30 June at Hull Crown Court, 55-year-old...

 Read Full Article
Get the Fire Brigade, a Touch of Class, a Brindley Forging, Stonehenge and Dover Castle

Cleveland Fire Brigade   Cleveland Fire Brigade has let a contract to Robertson Facilities Management (RFM) on a four year duration, at the Stockton-on-Tees...

 Read Full Article
Watch What Staff Click - Ransomware Warning

Colin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in...

 Read Full Article