Is cybersecurity a priority for your business?

Do new regulations and recent cyberattacks provide enough of an incentive for companies to focus on digital security and data privacy?
9 July 2018

Alexander Nix, CEO, Cambridge Analytica, on Centre Stage during day three of Web Summit 2017 at Altice Arena in Lisbon. Source: Flickr / Sam Barnes/ Web Summit via Sportsfile

In light of the recent Facebook and Cambridge Analytica data scandal, and the new General Data Protection Regulation (GDPR) implemented by the European Union (EU), companies are taking cybersecurity more seriously.

As a result, businesses are more likely to invest in security and risk management tools and solutions now.

According to Gartner, security leaders should harness this increased support and improve their organization’s operational resilience to cyberthreats.

The Equifax data breach that cost the CEO, CIO, and CSO their jobs, a WannaCry attack that caused worldwide damage estimated at between US$1.5 to US$4.0 billion, Verizon’s US$350 million discount on its purchase of Yahoo! as a result of the latter’s data breach, among other high-profile cases, have sensitized businesses.

“Business leaders and senior stakeholders, at last, appreciate security as much more than just tactical, technical stuff done by overly serious, unsmiling types in the company basement,” said Peter Firstbrook, Research Vice President at Gartner.

Further, businesses are also more careful about the word of law today.

The regulatory and legal environment is getting ever more complex, with the EU’s GDPR and California’s new Data Privacy law.

At the same time, the potential penalties for failing to protect data properly have increased exponentially.

The GDPR, for example, can levy a penalty of up to EUR20 million or 4 percent of a company’s worldwide turnover (whichever is greater).

In the U.S., the number of organizations that suffered data breaches due to hacking increased from under 100 in 2008 to over 600 in 2016, according to Gartner.

“It’s no surprise that, as the value of data has increased, the number of breaches has risen too. In this new reality, full data management programs — not just compliance — are essential, as is fully understanding the potential liabilities involved in handling data,” explained Firstbrook.

As a result, companies are looking at new and innovative technologies that can safeguard their data and protect the business against cyberattacks.

However, as new detections technologies, activities, and authentication models require vast amounts of data, they can quickly overwhelm current on-premises security solutions., which is driving companies to look for cloud-delivered security products.

These are more capable of using the data in near real-time to provide more-agile and adaptive solutions.

According to Gartner, the shift to the cloud creates opportunities to exploit machine learning (ML) to solve multiple security issues, such as adaptive authentication, insider threats, malware, and advanced attackers.

Some of the 3,600 security professionals interviewed for the Cisco 2018 Security Capabilities Benchmark Study stated they were reliant and eager to add tools like ML and artificial intelligence (AI) but were frustrated by the number of false positives such systems generate.

“While still in its infancy, machine learning and AI technologies over time will mature and learn what is “normal” activity in the network environments they are monitoring,” Cisco’s report said.

Analysts at the Gartner, however, predict that by 2025, ML will be a normal part of security solutions and will offset ever-increasing skills and staffing shortages.