Industry & Business

Cyber criminals will change their tactics in 2017 to exploit growing fears of brand damage and escalating fines, according to Ward Solutions, which announced its 2017 cyber security predictions on Tuesday. Criminals are expected to change their ransomware attacks to focus increasingly on acquiring customer data held by organisations and then threatening to disclose these data breaches to relevant authorities such as the Data Protection Commissioner.

While ransomware attacks and data breaches are set to grow this year, Ward expects that “breach fatigue” will set in amongst the general public, resulting in organisations being held more accountable by  key stakeholders such as shareholders and regulators. This could result in more serious repercussions for information security, with poor incident handling and non-disclosure causing particular challenges.

“The general public are increasingly growing tired of being told that their personal data may or may not have leaked into the wrong hands,” Ward Solutions CEO Pat Larkin said. “This fatigue offers huge opportunities for cyber criminals as consumers drop their guard. It also places an increased responsibility on organisations to secure and protect all of the customer and third party data that they collect and handle.”

Looking at the growing threat of cyber warfare, Ward believes that 2017 could see state sponsored cyberterrorism escalate to a point that prompts a military response.

“2017 could be the year that sees a country respond to a cyber-attack with a show of military force, resulting in the first bullets or missiles flying in response to cyberterrorism. We would hope that Governments and security agencies engage in coordinated preventative measures so that this particular prediction isn’t actually realised. In Ireland, we also need to be more prepared and joined-up in our approach to the growing threat of cyber-attacks too. It’s imperative that our critical infrastructures and assets are proactively protected from these growing threats.”

Among a number of significant warnings for business and state organisations, Ward also believes that most Irish organisations do not yet realise the scale of the challenge to become compliant with the impending General Data Protection Regulation (GDPR) legislation, which is due to come into force in May 2018.

“GDPR compliance is set to be the central topic for discussion in information security in 2017. Organisations that act now to become compliant can get ahead of the crowd and begin 2018 safe in the knowledge that they are will not be liable for fines of up to 4% of annual global turnover or €20M, depending on which is greater.

“Many Irish organisations have grossly underestimated the workload required to become compliant by the time the legalisation comes into force in May 2018. When they finally realise the scale of the challenge they will be forced to seek assistance from a limited pool of knowledgeable external resources, and achieving compliance in time will end up costing much more than they bargained for.”

GDPR is a common theme running through many of the findings stemming from Ward’s end-of-year review, with the regulation to have more far reaching consequences for business than many might assume. The legislation will also affect other frameworks such as the Payment Card Industry Data Security Standard (PCI DSS), in that breaches that might previously have been kept a secret by the merchant, acquiring organisation and credit card provider, will have to be publically declared from May 2018.

Other information security developments that Irish organisations should be aware of in 2017 include an increased focus on supply chain assurance demands from business partners, as well as the effect that impending legislation will have on organisations’ cloud strategies, as they grapple with failings of due diligence, risk assessment and the implementation of effective controls. Despite this, the adoption of cloud services will continue to rise in the coming year.