Businesses are set to make 2018 a record year when it comes to security spending, according to Gartner predictions. As Michael Moore reports in his IT Pro Portal: article, “2018 to See Surge in Enterprise Security Spending,” the analyst firm forecasted that security spending will top $96.3 billion in 2018 – an eight per cent increase from this year, as companies aim to safeguard themselves against the growing cybersecurity threat landscape.
In addition, Gartner estimates that by 2020, more than 60 percent of organizations will have invested in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 per cent today.
In the HelpNetSecurity article, “What’s on the Horizon for Security and Risk Management Leaders?,”Zeljka Zorz reports that Gartner is predicting that by 2020, 60 percent of organizations engaging in merger and acquisitions activity will consider cybersecurity posture as a critical factor in their due diligence process. Gartner analysts also believe that by 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of business relationships.
What are your short term and long-term predictions for data security? We would love to hear from you. In the meantime, here’s a roundup of other top data security stories making headlines or providing insights for the week ending December 8, 2017:
“Is your mainframe security GDPR compliant?,” in HelpNetSecurity: Only one in four IBM mainframe customers questioned in a new UK survey are confident that their system security complies with the incoming General Data Protection Regulation (GDPR). 31 percent think they are not compliant, while 40 percent do not know. Around four percent are unsure what the GDPR is.
“Five Key Trends to Watch in 2018 as Cybercriminals Continue to Innovate,” in HelpNetSecurity: The McAfee Labs 2018 Threats Predictions Report identifies five key trends to watch in 2018: The evolution of ransomware from traditional to new applications, the cybersecurity implications of serverless apps, the consumer privacy implications of corporations monitoring consumers in their own homes, long-term implications of corporations gathering children’s user-generated content, and the emergence of a machine learning innovation race between defenders and adversaries.
“Security and Costs Holding Back Those Looking to Implement IoT Projects,” in HelpNetSecurity: While 94 percent of IT professionals from organizations that are undertaking Internet of Things (IoT) initiatives say they need to invest in IoT over the next 12 months in order to stay competitive, most admit they have encountered barriers to adoption. These mainly include security concerns, the cost of implementation and commitment from the company’s leadership.
“Nearly All Firms Found Vulnerable to Insider Data Security Threats,” by Bob Violino in Information Management: A large majority of organizations – some 90 percent – are vulnerable to insider security threats, and about half experienced an insider attack in the last 12 months, according to a new report. The study shows that the main enabling risk factors include too many users with excessive access privileges (cited by 37 percent), an increasing number of devices with access to sensitive data (36 percent), and the increasing complexity of IT (35 percent).
“PayPal Admits Acquired Company Suffered Major Breach,” by Phil Muncaster in InfoSecurity: PayPal admitted a massive data breach at recently acquired TIO Networks affecting 1.6 million customers. The payments giant said in a statement that TIO’s operations had been suspended while it investigated “security vulnerabilities” in the firm’s platform. PayPal was quick to point out that its own platform “is not impacted in any way” and that PayPal customer data remains secure.
“Cybercrime Now Driven by Four Distinct Groups,” by Dan Raywood in InfoSecurity: A new report determines that there are four distinct groups of cyber-criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. The report said that the entrance of new participants has transformed cybercrime from isolated and individualized acts into pervasive, savage practices run by distinct groups of individuals.
Legal & Regulatory
“’Snoopers’ Charter’ Changes Put Forward,” in BBC.com: The U.K. government has proposed changes to the Investigatory Powers Act (IPA) after accepting that some parts of it are “inconsistent with EU law.” This may impact the kind of metadata communications services can be told to collect.