Capgemini on cybersecurity in IoT and blockchain
With technologies evolving all...
According to new research from Invotra, cybersecurity is a key concern for the majority of businesses heading into 2018.
With technologies evolving all the time, so too are the methods and techniques that drive cybercrime, creating a number of issues across the sphere of cybersecurity.
With this in mind, Mike Turner, Chief Information Security Officer, Capgemini gives his key cybersecurity predictions of 2018, looking particularly at IoT, blockchain, DevOps, GDPR and automation:
IoT cyberattack will increase
IoT vendors will face increasing challenges due to their lack of cybersecurity – with attacks potentially on the same scale as WannaCry. Connected cars, domestic devices and industrial supply chains are all at risk, as more and more businesses and consumers fail to protect their networks properly. As well as stealing personal data such as credit card information, hackers will increase the number of ransomware attacks, targeting millions of individuals with low value ransoms that are more likely to be paid quickly by desperate consumers. The economies of scale are huge and apply to security systems, IOS and android apps as well as subscription services such as media and entertainment.
Businesses will struggle to power blockchain technology
Security technologies with begin to leverage blockchain but concerns about the amount of compute power required will restrict its accelerated uptake. While quantum computing could eventually solve this problem, until this technology becomes a reality, businesses will need to adopt other strategies to make blockchain affordable and efficient.
Secure DevOps will grow exponentially
2018 will see SecDevOps become a fundamental element of digital transformation. DevOps is the building block of digitization as many companies look to build and harness applications that can transform their business. The trick has been how to do this rapidly while not undermining the security of your business. New technologies and design methods now allow the automation of security controls so that they can be used during the DevOps cycle rather than added at the end. This plus the greater involvement of security staff in the DevOps cycle will see a vital shift toward more secure Apps development without sacrificing pace and flexibility.
Businesses will not fall victim to GDPR fines – yet
GDPR will pass into law in 2018, but it’s unlikely that any business will actually pay a fine next year. It will take time for the regulation to be actively policed and we anticipate that the first big fine will actually take place in 2019. That’s not to suggest that businesses should rest on their laurels however, but use 2018 to recognize their weaknesses and invest in data security technologies such as encryption to ensure GDPR standards have been met.
Automation will help tackle the cybersecurity skills shortage
Automation will help solve the cybersecurity skills shortage. Threats are growing in number and sophistication and there’s a desperate need for more talent to enter the industry. Automation will help attract the best candidates by removing the mundane, repetitive elements and giving people more opportunity to focus on the fascinating elements of the job.
China announces 6-month campaign to clean up apps
A 6-month campaign has been announced by China’s industry minister, to clean up what it says are serious problems with internet apps violating consumer rights, cybersecurity and “disturbing market order.”
In an online notice the Ministry of Industry and Information Technology said that, among other things, companies must fix pop-ups on apps that deceive and mislead users or force them to use services they might not want.
The order is all part of a wider effort to crack down on tech industries and police use of personal information. Authorities have recently ordered fines and other penalties for some of China’s biggest tech companies.
Earlier this month, the Cyberspace Administration of China (CAC) ordered online stores not to offer Didi's app, saying it illegally collected users' personal data. The company’s shares have now fallen by more than 40% since making its New York Stock Exchange debut on 30 June.
The latest campaign in the tech crackdown
The ministry launched this latest campaign with a teleconference call on Friday and issued its 15th list of dozens of apps it has said require fixing on Sunday.
There are 22 specific scenarios it has said require ‘rectification’, among which the ministry mentioned pop-up windows as a specific problem, especially when all the screen of a pop-up window is a jump link with a false close button.
Other various problems it highlighted were threats to data security due to a failure to encrypt sensitive information while it is being transmitted, and failure to obtain users' consent before providing data to other parties; and malicious blocking of website links and interference with other companies products or services.
It also took aim at illegal broadband networks, which it called “black broadband" that failed to conform to website filing procedures or might be subletting or using illegal access to networks.
Regulators have been stepping up enforcement of data security, financial and other rules against scores of tech companies that dominate entertainment, retail, and other industries.