Page 77 - Cyber Defense eMagazine - November 2017
P. 77
3. Privacy concerns will drive new requirements: New laws impacting cybersecurity
practices are being implemented around the world, with Europe’s General Data
Protection Regulation (GDPR) and China’s Cybersecurity Law as two timely examples.
GDPR outlines that to be compliant, companies must follow established cybersecurity
practices and “state of the art” approaches to prevent a breach of sensitive, protected
data. It also institutes new data breach notification requirements, wherein organizations
are given a 72-hour window to notify impacted persons when a breach occurs. This will
present a big challenge for any organization that houses sensitive information, and in
2018, businesses must prepare for increasingly strict legislation and policymaking on
this front. Emerging policy standards will have an impact on how we do business, and
organizations will need to take action to achieve compliance.
4. Increased exploitation of information as a weapon: Mainstream news has been
inundated with headlines related to hacking into sensitive information and the use of that
information for financial, political, and other gains. As we’ve seen a number of times,
such as with Sony and Equifax, these breaches can have a huge reputational and
financial impact on corporations, and executive leaders of breached companies will
become increasingly held responsible for failing to prevent and detect these types of
attacks. Cybersecurity professionals should expect additional exploitations and
intrusions into sensitive data and must be prepared to stay ahead of malicious actors to
ensure they are not gaining entry into sensitive files and email communications.
Cybersecurity is a dynamic field, and it is difficult to predict exactly what we’ll face tomorrow, let
alone in a year. But implementing holistic programs that are intelligence-led and built on lessons
learned from previous incidents is the most effective approach to ensuring a more secure and
resilient future. Proactive intelligence gathering is also critical in evolving cybersecurity
programs in parallel with evolving threats. Sharing of intelligence between private industry,
government, and international partners is another important step to prepare for the implications
of cyberwarfare, privacy regulations and other challenges on the horizon. By taking these
steps, businesses can be sure they are ready to face the cyber threats of 2018.
About the Author
Anthony J. Ferrante is a Senior Managing Director at FTI Consulting and
is based in Washington, DC in the Global Risk & Investigations Practice
(GRIP) of the Forensic & Litigation Consulting segment.
Mr. Ferrante has more than 15 years of top‐level cybersecurity
experience, and maintains first‐hand operational knowledge of more than
60 criminal and national security cyber threat sets and extensive practical
expertise researching, designing, developing, and hacking complex
technical applications and hardware systems.
77 Cyber Defense eMagazine – November 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
