With the Target breach closing out the year with a bang, specialists have put together some predictions for the year to come. The theme for 2014 is heightened expectations. Consumers and regulators are expected to put more pressure on organizations to step up their security measures throughout 2014.
Kroll Advisory Solutions recently released its annual Cyber Security Forecast for 2014. It is a list of the most significant cyber issues that organizations will have to face in the coming year. Here’s a look at what to expect:
1. NIST and similar security frameworks will become the de facto standards of best practices for all companies. Expect security measures to be driven by international standards and complainces, think HIPAA, SOX, PCI, etc. This means special attention will have to be paid to all parts of the security process, from the initial risk assessment, and implementation, to decomissioning and removal of retired data. Organizations who are not following these currently are going to be expected to get on board quickly or be prepared to face fines and potential legal issues.
2. The data supply chain will pose continuing challenges to even the most sophisticated enterprises. Many companies use third parties to store and process the data they collect, but the process by which that data is protected is often unknown. This can also be said about corporate data at rest, or data resting on off network devices. It is very important to understand how your data is being protected by third parties and how you are containing and destroying data at rest within your facilities. Having a close relationship with the vendors that provide these services is a must.
3. The maliscious insider remains a serious threat, but will become more visible. It is projected that almost half of all data breaches that will occur in 2014 will happen at the hands of someone internally. State and federal governments are beefing up privacy breach notification laws to better inform consumers and other organizations of data breaches. Organizations will no longer be able to hide critical breach information from outside parties as they had in the past.
4. Corporate board audit committees will take a greater interest in cyber security risks and the organization’s plan for addressing them. Now that financial repercussions for data breaches are getting steeper and steeper, corporate audit committees are going to be more involved in the overall process. Cyber security insurance and other forms of protection will be discussed further as well. It is also crucial to look at what indemnification can be offered from other vendors or by your current vendors.
5. New standards related to breach remediation are gaining traction and will have a greater impact on corporate data breach response. At the moment, credit card monitoring is the standard practice in data breach remediation, but that won’t be the case for long. Lawmakers, consumers, and consumer advocates are saying that credit monitoring is not a stand alone solution and more needs to be done. Although there are no legal guidelines for this currently in place the FTC and some individual states are starting to take the necessary steps to make that happen. The goal is to match the remedy to the type of breach, rather than just having a ‘cure-all’ that doesn’t really fix every instance.
Cyber security is gaining more attention every year as fines get higher and consumers become more concerned with the handling of their data. Trends like the ones above will have to continue until state and federal laws can catch up, and as compliances and standards continue to be modified.