HBO, Verizon, Equifax, Sonic and Uber were just a few of the countless blue chip names – and by extension their customers – to fall prey to massive cybersecurity breaches in 2017.
A number of high-profile figures also had their financial dealings exposed by the ‘Paradise Papers’ breach.
Governments and critical national infrastructure was also targeted. US Air Force’s security clearances, confidential CIA documents and the records of Californian voters were all leaked. A ransomware attack targeted Ukrainian utilities like power companies, airports, public transit, and the central bank.
No organisation it seems is inoculated against the threat. Even cybersecurity doyen John McaFee was not safe; his Twitter account was hacked.
If methods deployed by traditional criminals in physical-world crimes like extortion, heists, armed robberies or drug distribution evolved only slowly, the cyber threat mutates by the day as cybercriminals develop new forms of attack to blindside its targets.
In 2017 alone we saw the emergence of new ransomware variants like Wannacry, NotPetya, Locky, GoldenEye, and Jigsaw, which spread round the world at dizzying speed.
It’s uncontroversial to say, then, that 2018 will inevitably be an eventful one for cybersecurity, with inummerable new jargon to absorb.
David Ferbrache, CTO in KPMG’s cybersecurity practice, has set out 10 trends we can expect to see in 2018.
1. Expect zero regulatory tolerance when GDPR comes into force
The General Data Protection Regulation (GDPR) comes into force across the EU – including the UK – from 25 May. It reshapes data protection law and stiffens penalties for breaches.
David Ferbrache: “Most firms have taken time to understand what GDPR may mean for them, and in many cases have reviewed (or even partially disposed of) their holdings of personal data. It is far harder to predict quite how sanctions under GDPR will be applied by the various regulators.
“We can expect a few high profile examples to be made early on, but perhaps not the tsunami some expect. Nevertheless, privacy rights are on the agenda, and we can expect zero regulatory tolerance for the long delays in notification of major breaches seen recently.”