Often it seems that hardly a month can pass without another high-profile data security scandal making the national news. With very little threat of prosecution, increasingly resourceful cybercriminals are, unfortunately, making data security breaches the new norm and, although big companies make the headlines, businesses of all sizes are under threat. So, with this in mind, how is this threat likely to develop during the next 12 months and what steps can be taken to mitigate risk?
The prediction is that the increasing prevalence of ransomware is sure to continue. Anecdotally, it seems that this is already the most frequent type of cyber-attack to affect CPs. The potentially huge fines introduced by GDPR, make companies that hold sensitive personal data a huge target. It’s very likely that we will begin to see more advanced types of ransomware that are specifically designed to commandeer personal data.
Data controllers need to take appropriate precautions and to have adequate cyber security in accordance with whatever risk policies they might have. When it comes to selecting partners that offer cyber security services, it’s important to do your homework. You need to be confident that your cyber security firm does not overpromise, then underdeliver.
Check your suppliers’ credentials carefully. Look at how long they have been trading. What is their own information security record like? What qualifications do they hold? Any company that has gained certification for the ISO/IEC 27001 Information Security Management standard is sure to have been audited extensively, so this is a fairly reliable benchmark of quality in this crucial area.