With new laws, new threats and data breach cover-ups, 2017 was another big year for cyber security. Here are the stories everyone was talking about.
1. New Bill Forces Cybersecurity Responsibility Into the Boardroom
In March, a new bill introduced to the US senate highlighted the fact boards must take responsibility for cyber security. There’s no doubt the topic of cyber security came up in more boardroom meetings this year than ever before. But there’s also no doubt some continue to swerve the topic completely.
In a Microsoft’s statement following WannaCry, President and Chief Legal Officer Brad Smith accepted his employer’s role in the attack before highlighting ‘the degree to which cybersecurity has become a shared responsibility’ – and understandably so. The attack may have exploited a Microsoft vulnerability. But software patches existed. Long before the attack, people had the power to safeguard vulnerable devices.
3. My job is to constantly think about cyber attacks — this is the first time I’ve been truly alarmed
Also on the subject of WannaCry, malware researcher Amanda Rousseau spoke of her shock on seeing how cyber attacks can determine whether someone lives or dies. She ultimately reached the same conclusion as Microsoft’s Brad Smith: cyber security must now be a responsibility shared by technology companies, employers and the people running organisations.
4. The Behavioral Economics of Why Executives Underinvest in Cybersecurity
In a well-researched post, HBR’s Alex Blau revealed why executives underinvest in cyber security and what we can all do to help rectify the situation.
5. Warning to SMEs as firm hit by cyber attack fined £60,000
Far too often, we think of cyber security as an important issue for large organisations only – but the £60,000 fine the ICO handed out to Boomerang Video Ltd in June suggested otherwise. ‘Regardless of your size,’ said ICO enforcement manager Sally Anne Poole ‘if you are a business that handles personal information then data protection laws apply to you.’
6. Human Errors in Cyber Security — A Swiss Cheese of Failures
Erlend Andreas Gjære applies academic research on human fallibility to cyber security before concluding people aren’t always a hazard. When well prepared, Andreas Gjære writes, people can be as much a defence as our technology and processes.
7. GDPR – sorting the fact from the fiction
Following an increase in scaremongering around GDPR, ICO published a guidelines relating to the imminent new law. Amongst their points: fines should not be the concern, consent is not the only way to comply with GDPR and organisations better get a move on to prepare for the regulation.
8. Major cyber-attack will happen soon, warns UK’s security boss
WannaCry – probably the year’s biggest attack – was a category 2 level breach. Technical director of the National Cybersecurity Centre, Ian Levy, predicts a category 1 level incident is just years away. His advice to organizations wishing to prevent such an attack was clear: stop relying on off-the-shelf security solutions and instead work with people to keep data secure.
9. Uber Paid Hackers to Delete Stolen Data on 57 Million People
Towards the end of the year, Uber gave us a lesson in how not to deal with a data breach.
10. The Psychology Of Cyber Security: How Hackers Exploit Human Bias
The human aspect of cyber security garnered more attention than ever in 2017, as more and more people began to see people as a potential defence. In an enlightening article for the Huffington Post, CybSafe founder Oz Alashe discusses the human biases that can can cause cyber attacks – and a simple way we can overcome them.
