What are the fastest-growing cyber threats to your business?
The Telegraph Business events team caught up with Nigel Houlden, Head of Technology Policy, Information Commissioner’s Office to find out the latest cyber threats and regulations that businesses need to aware of to stay secure online
What do you see as the three new or fastest-growing cyber threats to businesses in 2018?
- IoT vulnerability. Lots of devices with poor to non-existent security will mean Distributed Denial of Service (DDoS) attacks become more prevalent.
- Email scams. The easiest way to get into an organisation is to send staff an email. Eventually someone somewhere will open it. This will either contain ransomware, a phishing scam or high-level (C-level) impersonation.
- Being unaware.The more information you have, the more you can prepare. Far too many companies don’t have sufficient protection against a cyber-attack.
What are the three most important messages all CEOs/board-level executives should take on board in 2018?
- Security isn’t just an IT department issue. It’s a boardroom issue. Senior management teams must understand and support a layered security system. Support for (and enforcement of) policies is vital.
- Allocate proper resources to your cybersecurity systems.
- GDPR is not a box-ticking exercise. By ensuring you are compliant, you will help formulate and enforce your cybersecurity strategy.
What do you think the consequences will be of the GDPR rollout in 2018? Do you think companies will be GDPR-compliant by May 25?
Its considerable focus on new technologies – particularly profiling and automated decision making – reflects the concerns of legislators about the personal and societal effect of powerful data-processing technology.
But it’s an evolutionary process for organizations. May 25 may be the date the legislation takes effect but no business stands still. You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May 2018.
That said, there will be no grace period. We’ve had two years to prepare and will be regulating from this date. But we pride ourselves on being a fair and proportionate regulator and this will continue under the GDPR.
Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider regulatory action.
What more do you think can be done in terms of cross-business and cross-sector collaboration to help improve IT security?
Use the excellent Cyber Security clusters. They share best practice and give great support and advice, as well as organizing talks and presentations.
They also provide opportunities to network with others. The more businesses talk, the more they will understand the threats.