Industry has to improve critical data security measures in 2018 to meet growing malware threats and more stringent privacy control regulations, according to a Forcepoint report released Monday.
The Raytheon [RTN] owned information security company released its annual list of pending security trends, and believes the European Union’s impending implementation of new data control regulations will force corporations to take a proactive approach to avoid fines following significant breaches.
The EU’s General Data Protection Regulation (GDPR) takes effect in May 2018 and gives businesses 72 hours to report a personal data breach impacting an EU resident.
Failing to notify authorities of the breach will result in fines of up 20 million Euros, or four percent of global turnover, depending on which is greater.
“The GDPR may be the first regulation to set the bar so high, but other countries will follow the EU in terms of updating their regulations to match this new standard for data protection.,” wrote Forcepoint in its report.
The regulation will impact global cloud service providers and companies, European or not, charged with handling cross-border transfers of data involving EU residents.
Potential attack vectors to private sector networks in 2018 include exploitation of known vulnerabilities, security misconfigurations, weak authentication practices and poor employee cyber hygiene, according to Forcepoint.
“Examining the flow of the data through an organization is the only scalable defense mechanism, and by looking for and spotting uncommon consumption patterns or the misuse of account credentials on a database, malicious behaviors can be identified,” wrote Forcepoint in its report.
To combat new cyber threats, Forcepoint recommended private sector chief information security officer’s bolster workforce monitoring to cut down insider threats and implement HTTPS inspection and decryption tools to spot unique malware.
The report also pushed cloud administrators take responsibility for their own end-user application rather than rely solely on the provider for data protection services.
"At the heart of our predictions is a requirement to understand the intersection of people with critical data and intellectual property," said Richard Ford, Forcepoint’s chief scientist, in a statement. "By placing cyber-behavior and intent at the center of security, the industry has a fighting chance of keeping up with the massive rate of change in the threat environment."
Forcepoint predicted a continued debate on data privacy as GDPR sets an international standard, and believes industry should focus on transparency initiatives moving forward.
“We know that data leakage and ransomware will continue to be the focus for remediation and prevention, but behavior-centric risks are now behind a multitude of security incidents," said Ford. "People's behavior should not be set in opposition to security: the two are not mutually exclusive. Users have the potential to unintentionally compromise their own systems in one minute and be the source of innovation in the next, but we can only empower users if we truly understand the ways they interact with critical business data.”