With 2015 fast approaching Espion predicts some key Information Governance and eDiscovery trends during the coming 12 months.
- Data Protection Will Move From Being “High On” to “Top Of” Boardroom Agendas
Widely expected to be adopted in 2015, the new EU Data Protection Regulation (GDPR), is likely to raise the bar for compliance and could stipulate fines of up to five per cent of global turnover for data breaches. Espion believes 2015 will be the year that organisations can’t afford anything less than making Information Governance top priority.
Expect ample boardroom discussions around understanding and preparing for updated regulation and compliance.
- Medical Matters – Booming Black Market for Personal Medical Data will Spur Mass Outrage
According to recent FBI investigations into stolen data on the black market, medical records are worth ten times more than credit card numbers. If the healthcare industry is set to be rich pickings for hackers, Espion believes consumers will see any risk to their sacrosanct medical history as the tipping-point.
With the Information Commissioner’s Office (ICO), reporting the number of data breaches in the UK healthcare sector has doubled since 2013, any medical records that are wrongly disclosed, maliciously accessed or lost, will putgreater focus and scrutiny on protection of sensitive personal medical data.
- 2015 – A Big Year for Predictive Coding and Smart Analytics
An imminent landmark judgement, which will decide if evidence gathered from Predictive Coding (also known as Technology Assisted Review (TAR)) is permissible in Irish courts, could pave the way for a new frontier in legal technologies.
Since The New York Times infamously forewarned “Armies of Expensive Lawyers, Replaced by Cheaper Software”, Predictive Coding has been a topic shrouded in myths. At this critical juncture Espion believes eDiscovery professionals need to dispel misconceptions that this technology will replace existing methods and demonstrate that TAR can be integrated in a number of other ways to enhance current eDiscovery methodologies.
2015 should be the year for legal stakeholders to cooperate and spearhead transparencies and best practices for the common purpose of advancing the field of discovery for the wider good.
- Internet of Things (IoT) – A New Frontier for those Gathering Evidence
The IoT continues to introduce new levels of interconnectedness which is generating an explosion of new data detailing every aspect of our lives.
Could 2015 be the year when data from your Smartwatch is your “get out of jail”? Already in the US McLeod Law has collected data from a fitness band FitBit, to prove their client is suffering from the effects of an accident in a case around insurance fraud.
- Growth in the Cyber Insurance Market
UK insurers, the Cabinet Office, UK Trade & Investment, Department for Business, Innovation & Skills, and GCHQ, recently pledged to make the UK one of the safest places to do business in cyberspace. They announced a plan to grow the cyber insurance market and improve online security for UK businesses.
According to the 2014 Information Security Breaches Survey, 81 per cent of large businesses and 60 per cent of small business suffered a cyber security breach in the last year and the average cost of breaches to business has nearly doubled since 2013.
The risk to business in the UK and globally is growing with most leading insurance providers offering some form of cyber breach insurance. Espion expects uptake will grow but advises insurance does not negate their duties to address the risks of a cyber attack.
- Dash to Make Payment Facilities Safe – Organisationswill Scramble to Meet Compliance with New Payment Card Industry Standard (PCI DSS) V3.0.
There are just a handful of days until 1 January 2015 deadline, before organisations that store, process or transmit cardholder data with the Visa, MasterCard, American Express, JCB International and Discover logos must start using PCI DSS V3.0 when they validate their compliance.
The Verizon 2014 PCI Compliance Report showed only 11.1 per cent of organisations fully complied with the requirements of PCI DSS, and only one in five organisations came close to complying and passed 95 per cent + of controls. How will they fair 1 January 2015 when V3.0 becomes mandatory?
Organisations will have a little more time to address more rigorous Penetration Testing rules which become mandatory from 1 July 2015. Looking ahead Espion believes the Security Standards Council will continue to follow a strategy of greater emphasis on effective Penetration Testing based on standard methodologies and relevant certifications in future revisions.
- Sophisticated Whaling Scams on Course to Net the Big Fish
Spear phishers are doing their homework, trawling the internet to fact-find and build profiles of senior executives to create highly targeted and plausible scams that even the most cautious of users would find it difficult to spot as non-legit.
With Symantec research revealing a shocking 91 per cent increase in spear-phishing attacks from 2012 to 2013, organisations would be wise to allocate resources to building their human firewall though information security awareness training.
- Windows Server 2003 Refresh the Catalyst for Making Cloud Mainstream
July 2015 has been billed as the most significant ‘refresh’ this century as Microsoft discontinues support for its Windows Server 2003 product. The Cloud Industry Forum predicts as many as 1,000 servers a day will need upgrading in the countdown to the end of support.
Espion believes this could accelerate cloud adoption rates with large numbers of organisations taking the plunge and migrating to the cloud. However latest figures from Eurostat highlight cloud security remains a barrier for CIOs across Europe with the risk of a security breach scoring highest for both large enterprises and SMEs, at 57 per cent and 38 per cent respectively.
- Retail Will Look to Point-to-Point-Encryption (P2PE) to Combat Point-of-Sale Malware
2014 saw one of the largest ever data breaches hit the retailer sector. In the US malware installed on point-of-sale (POS) terminals across 2,200 Home Depot stores syphoned credit cards details of up to 56 million customers. Investigators believe another major breach, at fellow US retailer Target, resulted from malicious software installed on point-of-sale terminals.
With point-of-sale malware now one of the biggest sources of stolen payment cards for cybercriminals Espion believes P2PE will be much more widely adopted by the retail sector in the coming months.
- Sophisticated Monitoring Technologies will become Mainstream
National Institute of Standards and Technology (NIST) describes continuous monitoring as a key component of a comprehensive security plan: one that incorporates proactive automated alerting in conjunction with essential vulnerability management techniques such as regular network and application penetration testing.
With major technology players including Qualys, Tenable and Rapid 7 offering enterprise level solutions to continuously monitor mission critical assets, Espion believes vulnerability management is heading for a paradigm shift where both real-time and periodic deep dive assessments provide invaluable insight to the security posture of your environment.