With 2019’s cyber security challenges tucked away, I wonder just how 2020 will fair? As we all speculate on what the new year’s cyber security encounters will be, I’d like to add mine.
As a very much ’hands on’ CEO of Foresight Cyber Security, I offer a slightly different perspective: focusing on the cyber security domain from an different angle - what small and medium enterprises (SME), a true blood line of all economises, should prepare for in 2020.
My predictions focus on three areas:
Dangers of insecure defaults in technology and services combined with lack of expertise to correct these
Cloud first strategies favoured by SMEs to drive their agility further
Not yet scared of GPRD, but watching how Brexit affect UK based SMEs
Lack of expertise and danger of defaults
I recently helped a friend of mine, a director of a small marketing business, whose Office365 admin account had been compromised and hackers had sent thousands of phishing emails to all her business contacts. It took an enormous effort to wrestle back control of her Office365 account. The root cause was an incorrectly configured account, setup by keeping security settings in their default settings. Microsoft could have done more by setting Office365 subscriptions to ‘secure by default’ settings, especially when it comes to Global Admins in subscriptions for small businesses.
The ‘tyranny of the default’ term was coined by Steve Gibson of GRC (Twitter @sggrc) and presents a real problem for any person or business unaware of security implications of using technology or service of their choice.
Cloud first strategy
Why would SME buy a physical server today? The default, IMHO, should be selecting a suitable Cloud provider. The selection criteria are mostly cost, compatibility with the end-user devices and appropriate fit for their known strategy. I believe, SMEs, lacking negotiation power of large enterprises, will look at cloud providers and ask questions such as:
How is this compatible with my PCs/laptops?
Do I need to buy another licence for Office applications?
Do I need to re-train my people to use Cloud applications?
In my humble opinion, only one cloud provider will prevail – Microsoft. Most small business are likely to buy Windows 10 systems, so it isn’t much of a stretch that they would also move towards Microsoft for their cloud workloads, office productivity tools, and business applications.
GDPR scares (or should do) but does not bite (so hard)
It has been almost 2 years since GDPR has become an enforceable Regulation in the EU. In the context of Brexit, GDPR is not going away for: 1) the UK specific data protection legislation has not changed that much, 2) the EU GDPR is still going to be in the force for companies processing the EU citizens’ personal data, wherever they may operate across the globe.
However, for SMEs the EU directive is somewhat more distant. They think the EU Commission apparatus is not going to care too much about them with regards to discovery and subsequent fines. Perhaps they are correct, at least still in 2020. All will depend on the number and scale of the personal data breaches in 2020. As we saw at the end of 2019, those GDPR related cases were covered in the media more frequently than before. SMES will need to step up…