A Quick Summary of Recent Trends & Developments That Businesses and Law Firms Should Know

“Nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack.”

Cybersecurity Spending Soaring:

According to market research firm Gartner, global spending on information security is expected to reach nearly $87 billion in 2017 — an increase of around 7 per cent over 2016 – and is expected to top $113 billion by 2020.  Also according to Gartner, by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today.

2016 a Record Year for Data Breaches:

According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches last year, a 40 percent increase from 2015. The bad news is that record will likely be surpassed in 2017.

Government Under Continuous Cyber-attack:

According to 2017 Thales Data Threat Report, Federal Edition 34 percent of United States federal government agencies suffered a data breach in 2016. A report from the Office of Management and Budget says federal agencies reported 30,899 cybersecurity incidents to the Department of Homeland Security‘s U.S. Computer Emergency Readiness Team during fiscal year 2016

US Cyber Command to a Formal Military Command:

President Trump announced this month that he is formally elevating the US Cyber Command into a combatant command within the US military, and that it will be exclusively focused on fighting cyber wars. “The United States Army Cyber Command directs and conducts integrated electronic warfare, information and cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to our adversaries”.

Trump Budget Requests $967M for FY 2018 DHS Cybersecurity Operations:

DHS’s cyber budget will get a significant boost in spending in 2018. The federal government’s FY 2018 begins Oct. 1. Also ,DHS related, House Homeland Security Committee Chairman Michael McCaul (R-Texas) will be introducing a cyber reorganization bill next week would replace DHS’s National Protection and Programs Directorate (NPPD) with a new operational agency to handle cyber.

NIST Reveals Draft of Cybersecurity Framework:

New proposed provisions include assessing the cybersecurity risk posed by third-party vendors and a new focus on measuring the cost effectiveness of cybersecurity programs.

Check it out: http://csrc.nist.gov/publications/drafts/nistir-8170/nistir8170-draft.pdf

Cyber Hygiene Legislation Introduced:

Cybersecurity legislation ( HR3010) called “Promoting Good Cyber Hygiene Act of 2017”  was recently introduced that will mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the department of Homeland Security (DHS) to establish baseline best practices for industry. This legislation will help establish best practices for good cyber hygiene, authentication, and cooperation.

Majority of Companies Get Failing Grades on Cybersecurity Performance:

According to a new study from Thycotic, in its first annual 2017 State of Cybersecurity Metrics Report, 58 percent of respondents scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

Small Business Especially Vulnerable to Cyber-attacks:

Rep. Steve Chabot (R-Ohio), the House Small Business Committee chairman, told Bloomberg BNA March 9 that small businesses feel post-data breach fallout more strongly than large companies. He said  “nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack.”

The EU’s General Data Protection Regulation takes effect on 25 May 2018:

According to DataIQ the reforms consist of two instruments:

The General Data Protection Regulation  (GDPR) which is designed to enable individuals to better control their personal data. It is hoped that these modernized and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust.

The Data Protection Directive: The police and criminal justice sectors will ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time more harmonized laws will also facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.

Health Sector in Urgent Need of Cybersecurity:

A new report put together by Michigan State University says almost 1,800 cyber-attacks occurred in hospitals across the US over a seven-year period, but only 68 percent of these breaches were reported to the government. The report examined Department of Health and Human Services (HHS) data for the period between October 2009 and December 2016. The recent “WannaCry”  ransomware attack demonstrated the vulnerability of hospitals and the health sector.

Be Careful Downloading Videos:

The security firm Check Point discovered a security flaw that allows hackers can hide computer viruses in online video subtitles and use them to take control of computers. The attacks are embedded within the subtitle files that accompany many illegally downloaded films, and easily bypass security software and antivirus programs designed to keep computers safe.

Also available on High Performance Counsel