What is the state of the cybersecurity industry and practice today? Recent surveys and analysis provide fresh insights, from senior management and board of directors not taking cyber threats seriously enough, IoT and mobile security deficiencies, the perennial cybersecurity skills shortage, new types of attacks on consumers and businesses, and the increasing threat of a global cyber war.
These old and new cybersecurity challenges make 2018 yet another year of “more of everything.” But it will also be the year in which the fact that security and privacy are two sides of the same coin will be reinforced, driving significant changes in cybersecurity practices. In “60 cybersecurity predictions for 2018” I wrote, “Like death and taxes, there are only two safe predictions about cybersecurity in 2018: There will be more spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect on May 25.” ESG’s Jon Oltsik wrote today: “Data privacy officers and CISOs should re-investigate whether they are truly ready for GDPR. If your organization doesn’t have automated and auditable processes to find, delete, and verify data erasure at scale, the answer is definitely, ‘no.’”