By Quentyn Taylor, Senior Director of Information Security and Global Response at Canon EMEA (Canon-CNA.com)
How will GDPR regulations present new challenges for cyber security teams?
GDPR legislation for both the UK and Europe has revolutionised the way businesses communicate, secure and store data, as well as holding businesses financially and personally accountable for when they fail to handle data correctly. In fact, GDPR fines hit a total of 97.29 million Euros in the first half of 2022, an increase of 92% over H1 2021 (http://bit.ly/3XotfxU).
This year, there has been an increasing number of fines centred around Article 32 of GDPR, which states that penalties can be enforced if companies have a lack of technical and security measures in place, even if this does not lead to a breach. While the focus will undoubtedly still be on enforcing reactive fines responding to data leaks, in 2023, penalising those that do not have the adequate preventative measures will become increasingly more prominent. Ultimately, legislation has moved faster than many organisations can keep up with, particularly alongside the challenge of managing and executing IT security in a hybrid environment. Next year, regulations will only become tighter, and organisations will be held up to increasingly higher scrutiny.
Where will IT investment be directed in 2023 and how will this impact the execution of security strategies?
Digitisation was critical in the shift to hybrid, and as a result, IT teams have enjoyed relatively high budgets in previous years, while other business functions have been cut. However, now organisations are operating in a different landscape, with rising inflation and the threat of a global recession, many will begin to reassess all their budgets, IT included.
Despite this economic turbulence, security will remain a priority for investment. The threat landscape continues to develop at pace, and with financial and reputational damage attached to security breaches which could make or break some businesses as recession hits, minimising security budgets will be non-negotiable.
Yet, reducing IT budgets while increasing security investments presents a problem when it comes to the execution of this strategy. Fundamental to the success of a security plan, is whether it can be delivered via an operational IT team. Reducing spend for IT will inadvertently open organisations to attack, as security teams will not have the apparatus needed to implement their plans.
As we enter 2023, it is therefore critical for IT security leaders to consider their holistic IT strategy, instead of viewing IT and security as two separate entities.
How will the global economic crisis impact the security industry?
Europe is still in a recovery state from the pandemic, and other macro-economic pressures such as energy shortages and soaring inflation rates are threatening how businesses can invest and grow. The tech industry has ultimately felt the crunch, with 12,000 tech jobs already being lost worldwide (http://bit.ly/3ku9pD7), the market is becoming increasingly more volatile and unpredictable.
Previously, the buoyancy of the tech sector meant many IT professionals were able to find a job by the end of the week if they were let go, but with this safety net removed, we will see cases of insider threat on the rise in 2023. Indeed, in Q3 2022 this peaked to its highest quarterly level to date accounting for nearly 35% (http://bit.ly/3QMKSFn) of all unauthorised access threat incidents. The current tech market conditions leave businesses vulnerable to insider threat, for example, some workers attempt to copy data and utilise it for their next employer. Cyber criminals will exploit this issue as well, by keeping up with current trends in the tech sector, as they are able to implement new strategies that target those who are being laid off.
Organisations must ensure data is secured when employees leave the business, and that it has not been transferred onto personal devices. Yet, according to our recent research, only 18% of IT decision makers say they are able to track information across the full lifecycle. In response, businesses should increase visibility across their data journey, so organisations can identify when employees are printing and sharing information beyond company defences.
Distributed by APO Group on behalf of Canon Central and North Africa (CCNA).
Media enquiries, please contact:
Canon Central and North Africa
APO Group - PR Agency
About Canon Central and North Africa:
Canon Central and North Africa (CCNA) (Canon-CNA.com) is a division within Canon Middle East FZ LLC (CME), a subsidiary of Canon Europe. The formation of CCNA in 2015 was a strategic step that aimed to enhance Canon’s business within the Africa region - by strengthening Canon’s in-country presence and focus. CCNA also demonstrates Canon’s commitment to operating closer to its customers and meeting their demands in the rapidly evolving African market.
Canon has been represented in the African continent for more than 15 years through distributors and partners that have successfully built a solid customer base in the region. CCNA ensures the provision of high quality, technologically advanced products that meet the requirements of Africa’s rapidly evolving marketplace. With over 100 employees, CCNA manages sales and marketing activities across 44 countries in Africa.
Canon’s corporate philosophy is Kyosei (https://bit.ly/2VHJyeU) – ‘living and working together for the common good’. CCNA pursues sustainable business growth, focusing on reducing its own environmental impact and supporting customers to reduce theirs using Canon’s products, solutions and services. At Canon, we are pioneers, constantly redefining the world of imaging for the greater good. Through our technology and our spirit of innovation, we push the bounds of what is possible – helping us to see our world in ways we never have before. We help bring creativity to life, one image at a time. Because when we can see our world, we can transform it for the better. For more information: Canon-CNA.com