In addition, public opinion will pressure governments around the world to introduce tighter data protection legislation, which in turn will introduce new and unforeseen costs. Reform is already on the horizon in Europe in the form of the EU General Data Protection Regulation (GDP) and the already-in-effect Network Information Security Directive. Organizations conducting business in Europe will have to get an immediate handle on what data they are collecting on European individuals, where it's coming from, what it's being used for, where and how it's being stored, who is responsible for it and who has access to it. Organizations that fail to do so and are unable to demonstrate security by design will be subject to potentially massive fines.
"The challenge in 2017 for organizations is going to be two-fold," Durbin says. "First is to keep abreast of the changes in regulations across the many, many jurisdictions you operate in. The second piece is then how do you, if you do have clarity like the GDP, how do you ensure compliance with that?"
"The scope of it is just so vast," he adds. "You need to completely rethink the way you collect and secure information. If you're an organization that's been doing business for quite some time and is holding personally identifiable information, you need to demonstrate you know where it is at every stage in the lifecycle and that you're protecting it. You need to be taking reasonable steps even with your third party partners. No information commission I've spoken to expects that, come May 2018, every organization is going to be compliant. But you need to be able to demonstrate that you're taking it seriously. That and the nature of the information that goes missing is going to determine the level of fine they levy against you. And these are big, big fines. The scale of fine available is in a completely different realm than anyone is used to."
Brand reputation and trust are a target
In 2017, criminals won't just be targeting personal information and identity theft. Sensitive corporate information and critical infrastructure has a bull's eye painted on it. Your employees, and their ability to recognize security threats and react properly, will determine how this trend affects your organization.
"With attackers more organized, attacks more sophisticated and threats more dangerous, there are greater risks to an organization's reputation than ever before," Durbin says. "In addition, brand reputation and the trust dynamic that exists amongst customers, partners and suppliers have become targets for cybercriminals and hacktivists. The stakes are higher than ever, and we're no longer talking about merely personal information and identity theft. High-level corporate secrets and critical infrastructure are regularly under attack, and businesses need to be aware of the more important trends that have emerged in the past year, as well as those we forecast in the year to come."
Sign up for Computerworld eNewsletters.