Pro Installer January 2018 - Issue 58 | Page 44

Business
44 | JANUARY 2018

Business

Read online at www . proinstaller . co . uk

CYBER SECURITY IN 2018

Organised crime groups are stepping up their efforts to gain access to systems and monetise stolen information . Here , David Ferbrache , chief technology officer in KPMG ’ s cyber security practice , highlights cyber security trends we can look out for in 2018 .
1 . Everyone is waiting for 25th May
“ This is the day that the General Data Protection Regulation ( GDPR ) comes into force . Most firms have taken time to understand what GDPR may mean for them , and in many cases have reviewed ( or even partially disposed of ) their holdings of personal data . It is far harder to predict quite how sanctions under GDPR will be applied by the various regulators . We can expect a few high-profile examples to be made early on , but perhaps not the tsunami some expect . Nevertheless , privacy rights are on the agenda .
2 . Criminals will hunt out the weak points
“ Organised crime groups will be increasingly creative on monetising stolen information and accessing systems . We can expect more attempts to initiate fraudulent payment transactions ( often with social engineering elements ), as well as ongoing interest in our core financial infrastructure including payment and trading platform gateways .
3 . Governments will continue to block and tackle cybercrime
“ As criminals industrialise cyber-attacks using crime as a service model to rent attack tools and ransomware , governments are increasingly looking for ways to disrupt the infrastructure used by criminals . Closer links with telcos and service providers are being built along with the operational processes needs to block sites hosting malware , detect and counter phishing attacks . Community measures linked to improved intelligence sharing will start to make a difference .”

Security can no longer engage at the end of development cycles

4 . A new model of cyber security will emerge
“ As firms invest more in cloud computing , a new model for cyber security is emerging . Increasingly , firms can look to cloud providers to embed good IT security , but firms still own the problem of setting their requirements and determining just who can access what . Security can no longer engage at the end of development cycles , and if it does , it risks being seen as a blocker rather than an enabler .”
5 . Automation of controls and compliance will be the order of the day
“ Firms are coming under pressure to contain their burgeoning cyber security budgets . Manpower intensive compliance processes are beginning to give way to continuous testing and controls monitoring , helping firms build a more accurate picture of their IT estate – helping the CIO as well as the CISO . The growing demand for supply chain security and third-party assurance will also lead to a burgeoning industry of testing firms offering risk scoring and testing services for those third parties .”
6 . Digital channels will demand customer centric security
“ Digital channels are becoming more and more sophisticated demanding new consumer identity and access management approaches , dynamic transaction risk scoring and fraud controls , and an emphasis on usable non-intrusive security measures which don ’ t impact the consumer ’ s experience . Open Banking and the arrival of Payment Services Directive 2 will drive richer interactions between a new ecosystem of payment service providers and the banks who handle our money .
7 . The internet of insecure things continues
“ Criminal groups continue to exploit insecure ‘ internet of things ’ devices as sources of attack traffic for denial of service attacks , leading to more and more extortion attacks but also an increasingly sophisticated response from the international community involving telcos , content delivery networks and Distributed Denial of Service ( DDoS ) mitigation firms . Unfortunately , this response won ’ t be consistent globally , and many nations may find themselves vulnerable to these attacks which will cause major disruption in 2018 .”
8 . The shadow of state activity lengthens
“ As countries invest to develop their cyber espionage and offensive capabilities , we will see more signs of their activities . Disclosures of high end techniques used by nations will continue , fuelling the opportunistic re-purposing of these vulnerabilities by less
sophisticated states and organised crime groups . Expect more evidence of industrial control system attack tools being tested as states explore the potential of this new form of warfare .”
9 . Resilience and speed matters
“ Regulators are focussing on resilience – the ability of an organisation to anticipate , absorb and adapt to disruptive events – whether cyber-attack , technology failure , physical events or collapse of a key supplier . Exercises and playbooks are in fashion as firms try to build the muscle memory they need to respond to a cyber-attack quickly and confidently , while cyber insurance is finding its place not just as a means of cost reimbursement but as a channel for access to specialist support in a crisis .”
KPMG is a global network of professional firms providing audit , tax , and advisory services .

BUSINESSES ARE MISSING OUT

Research from the Federation of Small Businesses has shown that the impact of late payments on SME ’ s and the self-employed is crushing . The research has shown that the issue causes more than 35 % of small businesses to run into cashflow difficulties
while more than 30 % have been forced to use their overdraft facilities .
At the more extreme end of situations , cashflow issues can and do cause businesses to fail . The FSB estimates that this single issue has caused more than 50,000 businesses to close annually .
Despite most small businesses being savvy about cashflow , the majority of late payments ( 84 %) to small businesses and the self-employed are more than two weeks late , with an average delay of about six weeks . It ’ s worth being aware that large businesses
are the most likely to pay late – 61 % of late payments are from large , private firms .
Regency Factors , one of the UK ’ s oldest and most established independent invoice finance companies , has found that late payments have caused its

able to support clients through hard times

clients to use its facilities on an increasing basis .
A spokesperson said : “ We have been able to support
clients through hard times , allowing them to concentrate on their business , not just their cashflow as clients know that they will receive payments for their invoices immediately , allowing growth .”
www . regencyfactors . co . uk