McAfee predicts that personal data and privacy demands will dramatically change the security and cyber crime landscape in the next five years.
The growth of the ‘Internet of Things’ will significantly alter the volume and types of personal information gathered and stored. Where information commonly held currently includes a person’s name, address, phone number, email address and some purchasing history, new data stored will include other, more intrusive, information, such as:
- your frequently visited locations;
- what you eat, watch and listen to;
- your weight, blood pressure and prescriptions;
- your sleeping habits, daily schedule and exercise routine.
“This combined information represents the digital exhaust that will become a mainstay and unavoidable by-product of modern life”, McAfee says.
A new breed of cyber criminal
The growing value of personal data is creating a new type of cyber criminal. Leveraging advances in big data technology, criminals will be able to verify your identity, such as your identity or Social Security number, birth date, the last four digits of your credit card, or answers to typical security questions.
These hair-raising predictions are why, we hope, tougher European privacy legislation has recently been introduced, and why the GDPR will impose extremely strict penalties on organisations that choose to ignore data security best practice when it comes into force in early 2018.
Companies will need to adjust to these growing pressures while remaining competitive and adapting to technological advancements.
An overbearingly restrictive cyber security regime is the last thing any CEO wants to be burdened with. In order to grow and remain competitive, companies need to embrace the power that new technologies provide, but at the same time reduce the risks that are associated with introducing these new technologies.
Adopt a risk-based approach to information security
That’s why the international information security standard, ISO 27001 recommends organisations adopt a risk management approach to demonstrating due care in information security.
ISO 27001 and ISO 27002 provide the full framework for developing an information security management programme – not just a set of controls – tailored to an organisation’s particular risk appetite and circumstances. It includes a recommended set of controls that organisations may consider, in addition to providing guidance on effective risk management for information security. That’s why ISO 27001 is now the globally accepted standard for managing information security as a risk discipline.
Find out how IT Governance can help you implement an ISO 27001-compliant ISMS with a range of cost-effective implementation options suitable for any business requirement.