As a result of vulnerabilities across many businesses’ security strategies, data breaches dominated the headlines in 2018, but according to Ensighten’s recent research, there’s still many more on the horizon. 46 per cent of enterprises believe they’re on the brink of a data breach and with hackers finding new ways to steal data, brands should ensure no stone is left unturned when it comes to website security in 2019.
For brands to better understand the trends which will shape the year ahead and the website security threats they should be aware of, TechRadar Pro sat down with Ensighten’s Chief Revenue Officer Ian Woolley.
What’s the state of play when it comes to website security?
Despite data breaches saturating the media this year and the urgency they have placed on businesses to address data vulnerabilities, most business leaders are only now starting to realise the true impact a website breach can have - from the financial and reputational risks to the potential job losses.
As many businesses are still in the education phase of data governance when it comes to understanding how and why breaches occur, we will start to see more brands scramble to protect themselves as they identify the real threats lurking beneath their website supply chain. As a result, once the picture of where websites are vulnerable becomes clearer, we’ll see more investment move towards thorough data governance. However, with some businesses likely to have this revelation late, we’ll see more legacy hacks and leaks come to the fore.
Will there be any changes to regulation?
Regulation was a hot topic in 2018 spurred on by GDPR coming into force and it will continue to dominate conversation in 2019 as other global policies such as the California Consumer Privacy Act (CCPA) play out. The challenge we’ll see for global organisations is managing the nuances of regional data practices simultaneously.
Technology will help companies navigate this, but as we’ve seen with GDPR there are various interpretations of what regulation means. As such, many businesses may opt to employ the strictest data practices and processes companywide to avoid potential slip ups and penalties.
How will hackers evolve in 2019 - will they find new ways to trip up businesses?
Many businesses fear that hackers will leverage AI to unlock new ways to infiltrate websites and apps at scale. They’re right to be concerned. With every hack, hackers learn more and become more sophisticated. We may see video and audio manipulated to fool consumers but AI will most commonly be used to configure and learn defense tools to inform future breaches or to bypass more advanced security implementations altogether.
While many industry commentators focus on how hackers will evolve, a lot of criminals will still prey on businesses that don’t have the basics covered, for example overlooking unauthorised third-party technologies running on websites. This will be the main cause of breaches and leaks throughout 2019.
As we’ve seen with the rise of the hacker group Magecart, there is also a growing trend of groups taking credit for their crimes. As hackers look to carry out bigger and more damaging assaults on businesses, especially e-commerce brands, we will see more named attacks in 2019.
Finally, how will businesses evolve to tackle the growing threats of website security?
As many website hacks highlighted in 2018, one of the core causes is problems with third-party technologies. Via chat boxes, form fill and unapproved third-party tags on a website, criminals can gain access to customer data - sometimes even without the organisation’s knowledge. The challenge is that marketers are generally in charge of this data but haven’t necessarily been accountable for the protection and security of this data. In 2019, businesses will view security more holistically. To do this, companies will look to bring more senior security talent in-house to navigate the new data landscape and regain control, rather than outsourcing security to multiple vendors.
But this will squeeze an already limited pool of skilled professionals. With lack of talent available, we will likely also see a shift in the role of the marketing team – businesses will put more onus and investment in upskilling marketers so that they have a marketing security remit. At a more senior level, we’ll see the CMO and CISO start to work more closely to mitigate security vulnerabilities.
2018 has been a learning curve. New data regulation has revealed issues that many companies were not even aware of. This, in the long term, is a good thing for data owners and also their customers. However, businesses are still in the process of addressing the security of their data and this will continue to trip up organisations in 2019. Constant and thorough data governance will be a core requirement next year – brands that neglect to put the right processes, technology and people in place will pay the price.
Ian Woolley, CRO of Ensighten