Email
Password
Remember meForgot password?
    Log in with Twitter

article imageSix key security predictions for businesses for 2020 Special

By Tim Sandle     Oct 27, 2019 in Business
Cybersecurity issues have been on the increase during 2019 and 2020 shows no sign of these slowing down. Indeed, the number of issues facing businesses is actually set to increase, according to Anurag Kahol of Bitglass.
From mergers to new privacy regulations; and from cloud computing and new hacker tactics, businesses are facing an array of different threats to their operations. To understand the key security risks facing enterprises now and into 2020, Digital Journal spoke with security expert Anurag Kahol. Kahol provides some exclusive analysis of what businesses need to sit up and take notice of.
In outlining the six different security predictions for 2020, Anurag Kahol, the CTO and co-founder of Bitglass, dives into:
Increase in mergers and acquisitions
We will see an increase in the number of M&A deals in 2020. In fact, 79 percent of respondents to Deloitte’s M&A trends 2019 report expect the number of deals they close to rise in the next 12 months – up from 70 percent last year. Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest data. Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.
Privacy expert and author Frank M. Ahearn has written a new book called   How to Disappear From Big ...
Privacy expert and author Frank M. Ahearn has written a new book called, "How to Disappear From Big Brother."
courtesy of Frank M. Ahearn
Interpreting the Californian Data Privacy Act
Ambiguity around CCPA will cause a slow start to enforcement in early 2020; this is made more likely by the fact that several groups are still suggesting changes to the original version of the regulation. In other words, California legislators are not prepared to adequately and consistently enforce the new law.
Additionally, many businesses are still unsure about its specific requirements, and are not ready to be in compliance when the regulation goes into effect in January. This is particularly true of small and medium sized businesses that don’t have the same amount of resources as larger corporations – it is more challenging for them to discern what they need to do in order to be in compliance.
As a result, we will most likely need to wait some extended period of time before we see the first significant fine under the new law; much like GDPR. In fact, it took nearly a year for British Airways to be fined $250 million under GDPR – its breach was reported in September 2018 and the company was not fined until July 2019. Similarly, once the initial lull period that will follow the enactment of CCPA comes to a close, we will see similar, significant fines being given to companies that fail to meet the requirements demanded by the new law.
U.S. Federal Privacy Law?
In 2020, we will see a U.S. federal data privacy law be drafted and considered. This is needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business, and to enable international commerce – facing numerous regulations can be a barrier that keeps foreign businesses from entering a market. Complying with data privacy laws can be a top challenge, particularly for small and medium-sized businesses that lack the same resources as larger companies that are better equipped to navigate all of the regulations with which they are faced. Some of the largest tech firms in the U.S. as well as a group of 51 CEOs have already asked U.S. lawmakers for a federal privacy law.
Moscow-based internet security giant Kaspersky has estimated that there are over 1 000 hackers in Ru...
Moscow-based internet security giant Kaspersky has estimated that there are over 1,000 hackers in Russia specialising in financial crime
Kirill Kudryavtsev, AFP/File
Threat actors will new tactics
Threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.
Risks to cloud databases
Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global public cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner. Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals.
In addition to the above, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do. Regardless, companies are gaining confidence - even if it’s a false sense of confidence - in their ability to utilize the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.
Untitled
Thomas Samson, AFP/File
Continued interference by foreign powers
Foreign meddling will occur in the 2020 presidential election. The Mueller Report found that Russians have and will continue to interfere in U.S. elections (which is backed by the Senate Intelligence Committee’s findings), while Twitter has already shut down thousands of Iranian-backed disinformation accounts. It has also been proven that voting machines contain security flaws from decades ago, but that we’ve run out of time to find and correct the bugs in these machines before the 2020 election.
Due to foreign interference, the hacking of voter registration databases, and the exploitation of flaws in voting machines, there will be even more controversy and concern over the integrity of the 2020 election than there was in 2016. However, this widespread concern should serve as a catalyst for change moving forward – even if it’s too late to make these changes for 2020. There is simply too much at stake to neglect these issues indefinitely. Voters, legislators, and tech providers will need to come together to ensure greater cybersecurity throughout election processes – thereby strengthening the integrity of our democratic system.
More about Cybersecurity, Security, Hackers, Hacking, Phising
 
Latest News
Top News