Remember meForgot password?
    Log in with Twitter

article imageFrom cyberattacks to privacy issues: Top predictions for 2020 Special

By Tim Sandle     Nov 6, 2019 in Technology
From risks around cloud misconfiguration, to new and emerging threats by hackers, 2020 poses some real dangers to businesses. Chris DeRamus, CTO and co-founder, DivvyCloud provides an insight as to the challenges that next year presents.
So far, 2019 has been challenging for enterprises, with an array of different cyberattacks and data breaches. Some of these issues will continue into 2020 and new threats are likely to emerge. Chris DeRamus, CTO and co-founder, DivvyCloud provides Digital Journal readers with key predictions for 2020.
Cloud misconfigurations
Cloud misconfigurations will continue to cause massive data breaches. As enterprises continue to adopt cloud services across multiple cloud service providers in 2020, we will see a slew of data breaches caused by misconfigurations. Due to the pressure to go big and go fast, developers often bypass security in the name of innovation. All too often this leads to data exposure on a massive scale such as the First American Financial Corporation’s breach of over 885 million mortgage records in May.
Companies believe they are faced with a lose-lose choice: either innovate in the cloud and accept the risk of suffering a data breach, or play it safe with existing on-premise infrastructure and lose out to more agile and modern competitors. In reality, companies can accelerate innovation without loss of control in the cloud. They can do this by leveraging automated security tools that give organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time.
Automation also grants enterprises the ability to enforce policy, provide governance, impose compliance, and provide a framework for the processes everyone in the organization should follow—all on a continuous, consistent basis. Companies can innovate while maintaining security, they simply must adopt the proper cloud strategies and solutions.
Alternative threats on the horizon
As companies continue to invest in new technology, we will see the introduction of new and advanced tactics, techniques, and procedures from malicious third-parties that seek to either exfiltrate critical customer, company, and partner data or even interrupt or disable business operations.
Companies often make the costly assumption that they will be safe from threats just by investing in additional security tools for every new technology or service that they adopt. This piecemeal approach to security is both extremely expensive and inefficient. In fact, since we don’t know what the most pertinent threats will be in a year from now, the best approach is for companies to invest in holistic security solutions that can evolve and scale with a company over time.
IAM is the new perimeter
Everything in the cloud has an identity, and the relationships are complex, so scoping to least privilege or adopting zero trust sounds great, but is really difficult to do. In 2020, security professionals are going to realize that identity and access management (IAM) is an area where they can lose control rapidly, and it is very hard to take back. Approaches and strategies from the datacenter world don’t transfer, and companies need to rapidly invest in the process and in supporting tools (including automation) to stay ahead in this complex landscape.
The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example, a former AWS employee was able to access over 100 million Capital One customers' records by bypassing a misconfigured web application firewall, performing privilege escalation and as a result, obtained access to a swathe of customer information.
Increased caution around M&A deals
Learning from the mistakes of Marriott, companies going through M&A deals in 2020 will prioritize comprehensive evaluations of cybersecurity and risk. Before Marriott acquired Starwood in 2016, it was reported that Starwood suffered a breach of North American customers’ credit and debit card data after threat actors implanted malware on the company’s point-of-sale registers. Eventually, Marriott became aware of its breach of about 383 million Starwood guests’ data when a security tool flagged a database query from an unauthorized user whom had admin privileges.
The company later found out that the intrusion went undetected for four years before Marriott even acquired Starwood, however, Marriott still had to pay more than $120 million to the UK’s Information Commissioner’s Office (ICO) for violating GDPR, and the hotel giant can even face additional punishments from other data privacy mandates, including the soon-to-be-enforced CCPA. While M&A is an important part of many companies’ growth plans, organizations will become increasingly wary of suffering a similar fate as Marriott. In 2020, organizations will place cloud security at the forefront of the M&A process including thorough audits of how the acquisition or merger target is operating cloud services. In a multi-cloud world, companies will need solutions that provide complete visibility across all clouds and cloud services, and an approach to bringing these into their security and compliance posture via automation.
Federal data privacy law on the horizon
With the enactment of CCPA and the introduction of additional ideas for state-regulated data privacy laws across the U.S., all roads point towards the creation of a federal data privacy law. It is highly unlikely that a federal law will be passed in 2020, but it will be likely that Congress prioritizes the idea and begins discussing criteria for such a law.
A patchwork of slightly differing data privacy laws in each state would discourage businesses (especially SMBs) from operating across state borders. Multiple, varying data privacy laws is a thorn in the side for large companies, but devastating for SMBs, and is a turn off for international corporations that have to comply with other mandates such as GDPR as well. CEOs of Amazon, AT&T, Dell, IBM and other companies that comprise the Business Roundtable have already sent an open-letter to Congress asking for a federal data privacy law, and the Internet Association, which boasts Dropbox, Facebook, Reddit, Snap and Uber as members, has also made a push toward a federal law.
More about Cybersecurity, Cyberattack, Hacking, cloud compuitng, Privacy
Latest News
Top News