Virtualization Technology News and Information
Bitglass 2020 Predictions: M&A, Data Privacy, Sophisticated Attacks and Misconfigurations -- Oh My!

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Anurag Kahol, CTO and co-founder, Bitglass

M&A, Data Privacy, Sophisticated Attacks and Misconfigurations -- Oh My!

As security awareness continues to evolve in 2020, so too will cyber criminals' techniques. The days of basic email phishing is approaching its end as computer-savvy individuals increasingly learn to identify signs of traditional phishing attempts. In 2020, phishing schemes will only become more sophisticated. Finally, misconfigurations will continue to be a rampant issue in the new year if businesses fail to obtain visibility and control into all of their cloud footprint.

The number of mergers and acquisitions (M&A) deals to increase in 2020, and if businesses fail to take the proper steps, they will suffer a similar fate to Marriott, Sprint and others. On top of this, ambiguity around CCPA will result in a slow start for enforcement around the law, but companies will quickly adhere to compliance when the first major fine is dealt. CCPA and the discussion of additional state-regulated data privacy regulations will also lead to federal legislators entertaining the idea of a federally-regulated mandate to avoid a patchwork of differing laws.

1.      We will see an increase in the number of M&A deals in 2020. In fact, 79 percent of respondents to Deloitte's M&A trends 2019 report expect the number of deals they close to rise in the next 12 months - up from 70 percent last year. Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest data. Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.    

2.      Ambiguity around CCPA will cause a slow start to enforcement in early 2020; this is made more likely by the fact that several groups are still suggesting changes to the original version of the regulation. In other words, California legislators are not prepared to adequately and consistently enforce the new law. Additionally, many businesses are still unsure about its specific requirements, and are not ready to be in compliance when the regulation goes into effect in January. This is particularly true of small and medium sized businesses that don't have the same amount of resources as larger corporations - it is more challenging for them to discern what they need to do in order to be in compliance. As a result, we will most likely need to wait some extended period of time before we see the first significant fine under the new law; much like GDPR. In fact, it took nearly a year for British Airways to be fined $250 million under GDPR - its breach was reported in September 2018 and the company was not fined until July 2019. Similarly, once the initial lull period that will follow the enactment of CCPA comes to a close, we will see similar, significant fines being given to companies that fail to meet the requirements demanded by the new law.

3.      In 2020, we will see a U.S. federal data privacy law be drafted and considered. This is needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business, and to enable international commerce - facing numerous regulations can be a barrier that keeps foreign businesses from entering a market. Complying with data privacy laws can be a top challenge, particularly for small and medium-sized businesses that lack the same resources as larger companies that are better equipped to navigate all of the regulations with which they are faced. Some of the largest tech firms in the U.S. as well as a group of 51 CEOs have already asked U.S. lawmakers for a federal privacy law.

4.      Threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source - particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.

5.      Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global public cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer's fault through 2025, according to Gartner. Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals. 

In addition to the above, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do. Regardless, companies are gaining confidence - even if it's a false sense of confidence - in their ability to utilize the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.


About the Author

Anurag Kahol 

Anurag Kahol is the CTO and co-founder of Bitglass. As CTO, Kahol seeks to expedite the technology direction and architecture of the company. Previously, he was the director of engineering at Juniper Networks' Security Business Unit.

Published Thursday, October 31, 2019 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2019>