By Cory Cowgill, CTO, Fusion Risk Management

Top Six Security Concerns for the New Year

Cory Cowgill, CTO, Fusion Risk Management, sees cloud security as a top risk-management concern for organizations in 2020, along with compliance with new data privacy regulations, company engagement of business continuity management and the ethics of advanced technologies.

His predictions:

1)     More security scrutiny on cloud services

In 2020 we will see a continuation of the evolution in cloud security and how companies are stepping up their efforts to address their cloud risks. In the wake of several high-profile breaches, i.e. Equifax, we are going to see a tighter focus on cybersecurity diligence regarding cloud servers. Organizations will put pressure on big cloud providers such as AWS, Google and MS Edge for tighter security and they will likely respond with increased security measures. But there is also a heightened awareness of customer use of SaaS products, such as Salesforce, ServiceNow and WorkDay. Increased scrutiny will come because - and this is the punchline - security is legally the responsibility of the customer, not the cloud service provider. That's been a big wake up lately for some companies who assumed cloud or cybersecurity providers were responsible. It's one of the very first things we talk about with our customers - cybersecurity is a board room issue.

2)     Heightened vigilance and search for protection from ransomware

The search for relief from ransomware attacks will gain traction in 2020. Ransomware attackers continue attacking because they have, unfortunately, had a lot of success to date. That's particularly true in the healthcare industry, where network-connected technology powers a lot of critical equipment (i.e. x-rays, MRIs) as well as patient record systems and billing software. The threats are manifesting faster than the security updates and patches can keep up. Ransomware attackers know that hospitals will pay up because they can't afford downtime - and recovery from an attack can cost more than paying the ransom. We've also seen that municipalities, particularly small to mid-sized cities, are vulnerable for many of the same reasons.

3)     Cybersecurity fatigue

Because of all the threats, there's a huge market for cybersecurity products and it is growing by the day. We are already seeing CISOs and IT execs suffering from cybersecurity fatigue as more and more vendors come to market with "new solutions" for everything. In some cases, it's causing as much heartburn for CISOs as the cyber threats are. Yet in general, the new products are generally incremental improvements. Expect to see some push-back against vendors by CISOs in 2020.

4)     Privacy laws and the 2020 elections

We're in a new era of trust - or rather and lack of trust. Big tech companies are increasingly being scrutinized for privacy blunders or deliberate violations. GDPR led the way last year and in January we will have CCPA in the U.S. There will be further discussions about enacting a privacy law at the federal level in the US. All eyes will be on the presidential and congressional elections to see if there is a repeat of the kinds of privacy issues that occurred in 2016. You will hear a lot about it on the campaign trail. China also has privacy laws which impact many multi-national businesses.

5)     Business Continuity Management will be big focus for risk and IT pros.

We will see the continued integration of digital transformation and risk management. Stakeholder and boardrooms are placing increased emphasis on Business Continuity Management (BCM) systems that can cope with disasters and other business disruptions. There's a long history of businesses using paper and spreadsheets and managing risks in silos - all of which thwarts a resilient, fast-to-respond BCM program. With all the cyber and ransomware threats mentioned earlier, BCM needs to be part of the DNA of any organization. Checking compliance boxes doesn't do any good until everything is integrated in a holistic BCM system.

6)     Increased scrutiny on the ethics of advanced technologies

Expect to see more questions about the legal and ethical risks of how people's data is processed by advanced technologies like artificial intelligence and machine learning. Some of these technologies are developing faster than society's ability to deal with their ethics. For example - "deep fakes" are manipulated video or audio files produced by sophisticated artificial intelligence that yield fabricated images and sounds that appear to be real. Beyond disinformation, deep fakes have been used in criminal scams such as calling in to a bank impersonating a CEO to request a big wire transfer. We've only seen the tip of the iceberg.

Conclusion

Cloud computing, cybersecurity, data privacy, company engagement of business continuity, and advanced technologies will continue to present interconnected threats (as well as benefits) to organizations, and senior managers will need to sharpen their focus on risk management, as they are ultimately responsible.

##

About the Author

As CTO, Cory Cowgill is responsible for research and development, customer engagement, operations and security, and go-to-market initiatives. With a background in enterprise software development spanning multiple industries, Cowgill leads with a dedication to technology and risk management. Cory received his Bachelor of Computer Science from Western Illinois University and has multiple certifications including Salesforce System Architect and Application Architect, Amazon Web Services Solution Architect, and Cloud Security Alliance CCSK. He has presented at Dreamforce (the world’s largest enterprise software conference) eight times and is a member of the Salesforce MVP Hall of Fame.