Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Cory Cowgill, CTO, Fusion Risk Management
Top Six Security Concerns for the New Year
Cory Cowgill, CTO, Fusion Risk Management, sees cloud
security as a top risk-management concern for organizations in 2020, along with
compliance with new data privacy regulations, company engagement of business
continuity management and the ethics of advanced technologies.
His predictions:
1) More security scrutiny on cloud services
In 2020 we will see a continuation of the evolution in cloud
security and how companies are stepping up their efforts to address their cloud
risks. In the wake of several high-profile breaches, i.e. Equifax, we are
going to see a tighter focus on cybersecurity diligence regarding cloud
servers. Organizations will put pressure on big cloud providers such as AWS,
Google and MS Edge for tighter security and they will likely respond with
increased security measures. But there is also a heightened awareness of
customer use of SaaS products, such as Salesforce, ServiceNow and WorkDay.
Increased scrutiny will come because - and this is the punchline - security is
legally the responsibility of the customer, not the cloud service provider. That's
been a big wake up lately for some companies who assumed cloud or cybersecurity
providers were responsible. It's one of the very first things we talk about
with our customers - cybersecurity is a board room issue.
2) Heightened vigilance and search for protection
from ransomware
The search for relief from ransomware attacks will gain
traction in 2020. Ransomware attackers continue attacking because they have,
unfortunately, had a lot of success to date. That's particularly true in the
healthcare industry, where network-connected technology powers a lot of
critical equipment (i.e. x-rays, MRIs) as well as patient record systems and
billing software. The threats are manifesting faster than the security updates
and patches can keep up. Ransomware attackers know that hospitals will pay up
because they can't afford downtime - and recovery from an attack can cost more
than paying the ransom. We've also seen that municipalities, particularly small
to mid-sized cities, are vulnerable for many of the same reasons.
3) Cybersecurity fatigue
Because of all the threats, there's a huge market for
cybersecurity products and it is growing by the day. We are already seeing CISOs
and IT execs suffering from cybersecurity fatigue as more and more vendors come
to market with "new solutions" for everything. In some cases, it's causing as
much heartburn for CISOs as the cyber threats are. Yet in general, the new
products are generally incremental improvements. Expect to see some push-back
against vendors by CISOs in 2020.
4) Privacy laws and the 2020 elections
We're in a new era of trust - or
rather and lack of trust. Big tech companies are increasingly being scrutinized
for privacy blunders or deliberate violations. GDPR led the way last year and
in January we will have CCPA in the U.S. There will be further discussions
about enacting a privacy law at the federal level in the US. All eyes will be
on the presidential and congressional elections to see if there is a repeat of
the kinds of privacy issues that occurred in 2016. You will hear a lot about it
on the campaign trail. China also has privacy laws which impact many
multi-national businesses.
5) Business Continuity Management will be big focus
for risk and IT pros.
We will see the continued
integration of digital transformation and risk management. Stakeholder and
boardrooms are placing increased emphasis on Business Continuity Management (BCM)
systems that can cope with disasters and other business disruptions. There's a
long history of businesses using paper and spreadsheets and managing risks in
silos - all of which thwarts a resilient, fast-to-respond BCM program. With all
the cyber and ransomware threats mentioned earlier, BCM needs to be part of the
DNA of any organization. Checking compliance boxes doesn't do any good until
everything is integrated in a holistic BCM system.
6) Increased scrutiny on the ethics of advanced
technologies
Expect to
see more questions about the legal and ethical risks of how people's data is
processed by advanced technologies like artificial intelligence and machine
learning. Some of these technologies are developing faster than society's
ability to deal with their ethics. For example - "deep fakes" are manipulated
video or audio files produced by sophisticated artificial intelligence that yield
fabricated images and sounds that appear to be real. Beyond disinformation,
deep fakes have been used in criminal scams such as calling in to a bank
impersonating a CEO to request a big wire transfer. We've only seen the tip of
the iceberg.
Conclusion
Cloud computing, cybersecurity, data privacy, company engagement of business
continuity, and advanced technologies will continue to present interconnected
threats (as well as benefits) to organizations, and senior managers will need
to sharpen their focus on risk management, as they are ultimately responsible.
##
About the
Author
As CTO, Cory Cowgill is responsible for research and development, customer engagement, operations and security, and go-to-market initiatives. With a background in enterprise software development spanning multiple industries, Cowgill leads with a dedication to technology and risk management. Cory received his Bachelor of Computer Science from Western Illinois University and has multiple certifications including Salesforce System Architect and Application Architect, Amazon Web Services Solution Architect, and Cloud Security Alliance CCSK. He has presented at Dreamforce (the world’s largest enterprise software conference) eight times and is a member of the Salesforce MVP Hall of Fame.