By Steve Durbin, Managing Director, Information Security Forum

Race for Technology Dominance and Cybercrime Take Center Stage

In the year ahead, organizations must prepare for the unknown, so they have the flexibility to endure unexpected and high impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since innovative attacks will most certainly impact both business reputation and shareholder value.

Based on comprehensive assessments of the threat landscape, businesses must focus on the following security topics in 2020:

• The Race for Technology Dominance
• Cybercrime
  

An overview for each of these areas can be found below:

The Race for Technology Dominance

Technology has changed the world in which we live.  Old norms are changing, and the next industrial revolution will be entirely technology driven and technology dependent.  In short, technology will enable innovative digital business models and society will be critically dependent on technology to function.  Intellectual property will be targeted as the battle for dominance rages. 

Evidence of fracturing geopolitical relationships started to emerge in 2018 demonstrated by the US and China trade war and the UK Brexit. In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize.  This race to develop strategically important next generation technology will drive an intense nation-state backed increase in espionage. The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies.  The UK's exclusion from the EU Galileo satellite system, as a result of the anticipated Brexit, is one example.

New regulations and international agreements will not be able to fully address the issues powered by advances in technology and their impact on society.  Regulatory tit for tat battles will manifest across nation states and, rather than encourage innovation, is likely to stifle and constrain new developments, pushing up costs and increasing the complexity of trade for multinational businesses.

Cybercrime - Criminals, Nation States and the Insider

Criminal organizations have a massive resource pool available to them and there is evidence that nation states are outsourcing as a means of establishing deniability. Nation states have fought for supremacy throughout history, and more recently, this has involved targeted espionage on nuclear, space, information and now smart technology. Industrial espionage is not new and commercial organizations developing strategically important technologies will be systematically targeted as national and commercial interests blur.  Targeted organizations should expect to see sustained and well-funded attacks involving a range of techniques such as zero-day exploits, DDoS attacks and advanced persistent threats.

Additionally, the insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization's critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. 

The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.

A Continued Need to Involve the Board

The executive team sitting at the top of an organization has the clearest, broadest view. A serious, shared commitment to common values and strategies is at the heart of a good working relationship between the C-suite and the board. Without sincere, ongoing collaboration, complex challenges like cyber security will be unmanageable. Covering all the bases-defense, risk management, prevention, detection, remediation, and incident response-is better achieved when leaders contribute from their expertise and use their unique vantage point to help set priorities and keep security efforts aligned with business objectives.

Given the rapid pace of business and technology, and the countless elements beyond the C-suite's control, traditional risk management simply isn't nimble enough to deal with the perils of cyberspace activity. Enterprise risk management must build on a foundation of preparedness to create risk resilience by evaluating threat vectors from a position of business acceptability and risk profiling. Leading the enterprise to a position of readiness, resilience and responsiveness is the surest way to secure assets and protect people.

##

About the Author

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security, digitalization and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.