Crystal ball predictions from Bitglass

In a sweeping assessment of data security during 2020, Anurag Kahol, CTO and co-founder of Bitglass, the Next-Gen CASB company, cautions organisations ranging from small to medium businesses to enterprises that a broad spectrum of challenges lie ahead.

His predictions follow:

  1. We will see an increase in the number of mergers and acquisition (M&A) deals in 2020. In fact, 79 percent of respondents to Deloitte’s M&A trends 2019 report expect the number of deals they close to rise in the next 12 months – up from 70 percent last year.

Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest data. Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.

2. In 2020, we will see a U.S. federal data privacy law be drafted and considered. This is needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business, and to enable international commerce – facing numerous regulations can be a barrier that keeps foreign businesses from entering a market.

Complying with data privacy laws can be a top challenge, particularly for small and medium-sized businesses that lack the same resources as larger companies that are better equipped to navigate all of the regulations with which they are faced. Some of the largest tech firms in the U.S. as well as a group of 51 CEOs have already asked U.S. lawmakers for a federal privacy law.

3. Threat actors are always enhancing their current tactics, techniques and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised.

Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.”

 

4. Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020.

Gartner forecasts that global public cloud revenue will reach $US249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner.

Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals.

In addition, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do.

Regardless, companies are gaining confidence – even if it’s a false sense of confidence – in their ability to utilise the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.

5. Foreign meddling will occur in the 2020 US presidential election. The Mueller Report found that Russians have and will continue to interfere in U.S. elections (which is backed by the Senate Intelligence Committee’s findings), while Twitter has already shut down thousands of Iranian-backed disinformation accounts.

It has also been proven that voting machines contain security flaws from decades ago, but that we’ve run out of time to find and correct the bugs in these machines before the 2020 election. Due to foreign interference, the hacking of voter registration databases, and the exploitation of flaws in voting machines, there will be even more controversy and concern over the integrity of the 2020 election than there was in 2016.

However, this widespread concern should serve as a catalyst for change moving forward – even if it’s too late to make these changes for 2020. There is simply too much at stake to neglect these issues indefinitely. Voters, legislators, and tech providers will need to come together to ensure greater cybersecurity throughout election processes – thereby strengthening the integrity of our democratic system.