By Anurag Kahol, CTO and co-founder, Bitglass
- We will see an increase in the number of M&A deals in 2020. In fact, 79 percent of respondents to Deloitte’s M&A trends 2019 report expect the number of deals they close to rise in the next 12 months – up from 70 percent last year. Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest data. Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.
- Ambiguity around CCPA will cause a slow start to enforcement in early 2020; this is made more likely by the fact that several groups are still suggesting changes to the original version of the regulation. In other words, California legislators are not prepared to adequately and consistently enforce the new law. Additionally, many businesses are still unsure about its specific requirements and are not ready to be in compliance when the regulation goes into effect in January. This is particularly true of small and medium-sized businesses that don’t have the same amount of resources as larger corporations – it is more challenging for them to discern what they need to do in order to be in compliance. As a result, we will most likely need to wait some extended period of time before we see the first significant fine under the new law; much like GDPR. In fact, it took nearly a year for British Airways to be fined $250 million under GDPR – its breach was reported in September 2018 and the company was not fined until July 2019. Similarly, once the initial lull period that will follow the enactment of CCPA comes to a close, we will see similar, significant fines being given to companies that fail to meet the requirements demanded by the new law.
- In 2020, we will see a U.S. federal data privacy law be drafted and considered. This is needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business, and to enable international commerce – facing numerous regulations can be a barrier that keeps foreign businesses from entering a market. Complying with data privacy laws can be a top challenge, particularly for small and medium-sized businesses that lack the same resources as larger companies that are better equipped to navigate all of the regulations with which they are faced. Some of the largest tech firms in the U.S., as well as a group of 51 CEOs, have already asked U.S. lawmakers for federal privacy law.
- Threat actors are always enhancing their current tactics, techniques, and procedures (TTP) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.
- Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global public cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner. Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals.
In addition to the above, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do. Regardless, companies are gaining confidence – even if it’s a false sense of confidence – in their ability to utilize the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.
- Foreign meddling will occur in the 2020 presidential election. The Mueller Report found that Russians have and will continue to interfere in U.S. elections (which is backed by the Senate Intelligence Committee’s findings), while Twitter has already shut down thousands of Iranian-backed disinformation accounts. It has also been proven that voting machines contain security flaws from decades ago, but that we’ve run out of time to find and correct the bugs in these machines before the 2020 election. Due to foreign interference, the hacking of voter registration databases, and the exploitation of flaws in voting machines, there will be even more controversy and concern over the integrity of the 2020 election than there was in 2016. However, this widespread concern should serve as a catalyst for change moving forward – even if it’s too late to make these changes for 2020. There is simply too much at stake to neglect these issues indefinitely. Voters, legislators, and tech providers will need to come together to ensure greater cybersecurity throughout election processes – thereby strengthening the integrity of our democratic system.
About the Author
Anurag Kahol is the CTO and co-founder of Bitglass. His mission is to expedite the technology direction and architecture of Bitglass. Prior to co-founding Bitglass, Kahol served as the director of engineering in Juniper Networks’ security business unit. He received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.