“The Cloud” enters its third decade in 2020 and is now almost universally adopted by most organizations. But boards and senior management are becoming increasingly concerned by the security risks that the cloud brings. Cloud security will be a top IT and organizational risk going into the new decade, alongside compliance with new data privacy regulations, company engagement of business continuity management and the ethics of advanced technologies.
Here are six predictions that I expect will concern most IT and senior management professionals in the coming year.
1. “The Cloud”
The question is not so much whether cybersecurity breaches will occur, but how organizations will step up their efforts to address and manage their cloud risks when they do. High-profile breaches (i.e. Equifax) over the past few years have clearly demonstrated that no organization is immune. In 2020, we will see a tighter focus on cybersecurity diligence around cloud servers. Increased pressure will be put on big cloud providers such as AWS, Google, and Microsoft Edge for tighter security and they will likely respond with increased security measures.
There will also be a heightened awareness of customer use of SaaS products, such as Salesforce, ServiceNow, and WorkDay. Boards and senior management are finally realizing that security is legally their responsibility, not that of the cloud service provider. So if a breach or attack does occur, it’s the company and its senior management that will take the hit. Because of that, it should be top of the agenda when talking with customers – cybersecurity must be treated as a board room issue.
2. Ransomware Attacks
Ransomware attackers have, unfortunately, had a lot of success to date. That’s particularly true in the healthcare industry, where network-connected technology powers a lot of critical equipment (i.e. x-rays, MRIs) as well as patient record systems and billing software. The threats are manifesting faster than the security updates and patches can keep up. Ransomware attackers know that hospitals will pay up because they can’t afford downtime – and recovery from an attack can cost more than paying the ransom. We’ve also seen that municipalities, particularly small to mid-sized cities, are vulnerable for many of the same reasons. So, expect that search for relief from ransomware attacks will gain traction in 2020.
3. Cybersecurity Fatigue
CISOs and IT execs are suffering from “cybersecurity fatigue.” More and more vendors have come to market with “new solutions” for everything cybersecurity-related and the market is growing by the day. CISO’s know that cyber threats are real and present tremendous organizational risks. But what is the best technology to thwart them? New products are generally incremental improvements. That’s what is causing the fatigue. Expect to see CISOs push back against cybersecurity vendors in 2020.
4. New Privacy Laws
We’re in a new era of trust – or rather and lack of trust. Big tech companies are increasingly being scrutinized for privacy blunders or deliberate violations. GDPR led the way last year and in January we will have CCPA in the U.S. There will be further discussions about enacting a privacy law at the federal level in the US. All eyes will be on the presidential and congressional elections to see if there is a repeat of the kinds of privacy issues that occurred in 2016. Expect to hear a lot about it on the campaign trail. China also has privacy laws which will impact many multi-national businesses.
5. Business Continuity Management
The integration of digital transformation and risk management will become even more important in 2020 as advancing technologies create even more risks and concerns for organizations. Stakeholder and boardrooms are placing increased emphasis on business continuity management (BCM) systems that can cope with disasters and other business disruptions. Many organizations have a long history of businesses using paper documents and spreadsheets – which hinders a resilient, fast-to-respond BCM program.
In addition, many companies manage risk by departments rather than as an organization-wide effort. Advanced new BCM software programs offer vast improvements in risk management. Senior management now realizes that BCM needs to be part of the DNA of any organization. Checking compliance boxes doesn’t do any good until everything is integrated in a holistic BCM system.
6. Ethics of Advanced Technologies
Advanced technologies (i.e. artificial intelligence, machine learning) are in many cases developing faster than society’s ability to deal with their ethics. For example – “deep fakes” are manipulated video or audio files produced by sophisticated artificial intelligence that yield fabricated images and sounds that appear to be real. Beyond disinformation, deep fakes have been used in criminal scams such as calling in to a bank impersonating a CEO to request a big wire transfer. We’ve only seen the tip of the iceberg. Expect to see more questions being raised in boardrooms about the legal and ethical risks of advanced technologies in the coming decade.
Business continuity today is heavily dependent on the prudent management of risks in cloud computing, cybersecurity, data privacy and advanced technologies. These technologies are here to stay because they present more benefits than risks. But managers realize the risks can blow up into full-scale disasters if not properly managed – and that they are responsible. So, expect to see them sharpen their focus on BCM and risk going forward.