There is hope in these uncertain times: with the right planning and execution, businesses can bounce back from what's quickly becoming a global recession and return to good health. It takes the right strategy, a flexible approach and a desire to achieve organizational resilience.

The question is this. Is this skepticism based on fact or as a result of that well-established human trait – resistance to change? In other words, does the convenience offered by a cloud app outweigh potential security threats such as hacking, and how susceptible are SaaS (Software as a Service) cloud apps to attack in the first place? To answer this question, let’s consider Microsoft Office 365, which is one of the most widely used software packages on the planet with more than 27 million consumer users and over 100 million enterprise users.

From a security perspective, we also tend to look at IoT in the wrong way. With every new device, we assume the technology will be vulnerable with a very high risk of compromise. The reality is that most IoT devices have a very low risk individually, but their functionality is what leaves them susceptible.

With security resources and budgets stretched thin to accommodate remote workforces, cybercriminals were quick to capitalize on the increased attack surface and general uncertainty, striking with a 667 percent increase in coronavirus-related cyberattacks. 

“There are only two types of companies: those that have been hacked, and those that will be.” When former FBI Director Robert Mueller spoke those words in 2012, he sounded hyperbolic. Almost a decade later, it seems prophetic.

Due to COVID-19 concerns, many United States Government (USG) personnel must now operate from home while continuing to perform critical national functions and support continuity of government services.

In early June, the California Attorney General filed final CCPA regulations with the California Office of Administrative Law. The final regulations were accompanied by a 59-page Final Statement of Reasons along with six appendices containing over 500 pages of comments on the regulations and the Attorney General’s responses to those comments. One of the many topics that the Attorney General’s office discussed was the final regulation’s requirements for drafting privacy policies. Given that the drafting of a privacy policy is a necessary part of CCPA compliance, it is worth analyzing those comments.

Organizations need to enhance current technical security controls to mitigate against the threat of deepfakes to the business. Training and awareness will also need revamping with special attention paid to this highly believable threat.