CDOs have a lot on their plate. In 2020, security will take up a big part of their concern.
Many saw this as the job of CISOs. But in the new year, they will need to contend with sophisticated ransomware infringing their digital ambitions, new vulnerabilities curtailing emerging tech adoption, and ensuring security by design in inhouse and external offerings.
Below are some areas that CDOs need to be aware of in the next 12 months.
It’s a Plane…
Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.
In 2020, we will see hackers trying to pry on what drones know, said Lavi Lazarovitz, group research manager at Cyberark. The information can be vital for intelligence gathering, government control, corporate espionage, and more. It also means CDOs need to consider a security framework when introducing drones.
“Organizations need to consider who has the ability to control the drone’s activities, what information the drone is storing, how access to that information is being managed and monitored, and ultimately who owns responsibility for securing it,” Lazarovitz explained.
Ransomware Grows Up
You cannot deny the devastating impact ransomware has had on corporate thinking.
“On the dark web, ransomware is fueling the rise of a burgeoning market that makes it quick and easy for cybercriminals to gain remote access to corporate systems,” said Ravi Rajendran, vice president and managing director of Asia South Region at Veritas.
It will only get worse in 2020. Rajendran noted that threat actors will widen their attack to include outside contractors, freelancers, partners, and approved vendors. This makes it a CDO problem.
Governments are starting to offer some help. In Singapore, the high-level Public Sector Data Security Review Committee (PSDSRC) recommended the annual publication of policies and standards for personal data protection to improve transparency.
It makes personal data protection a CDO responsibility. “Very soon, data responsibility won’t just be for internal consumption. It will be how organizations do business and choose who they work with,” said Rajendran, who lauded the government move.
CDOs also need to care about how well their organization restores backup data. “What we are seeing is interest in restore success, and especially restore speed,” said Dave Russell, vice president for enterprise strategy at Veeam.
Why? The reason is that companies need to be prepared to restore 100% of their data quickly during a ransomware attack. In the past, a typical company only restored 2-3% of their backup data.
CyberArk’s Lazarovitz sees a “butterfly effect” with ransomware, and it impacts every environment that CDOs work in.
“Wanting access to a greater diversity of systems, including cloud environments and containers, we’ll begin to see innovation in ransomware that focuses more on Linux to take broader advantage of digital transformation trends,” he forecasted.
Cyber insurance will see a boom as companies look to mitigate financial loss. But Lazarovitz noted that this may play into the hands of threat actors.
“Attackers will target organizations with cyber insurance because of the high likelihood of getting paid. This is because insurance companies weighing the cost benefits of a payout will often choose to do so if the cost of the ransom is less than the cost of downtime needed to rebuild a network,” he explained.
Meanwhile, legacy technology will get back into fashion as ransomware creators attack backup data to increase the chances of being paid. Veeam’s Russell already see tapes being used as they are “portable, air-gapped and ejectable.”
Biometrics Bubble Bursts
2019 was the year biometric authentication became mainstream. Using your face for purchases and using devices is already a consumer normal. But there is a catch.
“While it’s true that biometric authentication is more secure than traditional, key-based authentication methods, attackers typically aren’t after fingerprints, facial data, or retinal scans. Today, they want the access that lies behind secure authentication methods,” Lazarovitz commented.
For CDOs, this reframes authentication into a CDO matter. For example, if a threat actor can steal the network authentication token, all bets are off.
“That token, if compromised by attackers, can allow them to blaze a trail across the network, potentially gaining administrative access and privileged credentials to accomplish their goals – all while masquerading as a legitimate, authenticated employee,” Lazarovitz added.
Quantum Decryption and 5G Hacks
CDOs may be looking forward to a quantum computing reality, but threat actors may be the ones celebrating first. It is because quantum computing will make many of our current encryption techniques obsolete, making current encrypted data vulnerable.
In the new year, threat actors will prepare for this inevitability. “2020 will see increases in encrypted communications and encrypted data stolen by hackers as they stockpile information waiting for the tools to unlock it. So, in effect, quantum breaches will have already happened, long before the computing power comes to fruition,” said Rana Gupta, APAC vice president for cloud protection and licensing activity at Thales.
Meanwhile, 5G will add new security concerns for CDOs as they look to maximize its benefits. “However, in their rush to beat the competition, security will be an afterthought as opposed to being a forethought. The end result will see 2020 as a record-breaking year for cyberattacks on connected devices and recognition for privacy and security regulations at the federal level,” said Gupta.
CDOs will need to scrutinize how their development teams handle data, as they start to insource development or drive innovation within their companies. “You need to be constantly scrubbing or using data masking on personally identifiable information,” Veeam’s Russell said, adding that such processes may sometimes slow down data access.
The shift toward faster and more agile development may also create hidden vulnerabilities. For example, Russell argued that the adoption of agile methodology means “we lose some of the institutional learning or best practices that have been hardened over multiple decades.”
“Then, having the right Scrum Masters becomes critical,” said Russell. But, as CDOs know, finding them is a huge struggle.
Everyone is a CISO
These trends make security a CDO responsibility, especially from 2020 onwards.
“It is like building a house. You can get contractors who will get subcontractors. But the person who is ultimately impacted by the decisions is the owner. So, security becomes everyone’s responsibility. It may not be in your title or your job description, but if you have anything to do with the data, it is in your purview,” said Veeam’s Russell.
This is a syndicated post. Read the original post at Source link .