Technical Innovation Increases Cybersecurity Risk
New technologies help revolutionize all industries and the way they conduct business. Simultaneously, it increases blind spots that commonly open the door for exploitation by cybercriminals. As technical innovation rises exponentially, so too will the associated cybersecurity risk. New applications of AI are emerging on both the offensive and defensive side of the coin. AI can be trained to detect sophisticated threats and other anomalous activities, which help reduce the time from infection to detection; however, attackers will also continue to leverage this to their advantage. There are other examples: 5G, the continued fracturing of the xAAS into smaller and smaller constellations of services, and the embedding of increasingly complex technology into the human body. These innovations all create cybersecurity risks that will need to be addressed.
Recommended Supporting Literature: MIT: Studying the Tension Between Digital Innovation and Cybersecurity (Nelson, 2017)
WFH is a New and Forever Challenge
The rapid and often haphazard move to remote working forced by the COVID pandemic only increased the value of hacking susceptible home networks. Much of the precious information that was once ensconced safely behind organizational firewalls and segmented networks have been distributed across countless laptops and mobile devices. Hacking is all too often about finding the weakest link, and home networks are famously outdated, unpatched, and easier to attack. The CFO working from home is far more likely to be a successful target than one protected by twenty years of border security. Many traditionally, on-premises organizations have had to embrace work from home fully. The successful navigation of COVID has proven that public networks can support these needs. As a result, employees have resoundingly embraced the flexibility that WFH provides. Employee expectations will drive the long-term adoption of WFH, and the need to secure these historically uncontrolled home environments will require creative cybersecurity solutions.
Recommended Supporting Literature: Cyber crime – the risks of working from home (Deloitte, 2020)
Cloud Adoption by the Masses
Many historically conservative organizations have finally begun to transition their internal servers and applications to cloud environments. The good news is that most of the mainstay cloud providers have made deep investments into cybersecurity and prioritized it. These security capabilities far exceed most other organizations, and a move to the cloud can improve a company's security maturity. The bad news is that the cloud is just "someone else's computer," and it presents new requirements and responsibilities. The configuration of those solutions can be complicated, particularly when a firm relies on a combination of cloud vendors. Confusion about who is responsible for each part of the security program leads to leaked data, application exploits, and breaches. As time goes on, this is likely to get more and more common, and the demand for assistance will increase.
Recommended Supporting Literature: The COVID-19 crisis as the biggest accelerator for Cloud Computing (Price Waterhouse Cooper, 2020)
Government Response to Cyber Risk is Regulation
When a government is faced with a crisis—regulation is frequently the knee-jerk response. All levels of government have begun to pass laws and regulations to force protection. The pace at which these regulations are released, vetted, and then enforced will increase significantly. While these initiatives have taken a backseat to other issues during the last four years, the next four will likely bring more prescriptive nationwide guidance on breach response and cybersecurity requirements like CMMC. Even large organizations such as Google, Yahoo, and Facebook have requested a clear set of federal guidelines that supersede the myriad state regulations passed or considered.
Recommended Supporting Literature: Defining data protection standards could be a hot topic in state legislation in 2021 (Brumfield, 2020)
Mobile: The Other Shoe to Drop
Many cybersecurity professionals have waited for large-scale attacks on mobile devices for years, but as of 2020, these have yet to materialize. The targets' value is undeniable: millions of endpoints with increasing computational power and deep collections of financial and personal information make for attractive targets. Fortunately, mobile device protections have progressed significantly, and most organizations of any size have some form of mobile device management in place.
Credit also needs to go to the market leader, Apple, who has taken personal privacy and security very seriously in all aspects of their development. This combination has made mobile hacking significantly more complex than workstations. When the devices' distributed nature is considered, mobile has historically been more trouble than it is worth to hackers. That reluctance is likely to fade over time as we see changes in market share by providers, new technical capabilities brought to mobile, and the ever-increasing number of applications that deliver their shortcomings to the phones on which they've been installed.
Recommended Supporting Literature: T-Mobile: The mobile network of the future: what you need to know about cybersecurity, (T-Mobile for Business, 2019)
Brumfield, C. (2020, November). CSO Magazine. Retrieved from CSO Online: https://www.csoonline.com/article/3596147/defining-data-protection-standards-could-be-a-hot-topic-in-state-legislation-in-2021.html
Deloitte. (2020). Cyber crime – the risks of working from home. Retrieved from www.deloitte.com: https://www2.deloitte.com/ch/en/pages/risk/articles/covid-19-cyber-crime-working-from-home.html
Nelson, N. a. (2017). "Studying the Tension Between Digital Innovation and Cybersecurity.". 3rd International Conference on Information Systems Security and Privacy (SIGSEC).
Price Waterhouse Cooper. (2020). PWC Presentation on COVID Cloud Impact. Retrieved from PWC China: https://www.pwc.ch/en/publications/2020/ch-covid-19_client-webcast_cloud-adpotion.pdf
T-Mobile for Business. (2019, June). The mobile network of the future: what you need to know about cybersecurity. Retrieved from https://www.forbes.com/sites/tmobile/2019/06/06/the-mobile-network-of-the-future-what-you-need-to-know-about-cybersecurity/?sh=2aaf207b3998