No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

10 Corporate Cybersecurity Predictions

What You Need to Know for 2019 – and Beyond

by Anthony Ferrante
February 21, 2019
in Cybersecurity, Data Privacy, Featured
web and mobile applications from smartphone on blue background

In the fast-moving world of cybersecurity, predicting the full threat landscape is near impossible. But it is possible to extrapolate major risks in the coming months based on trends and events of last year. FTI Consulting’s Anthony J. Ferrante outlines what organizations must be aware of to be prepared.

In 2018, cyber-related data breaches cost affected organizations an average of $7.5 million per incident — up from $4.9 million in 2017, according to the U.S. Securities and Exchange Commission. The impact of that loss is great enough to put some companies out of business.

As remarkable as that figure is, associated monetary costs do not include the potentially catastrophic effects a cyberattack can have on an organization’s reputation. An international hotel chain, a prominent athletic apparel company and a national ticket distributor were just three of several organizations that experienced data breaches in 2018 affecting millions of their online users — incidents sure to cause public distrust. It’s no coincidence that these companies were targeted — all store valuable user data that is coveted by hackers for nefarious use.

These events and trends should serve as eye openers for what’s ahead this year, as malicious actors are becoming more sophisticated and focused with their attacks. Consider these 10 predictions over the next 10 months:

1. With more data moving to the cloud, cloud services will become a prime target for hackers

Organizations are rapidly migrating to the cloud to take advantage of its organizational benefits – such as cost savings and increased productivity – and to store sensitive data. However, this migration is happening at a speed that often surpasses the security controls required to secure that data. Additionally, organizations often make the fatal flaw of blindly agreeing to the cloud provider’s terms without doing their due diligence to determine if proper security protocols are in place, which they often are not. This combination of risky practices means that attacks on the cloud can be expected to increase.

2. Artificial intelligence will help and hurt

Both attackers and defenders will increasingly leverage artificial intelligence (AI) to fuel their purposes. Hackers can use advancements in AI to scan networks for vulnerabilities, automate phishing attacks and conduct large-scale social engineering attacks to propagate the spread of “fake news.” Conversely, AI can be used to prevent potential breaches by automating the detection process. Humans can only handle so many alerts at once. AI can make the threat detection process more efficient, helping combat the nonstop barrage of threats that organizations face.

3. Cryptocurrency mining will continue to be a threat

As long as attackers can make quick cash from cryptocurrency mining, infections that support this theft will continue. According to McAfee Labs, in 2018 the number of devices infected with a cryptocurrency miner increased by 4,000 percent. Criminals have been targeting those who use vulnerable routers or internet of things (IoT) devices, such as IP cameras or video recorders, because they often lack robust security. This trend is expected to continue upward as more devices come online. There were an estimated 23 billion IoT connected devices worldwide in 2018; that number is expected to reach nearly 31 billion by 2020.

4. 5G will make the existing IoT problem worse

With the escalating rollout of the 5G network this year, the attack surface the hackers can target is expected to expand. A new network means new architectures, which creates new vulnerabilities for malicious actors to exploit via IoT devices that were not built with security in mind.

5. State-sponsored espionage will increase, with continued impacts across the supply chain

Compromises in the supply chain will lead to more state-sponsored spying, which in turn will lead to increased concerns for businesses responsible for technology development and manufacturing. These threats may force companies to change their production strategies or reduce outsourcing in order to shrink their supply chain and thus reduce risk exposure.

6. Cyber risk insurance will become more necessary

Cyber insurance coverage will grow considerably as companies rely on it as a necessary risk management tool in the face of increased, large-scale breaches. However, policies are evolving to require organizations to first implement certain controls prior to insurers underwriting their risk. The days of being insured with low premiums despite a weak security posture may soon be numbered. Growing data privacy regulations (see #7 below) that are coming into full force will also drive organizations to purchase cyber insurance plans.

7. Increased potential for new legislation, regulation and oversight

Growing data privacy and cybersecurity concerns may lead to more legislation, regulation and oversight this year. With the implementation of the General Data Protection Regulation (GDPR) in the European Union, other countries have started to follow suit, leading to an expanded need for companies to bolster their cybersecurity infrastructure and policy. Combined with individual states enacting legislation (e.g., the California Consumer Privacy Act of 2018), this has created a sense of urgency in the U.S. to advance data privacy legislation. It’s likely no new controls will be enacted in 2019, but discussion of data privacy at the national level is sure to continue.

8. Two-factor authentication will begin to evolve to multi-factor

Malicious actors are increasingly figuring out how to exploit vulnerabilities in the two-factor authentication process. As a result, two-factor will evolve to multi-factor authentication, which will be a significantly more common solution for most online services. Various other methods of user verification may also expand.

9. Hacktivism will rise

Due to increased global political and economic discord, activity from hacktivists will increase. In the past, hacktivists relied mostly on disruptive-style attacks, such as distributed denial-of-service (DDoS) attacks to send messages during times of political and economic upheaval. However, over the past few years, sophisticated tools and techniques have made their way into commodity-grade ransomware attacks. The commoditization of weapons-grade cyber tools and techniques, combined with the effects of rising political tensions and economic downturn, will open the door for cyber activists and disgruntled citizens to leverage destructive attacks.

10. “Deepfake” video and audio editing will increase

This style of deceptive media has the potential to create serious harm by portraying people of significance doing or saying things they didn’t actually do or say. The realistic nature makes it difficult to detect reality, and it can be even harder to prove its illegitimacy. Whether the intention is for financial gain like blackmail or to alter society’s view with fake political messages, the use of “deepfake” media is expected to cause turmoil in 2019.

Malicious actors are always looking for new ways to infiltrate networks, steal data, further their political cause or simply make money. As a result, defenders cannot assume that last year’s threats will remain static. Focusing on known vulnerabilities will leave an organization susceptible to an unexpected attack. Cybersecurity is an ongoing process that will never be perfect, but taking a proactive approach to ensure that holistic, intelligence-led programs are in place is an effective cyber risk mitigation practice that will bolster a resilient 2019 and beyond.

This piece was originally shared in the FTI Journal and is republished here with permission.


Tags: Artificial Intelligence (AI)CryptocurrencyCyber RiskData BreachGDPRInternet of Things (IoT)RansomwareReputation RiskSEC
Previous Post

Thomson Reuters: The State of Regulatory Reform

Next Post

OFAC Announces 2 Sanctions Enforcement Settlements

Anthony Ferrante

Anthony Ferrante

Anthony J. Ferrante is a Senior Managing Director and Head of Cybersecurity within the Global Risk & Investigations Practice at FTI Consulting, based in Washington, D.C.  He previously served Director for Cyber Incident Response at the U.S. National Security Council, where he coordinated U.S. response to unfolding domestic and international cybersecurity crises and issues. Before joining the National Security Council, Mr. Ferrante was Chief of Staff of the FBI’s Cyber Division. He also served as a member of the FBI’s Cyber Action Team, a fly-team of experts who deploy globally to respond to the most critical cyber incidents on behalf of the U.S. government. As an expert in cyber resilience, prevention, response, remediation and recovery services, Mr. Ferrante has more than 15 years of top‐level cybersecurity experience, providing incident response and preparedness planning to more than 1,000 private sector and government organizations, including more than 175 Fortune 500 companies and 70 Fortune 100 companies.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

DALL·E 2023-02-16 13.18.43 - magritte style painting of robot looking into mirror

A Bot Isn’t Going to Take Your Place, But AI Will Make Your Job Harder

by Jennifer L. Gaskin
March 8, 2023

OpenAI’s splashy ChatGPT rollout has generated untold amounts of text, both directly and indirectly. While much of what’s been written...

Next Post
flag of North Korea behind chain link fence

OFAC Announces 2 Sanctions Enforcement Settlements

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT