Security

Compliance Challenges and Unrealistic Budgets
March 10, 2020
Bounty Programs
March 10, 2020

Security

Malicious hacking was on the rise in 2019. You can expect to see a continual stream of attacks throughout 2020.

Key Insight 

From ransomware attacks that targeted municipalities, to data breaches that exposed the personal details of hundreds of millions of people, to supply chain attacks that crippled global trade, malicious hacking was on the rise in 2019. You can expect to see a continual stream of attacks throughout 2020.

What You Need To Know

Hackers can gain access to critical systems and data through unsecured databases left open on the internet, out of date firmware and software patches, bugs in operating systems and software and vulnerable utilities—in addition to using methods that exploit human vulnerabilities like weak passwords. Sometimes accidents happen: In February 2019, a USB drive containing the tax information for 42,000 Salt Lake Community College students fell out of an envelope and made its way into malicious hands. That same month, Ohio government employees accidentally sent 9,000 tax forms with personal information to the wrong people. Too often, breaches are the result of employee sloppiness. A misconfigured government database in Ecuador containing the private data of the country’s citizens—about 20 million people in total—was left completely accessible to the public on the internet.

Why It Matters

The cost of data breaches is significant. According to IBM’s annual Cost of a Data Breach study, in 2019 the average breach costs an organization $3.92 million, up 12% from five years ago. Notification and compliance, expenses that stem from forensic investigations, systems repairs and the inevitable lawsuits all contribute to the cost, and fewer than half of all organizations are equipped to prevent against and properly and efficiently respond to a cyber attack.

The Impact

In January 2020, the City of Las Vegas was attacked, a sign that attacks are continuing. 

Watchlist for section

Akamai Technologies, Amazon, Anonymous, Apple, Carbon Black, Check Point Software, CIA, CrowdStrike, DARPA, Def Con, Duo Security, Ethereum, FBI, FireEye, Fortinet, Fujifilm Holdings, GitHub, Google, HackerOne, Huawei, iARPA, IBM Intel, In-Q-Tel, JPMorgan Chase, Kaspersky, Krebs on Security, McAfee, Microsoft, Oracle, Palo Alto Networks, Princeton University, Qualcomm, SAP, Sedicii, Sony, Splunk, Symantec, Technion Israel Institute of Technology, Tor, U.S. Computer Emergency Readiness Team, U.S. Cyber Command, U.S. Department of Defense, U.S. Department of Energy, U.S. Department of Justice, U.S. National Security Agency, Uber, Webroot, WikiLeaks, ZTE, municipalities, counties and civil agencies everywhere and the governments of Russia, China, Singapore, North Korea, Ukraine, Israel, United States, Iran and the U.K.

Other trends in section