Breaches, market volatility and the government shutdown: Security in the crosshairs

Last year ended with a number of high profile data breaches, tech stocks taking a massive tumble and the start of what has been to date the longest government shutdown on record. Marriott International’s Starwood reservation system was hacked exposing the personal data of up to 500 million guests. Quora’s data breach exposed up to 100 million users’ names, email addresses, IP addresses, and more…Apple, Facebook and Google stocks took heavy hits in December 2018 as the global economy and privacy concerns took their toll, and investors worried about a looming bear market. And then came the government shutdown. For cybersecurity professionals looking ahead at the rest of 2019, these events present a trifecta of challenges.

When it comes to data breaches, the security industry is not even close to nipping these in the bud. With personal data being the new currency, hackers are incented more than ever to try new and more nefarious ways to extract what their “customers” are after.  We can expect to see more creative phishing attacks and more headlines in 2019 about companies that have failed to patch or thwart newer and more malicious attacks. In fact, the number of digital records stolen by cybercriminals will increase by 175 percent from 12 billion in 2018 to 33 billion in 2023, with 146 billion records lost over the cumulative period, according to Juniper Research.

The fluctuations in the global economy and the nosedive in technology company stocks – which to date had been the darlings of Wall Street – also mean greater instability for cyber security professionals. Market volatility usually translates into companies looking into how they can save money.  While companies might have baked their 2019 security budget already back in 2018, if the economy continues along its shaky path, CIOs, CSOs and CISOs will need to get more creative in terms of how they can trim their budgets while still maintaining an effective security stance.

The government shutdown is another scenario – one that presents an ideal opportunity for increased cyber and physical security threat of all kinds ranging from identity theft, a loss of threat intelligence sharing and data exchange, to attacks on our nation’s critical infrastructure with less people monitoring systems, and doing their daily jobs. The on-going lapse in full-time coverage and resources dedicated to security will have long-term ramifications, and it is more than likely we will be hearing about the consequences in the months to come.

Based on these events, it is safe to say that cyber security professionals need to take an even more proactive stance this year and be prepared as best as possible to do more with less.  More than ever, AI will be able to make a meaningful contribution when it comes to helping cyber security professionals cope with these increasingly unpredictable scenarios—especially in areas such as smarter endpoint detection, and in providing more cost-effective ways for training security staff.   

What can a security exec do in this time of greater uncertainty, and potential belt tightening?  Making smart decisions with less resources is going to be needed, which may require considering some new products that can provide better data and enhance visibility.  For example, advances in machine learning have led to a whole new generation of risk assessment and scoring products that can help executives better focus their security resources on the biggest problems at hand.   With this data in hand, the security team can better understand how and what initiatives to prioritize, where to spend more or less, and even which third-party vendors are the riskiest to do business with.

In addition, benchmarking platforms, while still in their infancy, should be considered so that an organization can better understand where they stack up in their defensive posture, and also obtain better insight on how to improve with specific policy, configuration, and even product choices.  Companies have been reluctant to use benchmarking in past years, but as the attackers gain greater sophistication, and resources, the defenders will need to be better coordinated and educated in order to compete in this game of cat and mouse.  As I’ve noted before, this is Moneyball for security, where the attackers are the teams with the highest payrolls and organized talent. Today’s political and economic climate is just helping make the game even more challenging.