The Top 7 Cybersecurity Threats for C-Level Leaders in 2020 That Will Impact Your Company This Decade (If Not Addressed)

In looking at the future we must first look to the past. Without a doubt, there will be key cybersecurity focuses from the past five years that will continue into 2020 and beyond. This includes mitigating phishing and ransomware attacks, IoT vulnerabilities, mobile security threats, as well as increasing secure dev ops, and continued migration to the cloud. This is probably not a surprise and something many C-level leaders are aware of whether, or not, their company has fully invested in these areas.

However, in addressing cybersecurity concerns that will impact businesses over the next 10 years they are just as complex, more deeply rooted, and in some cases harder to change. In this article I am not referring to something like quantum computing. I am referring to the challenges that have already plagued us the past few years, and can no longer be allowed to continue over the next ten years if you want to have a thriving business in the next decade and beyond. I am referencing the reality of living in a video streaming world, but still using DVDs players (or beta players) to watch movies. These threats don’t always evolve around technology. It’s a mindset that requires behavior change. It can be hard to understand, and often require us as leaders to look at ourselves and ask the hard questions.

For C-level executives, here are 7 cybersecurity threats of 2020 that will impact your business this decade if not addressed.

Uninformed executives continue to be the #1 cybersecurity risk for a company. I know this is a bold statement, but can you really think of anything scarier in a company today than an uninformed C-level executive making decisions that impact not only the cybersecurity program of an organization but the alignment of security and business objectives, including the cybersecurity budget, the organization’s approach to vendor risk, and the overall impact to clients? The ultimate accountability of the cybersecurity program lies with the management team of a business and a true lack of understanding of risks by C-level executives is what will cause a business to not survive in 2020 and beyond. I am not just referring to the impact of one breach. I am talking about on the consistent and ongoing lack of engagement by an executive, or executive team, on the topic of cybersecurity and then making decisions that impacts clients, employees and other stakeholders. Demonstrating cybersecurity understanding and awareness, in the next five years will be critical for all members of executive teams and board members regardless of your role. It will be a qualifying piece in the price of admission. Globally, 40% of companies cited their executives, including the CEOs, as their highest security risk (Information Age/Prescient, 2019). In many cases, executives can be the target of a malicious hacking scheme, and in other cases, an executive can fall prey to an attacker via social media, when traveling, or when accessing email.
Thinking global politics and security trends won’t impact your business. In 2016 we saw how the election impacted the public but also Facebook. Economic espionage by countries, particularly China, is well known and continues to be a persistent threat to business and universities in the United States. Nation-state hacking does not appear to be slowing down and potential war with Iran only increases the likelihood of a cyber war impacting businesses. A cyber war puts all businesses, including small business, on the front lines of a war.
Dismissing AI as part of your company’s detection and response strategy. In this decade as the cyber threats become more AI enabled, our ability to respond will need to be congruent. As technology threats change the way we defend against them will need to change. As a c-level executive, do you know how AI and machine learning are being utilized in your company’s cybersecurity program? The Capgemini Reinventing Cybersecurity and Artificial Intelligence Report states that 69% of enterprises believe AI will be necessary to respond to cyber-attacks. Additionally, 64% of enterprises say that AI lowers the cost to detect and respond to breaches and reduces the overall time taken to detect threats and breaches by up to 12%. The amount of time threat actors remains undetected drops by 11% with the use of AI (Forbes).
Unaware of vulnerabilities from IT teams or managed service providers. Ignoring, or failing to mitigate, risk from those who have access to our environment can be “business ending” in this decade. Managed service providers are increasingly targeted by cyber criminals. Building a zero-trust technology environment is only one a way to address this. Having consistent follow up with third party technology vendors and checks and balances with the IT team, internally, is a trifecta approach to this risk.
Underestimating the impact of 5G on your business. This will severely impact IoT devices in your business and your home. As a c-level executive, are you thinking about the impact of 5G to your company infrastructure and cybersecurity program? Once 5G networks are rolled out to the larger public, devices (IoT) will be connected from a variety of mediums increasing vulnerability from attackers (Malwarebytes). The NotPeyta attack in 2017 caused $10 billion in corporate losses. The combined losses at Merck, Maersk, and FedEx alone exceeded $1 billion. 5G networks didn’t exist at the time, of course, but the attack illustrates the high cost of such incursions (Brookings).
Playing the “waiting game” on privacy. Compliance overall will impact a company’s profitability if there is a breach AND a lack of adherence to a regulation resulting in fines. Privacy and cybersecurity regulations are increasing annually. As a C-level leader, are you reviewing the type of data you collect, what you do with it, and how you protect it? The Global Data Protection Regulation, GDPR (privacy regulation in Europe), and the California Consumer Privacy Act, CCPA (effective January 1, 2020), indicate maintaining reasonable data security is no longer enough. If operating in regulated areas, you must determine how to align your business goals with privacy rights of individuals around the world. Adherence to GDPR (which applies to all businesses, large and small, that collect data on European residents), CCPA or PIPEDA (Personal Information Protection and Documents Act in Canada) is a must as well as understanding how it impacts the roles and responsibilities of the security and technical teams. The European Data Protection Board’s recap of GDPR activities between May 2018 and May 2019 states 144,376 complaints or queries were lodged with EU data protection authorities during that year (The Legal Intelligence).
Believing it’s impossible to defend against cyber threats. This is the defeatist mentality. It’s amazing how many people I meet that say, “Is there really anything you can do about hackers anyway?” Or “We’re too small.” If you don’t impact this way of thinking it will impact your business in the next decade. If fact, you may no longer have a business. In the 2020s, doing nothing in regards to cybersecurity in your business will not be an option. It’s now part of the cost of doing business.

Jessica Robinson is CEO of PurePoint International and works as a Virtual/Outsourced CISO to middle market businesses in financial services and insurance. Jessica and her team specialize in working with companies with $100M-$500M in revenues. You can reach her at jessica@purepoint-international.com.

The Biggest Travel Week of the Year: Top 7 Ways to Stay Safe While Traveling in Midst of Terror Threats

Holiday travel is already under way as Americans prepare to gather with family and friends to celebrate Thanksgiving. At a time where people are preparing to rest, feel contentment, and be safe, there is a looming cloud of uncertainty that hangs over the holiday season, leaving people to ask the question whether it is safe to travel, how to travel, and what to do if a violent attack occurs.

The Russian Metrojet Flight 9268, exploded over Egypt killing 224 Russians two weeks ago. Russian and U.S. Intelligence now support ISIS as the perpetrator. Friday, a hotel in Mali was under siege killing 21 people and 170 people were taken hostage. Al-Qaeda has claimed responsibility. Last week two Air France planes, in the United States, received terror threats causing them both to make emergency landings. A Spirit Airlines flight, out of Florida, also received a threat forcing the plane to return to the airport minutes after departure. A Turkish Airlines flight was also diverted to Canada because of a bomb threat.

As an International Safety & Security Advisor, I have completed a lot of research on international travel, including polls and focus groups, to learn what is most important to people, when traveling. I am often asked for advice as someone is preparing for an international trip. Here are some practical key learnings anyone traveling this holiday season can adopt to help stay safe when in familiar, or unfamiliar, locations. The goal is always prevention; here are tips for traveling during the holidays domestically or internationally:

Be prepared for delays at the airport: As you may know, this is the busiest time off the year to travel in the U.S. Expect longer wait times, random baggage checks, hand swipes when going through security and expanded screening on airplanes traveling to the U.S.
Arrive early to airports: If you are reading this article, I know your priority is to be safe. Arrive 2 hours early, or earlier, when flying internationally. Be prepared for unexpected delays. With lower oil prices, 25M people are expected to fly on U.S airlines, 3% more than last year.
Be aware of your surroundings: Pay attention to your environment. Do you see an unattended bag? Are your bags with you at all times? Don’t get so caught up in a conversation, reading, etc, that if someone took your wallet off the table, or brushed against you, you wouldn’t notice. Alert law enforcement when appropriate.
Travel in groups when outside the U.S.: This may seem very basic, but when traveling alone it can be very noticeable to others. When in line at a store have “small talk” with the person next to you. It’s a great way to learn the local area, meet new people, and to learn about the culture.
Are you traveling alone?: If someone you don’t know asks you if you are traveling alone always say “no.” State you are “meeting someone” or “waiting for a friend”. This is especially important for women. I did this while vacationing by myself in the U.S. Virgin Islands and it was very helpful. I was amazed how often I was asked if I was alone.
Understand being an American can make you a target: Not always, of course, but this is a fact that can’t be escaped. It is part of the politics of today’s world. It’s nothing to be ashamed of and it’s nothing to fear; taking precautions are important. Review the U.S. State Department warnings for the country in which you are traveling. Use sound judgment, avoids large crowds of unknown origins, minimize your profile when in public, and always have a cell phone. Yes, if traveling out of the country this is tricky because perhaps you don’t plan on taking your phone to avoid accruing international charges. You can always change your phone plan for the duration of your trip, or purchase a temporary phone prior your trip or when you arrive to the country.
Be aware of daily changing threat alerts: Know what’s happening each day. Despite threats to NYC and Washington DC, the threat alert has not been elevated. The government of France just voted to keep the country as a state of emergency, and in Belgium, the government raised the terror alerts in the Brussels area. The elevation, or de-escalation, of threat levels could change at any moment. Make a point to know what is going on each day while you are traveling.

Despite the fluid, and constantly evolving, environment we are living in today, I encourage you to travel, have fun, and continue to experience cultures this holiday season!

Jessica Robinson, is a writer and Founder & CEO of PurePoint International. She has worked with a top 40 company and with the 2015 US Open. As a security & risk management expert and outsourced CSO (Chief Security Officer), she advises and consults with small and medium sized businesses on threat prevention and response. Learn more at www.the-purepoint.com.