2019 has been a difficult year for organizations trying to reduce the likelihood and minimize the impact of IT outages. As we have seen, companies and public sector organizations are increasingly the target of opportunistic cybercriminals looking for vulnerabilities to exploit. The effects of these attacks have been devastating for some organizations. Unfortunately, despite improved resilience, we expect these incidents to continue in 2020.
About the author Peter Groucutt is the General Manager of Databarracks.
The cybernetic crystal ball
When we look to the future, we inevitably tend to pay the most attention to big shock forecasts and overlook current trends. In fact, the risks we will face in 2020 are probably ones we already know. Amara's law states that society tends to overestimate the short-term effect of a technology and underestimate its long-term effect. We will likely witness a continuation of the same types of breaches and cyberattacks that we saw in 2019. Will we see cybercriminals use quantum computers to break encryption and bypass antivirus solutions? Probably not. What about rogue artificial intelligence (AI) systematically penetrating corporate networks and holding systems for ransom? Again, unlikely. The threats we should focus on are the ones that are working and causing damage now. According to our 2019 Data Health Check, cyber attacks have doubled as a cause of downtime since 2016. They have also increased due to data loss by almost 90% since 2014. Organizations can do better by protecting their infrastructure, people and data, but unfortunately, cybercriminals adapt even faster. This means we will witness more publicized incidents, which could lead to job losses. As we have seen time and time again, this translates into serious and lasting reputational damage, a strong motivation for board leaders to prioritize resilience and cybersecurity going into 2020. On a more positive note, cyber defenses and Disaster recovery (DR) systems are gradually improving, with more frequent testing and a steady increase in off-site backups. This is good news, as hardware failures and human errors are likely to remain the leading causes of data loss (another multi-year trend reported by Data Health Check).
Better business continuity.
The protection of cloud services is also strengthened, as more and more companies install their own backups, either in cloud storage or on their own sites. Additionally, cybersecurity is now seen as more of an issue for IT teams and is being addressed. It's great to see senior managers taking on more responsibility in areas that are usually out of their scope. Taking DR and BCP more seriously is vital, given the huge impact they can have on any business. Cyberattacks were once a minor inconvenience that could be managed by IT management, but now they pose an existential threat to any organization. Supply chains are now a common attack route. Bloomberg reported that Chinese spies were interfering in Supermicro's server supply chain, inserting microchips into server motherboards shipped to more than 30 companies, including the US Department of Defense, a global bank and Apple. . As an attack vector, it is one of the most difficult to defend against and illustrates the holistic approach organizations must take to protect themselves. The Treasury Committee's report on computer failures in the financial services sector was published in October. The report highlights how all of the UK's major high street banks have been affected by IT failures in recent years. The importance of banks and payment systems has forced the Treasury to pressure regulators to act. This precedent is expected to encourage other regulators to also take action if failures reach unacceptable levels and lead resilience. Therefore, we expect greater political participation in 2020.
Hope for the future
There are a handful of phrases that you can't help but hear in the world of cybersecurity: "It's an arms race between us and criminals" "It's not if, it's when you are violated", "A criminal must be right only once, we must be right every time." Although criminals still seem to be winning the race, we are actually very positive about the future of cybersecurity. You really can't underestimate how quickly the world has changed. A few years ago, when I spoke to IT managers, they were universally overwhelmed. Cyber simply wasn't part of their experience and suddenly they faced threats from all directions. Attacks are increasing, but our data health monitoring also tells the other side of the story, revealing gradual and steady improvements in defenses. Conversations with these same CIOs are now very different. They are not complacent and they certainly don't think they are impenetrable, but they are much more in control. They have upskilled themselves and their teams, trained their users through basic cybersecurity training, and have plans in place to respond to incidents.