For businesses in the 2010s, a cyber-attack is not a matter of “if” but “when” as every business is at risk of a cyber-attack. The decade saw some of the worst cybercrimes in the digital realm – from Target to Ashley Madison, and from Yahoo, Facebook to Bangladesh Bank cyber-heist, and Adobe hack, to name a few. Thousands of other organizations – irrespective of their size or industry sector – were also not spared from cyber threat activities of varying degree.
The increased use of new technologies by businesses such as cloud, AI, and IoT have led to invaluable technological gains, but, also exposed businesses to an unprecedented volume of cyber threats. As Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research said, “Cyber are always looking for ways to stay one step ahead of cybersecurity practices and creating great havoc to our ever-more-connected world.”
Read more: Time To Put Your Cybersecurity To Test
Stuxnet was perhaps the first example of computer worm that was co-developed by the US and Israeli intelligence services as a means to sabotage Iran’s nuclear weapons program. While not widely known by the public, it remains a major milestone as the first known example of a sophisticated and targeted cyber attack. In the spring of 2011, Sony announced that a hacker stole details for 77 million PlayStation Network users, including personally identifiable information and financial details – a big disaster that proved catastrophic for Sony as a brand.
The Snowden leaks that occurred in 2013 are probably the most important cyber-security event of the decade that exposed a global surveillance network that the US and its Five Eyes partners had set up after the 9/11 attacks. Again, the Wannacry ransomware attack in 2017, for example, was carefully planned and carried out by highly organized criminal groups, with possible support from a nation state.
Today, attackers have reached a level of maturity and efficiency. They are taking advantage of the increased value and vulnerability of online targets that is resulting in a dramatic increase in attack frequency, complexity and size.
Read more: Cyber Security Would Rule Boardrooms in 2020
At the same time, the recent spate of sophisticated cyberattacks proved to be an eye-opener for businesses, many of them are now forced to think differently when it comes to use and protection of data. The realization has also dawned that security can no longer be confined to just the IT department. Hence, this decade cyber security pervaded the boardrooms like never before making CISO a superhero from an implementer.
Not only is the CISO’s role changing, but so is his/her relationship to the organization they work in. For example, earlier CISOs reported to the CIO or CFO; many now report directly to the CEO or the Board. The CISO’s role has become more elevated because of the importance of data management in the digital age.
In this context, one of the major developments in 2010s is the legislation that helps encourage better security practices for example, the EU’s General Data Protection Regulation (GDPR). In India too, The Personal Data Protection Bill got cleared by the Union Cabinet in December, once approved by Parliament as law, would require all organizations, both public and private, to comply with provisions related to data security and usage. These laws and regulations further bring CISOs role to the spotlight.
“Now CISOs work with a broader set of stakeholders and build an increasingly diverse team to handle different areas of concern, including regulatory and privacy issues, product security and shadow IT,” says Sheril Jose, Head- Cyber Security at Pune-based Emcure Pharmaceuticals.
2010s also saw the rise of data protection officer or DPO in the c-suite, with some organizations looking to step up the security governance game. Despite new roles and responsibilities in the cyber space, the World Economic Forum reported a shortage of people trained in cybersecurity for the first time in this decade. Cybersecurity Ventures estimates that there will be 3.5 million unfilled cybersecurity jobs globally by 2021, up 350% from 2014. With the list of security-training companies and security certifications only growing however, there will be many more jobs in for trained staff in this space.
Top priorities for many CISOs and security personnel in the coming year will be to enable an enterprise-wide holistic security approach and hire more cybersecurity staff, as a Fortinet report suggests. In 2020, CISOs will not only dedicate priority funding to adding more security personnel to their teams, but also aim to develop a culture of security throughout their entire enterprise.
Jaspreet Singh, Partner, Cyber Security, Advisory Services, Ernst & Young, believes, cyber security culture – a key priority in 2020 – must include everyone who has access to data. “Businesses that make security an integral part of their company culture will be among those best positioned to fend off the next big cyber-attack,” Singh says.
With many more high-profile security breaches predicted in the 2020s, companies will need to find better ways to protect their data and ensure customer privacy. Experts believe those organizations that fail to protect user data and share it a responsible manner will eventually be out of business.