The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what might happen in the next 10. We recently found an old Nokia 8210 phone at home and my teenagers couldn’t figure out how to text with it! It was only 16 years old. And since technology develops at such a rapid pace, who would be crazy enough to predict 10 years ahead in the tech space? Since I don’t have a reliable crystal ball, I’m going to share my predictions for 2020 (and perhaps a few years ahead of that too) but I’ll leave the decade-long predictions to the pundits out there.
In 2020, one of the biggest drivers of change in the cybersecurity and integrated risk management market will be the greater oversight and regulation. CISO’s look out! 2020 is coming straight at you and it has CCPA leading the way on January 1st, 2020. CCPA will affect companies doing business in California or even those with a website that can be seen in California, so although it is a state law it really has US-wide implications. This is the first time that consumers will be able to demand to know what data is held about them, request that it be deleted and request that it not be shared with third parties. We have yet to see how it will be enforced, with some citing a get-out “cure” rule which gives a company the opportunity to fix a violation, but 2020 and the following few years will show us how judges interpret the law.
Of course, we expect other states to follow the direction of California with New York and Washington, DC considering future legislation. Overall, this increased regulation will mean customers will expect organizations to show how they can handle the collection of personal information and how they will go above and beyond to demonstrate that they take security seriously.
Time to learn about CMMC
Closely behind CCPA we expect the introduction of the CMMC (Cybersecurity Maturity Model Certification) which is the DoD assessment and certification program. This new certification will be used to ensure that DoD contractors have sufficient security measures in place in order to bid for DoD contracts. The CMMC will have 5 levels of security and it is expected to be in use by late 2020. Some industry experts even predict that the CMMC will eventually take the place of many other industry security standards such as SOC and HITRUST.
Look out for more data breaches!
With all the headline news about data breaches affecting household name organizations in 2019, it is easy to predict that the bad guys out there are getting more sophisticated in their hacking techniques and more targeted in their actions. 2019 has had the most data breaches ever with 5,183 breaches, exposing 7.9 billion records just by the end of September. Not surprisingly, with the high value associated with PHI, the healthcare sector was the most targeted industry. Remember, if your company is in an industry, like healthcare for example, where you hold valuable information you are therefore more likely to be the target of a hacker or breach. Perhaps the biggest surprise of the next decade for many companies is the unknown breach or hack. With employees having access to more and more devices which are connected to their company’s network, the area of a breach vulnerability has grown. To protect your company, 2020 should be the year when you take control of your cybersecurity posture before someone takes hold of your data!
The bad news for 2020 is to expect to see more of this malicious activity because as long as there is a value on the dark web for PHI there will be hackers. However, you’ll be happy to know that there is good news in this scenario too. There are more platforms and new technology now available to combat this activity than ever before. Companies that choose to use technology to work smarter will benefit from the latest security technology. As I mentioned, the introduction of regulations and oversight will encourage more companies to obtain security certifications like CMMC and this in turn will help lead to better security for companies across all industries.
Changes in the cybersecurity industry
Expect to see more consolidation in the Cybersecurity industry in the next few years as well. There are many security tools on the market which are currently well-funded and they will consolidate as companies look for more integrated solutions. Solutions which help organizations adapt quickly to emerging regulations and new types of threats will be the most attractive as the pace of change continues to accelerate. With consolidation you can get more resources to tackle tough challenges, but sometimes innovation slows in the wake of competing priorities. And it’s already starting…. Earlier in 2019, Broadcom acquired Symantec, and last month we learned that McAfee is making a play for Norton Lifelock..
AI and data
Finally, from an industry point of view, we come to the fun, crystal ball-type stuff that I mentioned earlier. Although I don’t have the ability to see into the future with certainty, I think it’s safe to say that AI (Artificial Intelligence) and data are going to be key. Although it is early stages for AI, we will begin to see some platforms using AI and machine learning on a broader scale. We will see AI being used for more organic searches for risk. The use of data will be even more valuable than before as we use it to identify thread trends and risks as well as opportunities.
Ostendio into 2020 and beyond
And what is in store for Ostendio in 2020? Cybersecurity is at the forefront of the technology industry and Ostendio is positioned as a leader with new products and services for our customers. Following on from the successful launch of MyVCM Crosswalk Assessments and MyVCM Auditor Connect, the team is working hard on our next exciting product called Vendor Connect. This new, rich feature will allow organizations to send customer security assessments to their vendors and extend the security program and requirements of their company. This is essential because organizations are only as secure as their weakest link. By extending their security requirements through Vendor Connect to their suppliers they will improve their overall security posture.
So bring on 2020 and the next decade of changes and challenges! Ostendio is excited to be at the forefront of the cybersecurity industry and we are eager to see what the future holds.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Ready to get serious about your security program?
Contact Ostendio and request a demo. We have experts who will be happy to answer your questions and help you with your cybersecurity journey.