Top 5 Security Predictions for the Pace of Cloud

The fast-paced nature of some cloud initiatives is creating unnecessary risk combined with the real-world challenges of today’s business.

As we look back across 2019, organizations saw a tremendous increase in not only the use of cloud for business, but the valuation of the data and applications hosted in the cloud.  According to Oracle and KPMG’s annual Cloud Threat Report for 2019, seven out of 10 respondents indicated they use more business-critical cloud services than in 2018. 

Businesses have been utilizing cloud services in their business for years, but only recently have we seen growth in the use of cloud for business-critical data and services. While this is great for organizations that seek to reduce their costs and increase their capabilities for customers and employees, the fast-paced nature of some cloud initiatives is creating unnecessary risk combined with the real-world challenges of today’s business.  

With the increase in cyber threats on the one hand, and the use of cloud for mission-critical applications and data storage on the other, I see the following five things playing out in the market this year.

Prediction No. 1:  The Increasing frequency of incidents will drive change in the boardroom.

With less than half of global companies sufficiently prepared for a cyberattack, according to PricewaterhouseCooper, business leaders are looking within the boardroom to better understand how cyber-risk, privacy and data protection is becoming a “distributed responsibility” for the c-suite. CEOs now play a central part in ensuring that the entire C-suite is playing a role in reducing risk and ensuring data/privacy protections. No longer is it solely the domain and responsibility of the CISO or the IT department.  In fact, more and more businesses are using BISOs (Business Information Security Officers) as a business focused leader with an eye for security and privacy within the line of business.

Prediction No. 2: The top at-risk industries will see a disproportionate frequency in cyber-attacks.

While other industries see more attacks on an annual basis, some industries are less prepared and have higher-value data–which increases their risk. Health care tops out the list, followed by manufacturing, finance, government and utilities. It is expected that the health-care industry will see a 4x increase in ransomware attacks from 2017 to 2020, according to Cybersecurity Ventures. Manufacturing risk is centered on compromised supply chains, while finance is dealing with increased cases of financial fraud and theft. The utilities industry invests less than 0.2 percent of its revenue in cybersecurity, putting the country at risk for infrastructure outages. Some industries are fighting back with increased investments in cyber resiliency programs. The U.S. now spends more on cybersecurity activities ($15 billion) than the overall defense spending of Norway and North Korea combined. 

Prediction No. 3: Supply and demand shortages for cybersecurity positions will reach a critical mass.

Oracle predicts there will be nearly 3 million unfilled security positions in 2020, and that number is climbing. Cybersecurity has held the title of zero-percent unemployment since 2011, according to Monster.com, and Oracle sees no change on the horizon. Some markets are ripe with talent, as seen in the D.C. area, where the cyber workforce is three-and-a-half times larger than the rest of the country combined. While this bodes well for the D.C.-based businesses, it also highlights the challenges outside of D.C. One of the many drivers of organizations shifting services to the cloud is to overcome this obvious talent shortfall. Complicating things further, cyber-analysts can earn up to three-and-a-half times more per year as “bug hunters” than as employees working to defend against the flaw. While many will struggle to fill their reqs with qualified staff, others will take advantage of cloud service providers to fill these gaps. 

Leave a Reply

Your email address will not be published. Required fields are marked *