2018 ended with two massive data breaches.

“A malicious third party” gained access to Quora’s systems and compromised the account data of nearly 100 million users. A week prior, hackers breached Marriott’s Starwood Hotels reservation database, compromising names, mailing address, phone number, email address, passport number, and other information for about 327 million customers.

Marriott and Quora join other 2018 data breach targets including British Airways, T-Mobile, Ticketfly, and Orbitz. Although you may have heard about these massive data breaches in the news, cybersecurity breaches often more often than you may think.

According to Verizon’s 2018 Data Breach Investigations Report, there were over 53,000 security incidents and 2,216 confirmed data breaches. Moreover, 58% of data breach victims are categorized as small businesses.

In 2019, will we see more massive data breaches? Are there any emerging technologies and other forms of risk management that can help protect consumers and businesses from becoming a cyber attack victim or mitigate losses that result from a data breach?

Following our “Data Breach Plan” panel event, I interviewed Redpoint Cybersecurity CEO and co-CISO John Curran, and asked him what businesses can expect in 2019.

.  .  .  .  . 

Malaika: Now that we’re entering 2019 and ending [2018] on a note where massive data breaches are occurring, do you have any bold predictions on what we can expect for 2019, or any trends we can expect?

John Curran: Number one, I have no reason to believe that the causes of incidents–whether you’re talking about malicious insiders, ransomware attacks, or other forms of exploitation–will diminish this year.  One form of attack or another may increase or decrease over the short-term, but over the long-term the number and severity of risk factors – and the delta between the “attack surface” versus the level of preparation and detection by most firms – is expected to increase indefinitely.  An example of a particular kind of attack that we saw a lot of last year, which we expect to increase this coming year, is Business Email Compromise.

I think you’ll also see an increase in the amount of money companies are projected to spend on cybersecurity over the next year, and especially over the medium-term. Total cybersecurity spending is already estimated to be $80-100 billion, and that that number is expected to basically double over the next five years.

In terms of related trends, one thing that’s developing, and it’s for good reason, is the use of machine learning for detecting breaches and other unauthorized activities in your environment. You’ll see increasing trends towards the use of machine learning techniques and away from the more signature-based analysis that’s traditionally dominated the “managed security” services industry. While there is a huge difference in the quality of these solutions, I think that’s a positive trend overall.

The last thing I’ll mention is breach insurance coverage, which differs from traditional forms of corporate insurance. But I think one of the trends you’ll see–and I’m a big advocate of it–is that companies of all sizes and in every industry will begin to increase their coverage, and, with that their information security due diligence, including things like breach readiness assessments and network penetration testing. Cybersecurity is not a simple set of “best practices” – it requires an active mindset and continuous improvement – and I think that commercial litigation and breach insurance due diligence will (hopefully) act as drivers in terms of general awareness, early detection, and overall risk mitigation.

.  .  .  .  . 

Following the success of “The Breach Plan”, we’re hosting another moderated panel discussion on March 28th. Join Makovsky, Risk Strategies Company, Chubb, Cole Schotz, and Redpoint Cybersecurity to discuss the benefits that cyber insurance can provide to your company. Click here to RSVP!

thought leadership

THE FOUR BIGGEST FLAWS IN AN INEFFECTIVE SOCIAL MEDIA STRATEGY
Preserving Civil Discourse in a Fractured Public Affairs Climate
USING COMMUNICATIONS TO BUILD A SACRED TRUST
Beware the Feature Story: The Limelight Comes with a Lot of Heat

Contact

NEW YORK Office

228 East 45th Street
New York, NY 10017
212.508.9600
[email protected]

WASHINGTON Office

1775 I Street NW, Suite 1150
Washington, DC 20006

202.587.5634
[email protected]