Today, data security is top of mind for companies, consumers, and regulatory bodies. After years of unfettered participation in the data-driven digital age that was defined by an “anything goes” ethos and a “move fast and break things” mentality, this shifting sentiment is both drastic and welcome.
Taken together, it’s clear that data security and privacy will be a bottom line issue heading into 2020 as a new era marked by privacy and security permeates the digital landscape.
To help your company prepare for this growing inevitability, here are 20 data security risks that your company could face in 2020.
1. Accidental Data Exposure
Sometimes data breaches and privacy violations are the work of sophisticated hackers who take advantage of particular vulnerabilities to steal information. However, too often, data breaches are caused by accident.
2. Fatigued IT Admins
Today’s threat landscape can be exhausting. Just ask the IT admins responsible for protecting a company’s most important data.
Hackers only have to be right once to inflict serious damage on a business’s bottom-line, while IT admins are charged with perfectly repelling a constant barrage of attacks. That’s probably why nearly 2/3 of cybersecurity specialists have considered quitting their jobs or leaving the industry entirely.
This turnover – and the inevitable performance lag that accompanies overworked employees – leaves companies vulnerable to a data security or privacy failure.
3. Employee Data Theft
In most cases, employees are a company’s greatest asset, facilitating the exchange of goods and services that allow businesses to flourish.
In June 2019, a former employee stole personal data of nearly 3 million customers, marking one of the biggest data disasters in the country’s history.
4. Lackadaisical Digital Communication
Digital communication is a ubiquitous part of our daily lives, and it could also be a consequential vulnerability for companies striving to protect customer privacy.
Using personal devices or personal accounts to convey sensitive customer information is frighteningly common.
5. Phishing scams
These emails can flood corporate inboxes at little expense to hackers. Meanwhile, a single employee click can compromise troves of company data.
6. Data Theft For Ransom
There are a lot of ways for hackers to make money from stolen data. While the Dark Web offers a vast network of sales opportunities, increasingly cybercriminals are turning back to the source for their income.
Rather than selling stolen data online, thieves are exploiting companies for a ransom payment, creating a no-win scenario for businesses victimized by this approach.
7. Employee Bribery
In the past few years, several high-profile companies have endured data breaches on the heels of employees who were bribed to leak company information.
To be sure, bribing employees isn’t the most obvious way to perpetuate cybercrime, but it’s a vulnerability that companies need to be prepared to address.
8. Networks Held For Ransom
In 2019, local municipalities across the U.S. have had their IT infrastructure disrupted by ransomware attacks. However, this threat isn’t just relegated to government institutions. SMBs and other businesses without the most recent cybersecurity capabilities are all exposed to this threat.
Unfortunately, the cost to recover data has more than doubled in 2019, and all signs indicate that this trend will continue well into next year.
9. Everyone Has Access to All The Data All the Time
Access to company or customer data should be a need-to-know arrangement that minimizes the opportunity for misuse or abuse. However, too many companies give all employees complete access to all the company’s data all the time.
In doing so, they unnecessarily increase the likelihood that a security or privacy issue will emerge in the future.
10. Privileged Users Have Too Much Access
Data privacy extends to everyone, including employees, and every company needs to ensure that someone is monitoring the monitors. Failing to provide accountability at every level of an organization creates the possibility that a data privacy event will occur next year.
11. Employees Need More Money
The study found that 15% of UK employees would sell information for $1,260, while 10% would sell data for as little as $315.
This data may be cheap for bad actors to attain, but it could be costly for companies in 2020.
12. Executives Misplace Cybersecurity Priorities
13. Bored Employees
It underscores the blase attitude toward data security that still permeates many organizations, which holistically represents a profound threat heading into next year.
14. Spear Phishing Campaigns
Phishing campaigns are obnoxious, but spear phishing campaigns are downright nasty. This particular brand of phishing attacks use previously stolen data to create authentic-looking emails that are difficult to stop and defend.
As more and more data becomes available online, these attacks could only intensify in the future.
15. Good Old Fashion Fraud
16. Angry Founders
Few people have unprecedented access to company data like an organization’s founders. This isn’t a problem until it becomes a huge problem when they decide to leave the company or are forced out by institutional or market dynamics.
Privileged users frequently present a vulnerability because they are implicitly trusted while oversight is often minimal or nonexistent, creating an unnecessary opportunity for data loss and privacy violations.
17. Career Development by Data Theft
A surprising number of employees are willing to steal company data to gain an edge on the job market. For instance, two former Apple employees working on the company’s secret car project were charged with data theft after they stole more than 2,000 files related to the project.
Meanwhile, the perpetrators were in the application process at a China-based autonomous car company. Whether employees are looting intellectual property, customer data, or other valuable information, it can provide a leg up in a competitive job market, which presents a data security risk for companies operating in 2020.
18. Simple or Redundant Passwords
Interestingly, employees were reticent to change or improve these passwords when notified of their susceptibility. Failing to account for controllable elements, like following password best practices, exposes your organization to great risk now and in the year ahead.
19. Hackers Looking for Bragging Rights
The breach was orchestrated by a hacker who, by most accounts, was looking for bragging rights among various online communities.
For some, data theft isn’t about data or privacy, it’s about their own notoriety, and that’s a problem for businesses striving to protect their customers’ digital privacy.
20. Just Giving Up
Today’s dangerous digital landscape can be paralyzing. Discouraged by the notion that a security incident or privacy violation is an inevitability, too many companies will give up, taking their chances rather than fortifying their defenses.
In many ways, this might be the most significant vulnerabty of all. Rather than controlling the controllable, accounting for the risks, and implementing a security strategy that addresses holistic data security, they just do nothing.
Much like the years preceding it, 2020 will be replete with risks, and this presents every organization with an opportunity to differentiate themselves in how they manage this uncertainty and how they plan to protect their company and customer data going forward.
2020 is fast approaching. Don’t miss the opportunity to start getting ready now.
Photo credit: © gonin stock.adobe.com