Prediction Series: Interview with Anurag Kahol, CTO and Co-Founder at Bitglass

Hi Anurag. Tell us about the biggest disruptions that you see happening in 2020.

We will see an increase in the number of M&A deals in 2020. In fact, 79 percent of respondents to Deloitte’s M&A trends 2019 report expect the number of deals they close to rise in the next 12 months – up from 70 percent last year. Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest data.

Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.

What about the effects of The California Consumer Privacy Act (CCPA) on the industry? 

Ambiguity around CCPA will cause a slow start to enforcement in early 2020; this is made more likely by the fact that several groups are still suggesting changes to the original version of the regulation. In other words, California legislators are not prepared to adequately and consistently enforce the new law. Additionally, many businesses are still unsure about its specific requirements and are not ready to be in compliance.

This is particularly true of small and medium sized businesses that don’t have the same amount of resources as larger corporations – it is more challenging for them to discern what they need to do in order to be in compliance. As a result, we will most likely need to wait some extended period of time before we see the first significant fine under the new law; much like GDPR. In fact, it took nearly a year for British Airways to be fined $250 million under GDPR – its breach was reported in September 2018 and the company was not fined until July 2019.

Similarly, once the initial lull period that will follow the enactment of CCPA comes to a close, we will see similar, significant fines being given to companies that fail to meet the requirements demanded by the new law.

What makes US Data Privacy scenario so different from the rest of world?

In 2020, we will see a U.S. federal data privacy law be drafted and considered. This is needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business, and to enable international commerce – facing numerous regulations can be a barrier that keeps foreign businesses from entering a market.

Complying with data privacy laws can be a top challenge, particularly for small and medium-sized businesses that lack the same resources as larger companies that are better equipped to navigate all of the regulations with which they are faced. Some of the largest tech firms in the U.S. as well as a group of 51 CEOs have already asked U.S. lawmakers for a federal privacy law.

Would this help to combat against threat actors? 

Threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised.

Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.

Tell us about the future of the “Cloud Economy”. What are the various challenges you foresee in the Cloud market?

Misconfigurations of Cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global Public Cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, Cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner.

Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals.

Do you think Cloud Service providers are prepared for these challengs?

In addition to the above, highly niche Cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream Cloud services do.

Regardless, companies are gaining confidence – even if it’s a false sense of confidence – in their ability to utilize the Cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the Cloud.

Which other key socio-economic development could impact the US-based Marketing and Sales businesses in 2020?

I expect that foreign meddling will occur in the 2020 presidential election. The Mueller Report found that Russians have and will continue to interfere in U.S. elections (which is backed by the Senate Intelligence Committee’s findings), while Twitter has already shut down thousands of Iranian-backed disinformation accounts.

Due to foreign interference, the hacking of voter registration databases, and the exploitation of flaws in voting machines, there will be even more controversy and concern over the integrity of the 2020 election than there was in 2016. However, this widespread concern should serve as a catalyst for change moving forward – even if it’s too late to make these changes for 2020.

There is simply too much at stake to neglect these issues indefinitely. Voters, legislators, and tech providers will need to come together to ensure greater cybersecurity throughout election processes – thereby strengthening the integrity of our democratic system.