19 Things a CEO Needs to Know About

C H A R L E S D E N Y E R

T A B L E O F

CONTENTS

Introduction...........................................................................................................................1

#1 - Cyber Attacks will Continue to Grow..............................................................................2

#2 - Ransomware will be on the Rise.....................................................................................4

#3 - AI will Accelerate, and so will the Attacks.......................................................................6

#4 - Cyber Insurance will Become a Norm.............................................................................7

#5 - Insider Threats will be Bigger than Ever...........................................................................9

#6 - Phishing Attacks will Continue to Grow.........................................................................11

#7 - Regulatory Compliance is Just Getting Warmed Up......................................................13

#8 - The GDPR Will Continue to Expand its Global Footprint..............................................14

#9 - Next Generation Security Tools & Solutions are Heading Your Way.............................15

#10 - The Cloud will Continue to Grow Aggressively...........................................................16

#11 - America’s Critical Infrastructure will be a Prime Target...............................................18

#12 - Security Will be Lacking in New Product Launches....................................................20

#13 - Organizations will Fail Miserably in Applying Security Patches..................................21

#14 - Organizations will Fail to Invest in Necessary Security Tools......................................22

#15 - Organizations will Continue to See the Benefits of Security Awareness Training............23

#16 - Organizations will begin Embedding a True Cybersecurity Mindset............................24

#17 - Well-Qualified IT personnel will be Hard to Come by.................................................25

#18 - Cyber Espionage Threats Will Rise Significantly.........................................................26

#19 - National Security Implications will be Front and Center for America...........................27

BONUS #20 - Cybersecurity is Your New Competitive Advantage.........................................28

TOC

1

Then take a quick read on “The Skinny” for each of the 19 things you need to know.

& JUST NEED THE FACTS?SHORT ON TIME

Hey CEO’s – Cybersecurity is your New Weapon for Growth & Profits

But it’s also time to stop running and start winning with cybersecurity and data privacy. For CEO’s who truly understand and can see the upside of cybersecurity, the potential for business growth is huge, no question about it.

The time is now for businesses to start gaining a competitive advantage in 2019 – and beyond – with cybersecurity. People – and businesses in general – want to work with organizations where they know their data will be safe and secure. Also, they know most organizations are incapable of doing just that. If you can be one of those few companies that willingly embrace cybersecurity, you’ve got a competitive advantage in your industry that very few businesses – if any – have.

Here’s 19 things a CEO – and really, anyone else – needs to know about cybersecurity for 2019, according to Charles Denyer, one of the world’s foremost experts on cybersecurity & data privacy.

2

#1The world is awash in cybersecurity attacks, and there seems to be no end in sight. What was once a rarity is now being accepted as commonplace in today’s world as data breaches just keep coming and coming, an almost one-way freight train that can’t be stopped. Think of the recent high-profile cyber-attacks and how devastating they’ve been – the Sony Pictures breach of 2014, Yahoo’s compromise of hundreds of millions of user accounts from 2012 to 2014, and to top it all off, Equifax, the company who makes a living reporting, securing, and monitoring credit files, and their massive – and no doubt embarrassing – data breach.

The cold hard truth is that hackers are good at what they do, and getting better all the time. Remember, they only have to be right once, whereas businesses have to be right every time when it comes to effective InfoSec and cybersecurity measures. That’s not a winning formula, and its exactly why breaches will continue in 2019, and why they’ll also grow in terms of occurrences and in severity.

FireEye, an industry leading professional security services firm disclosed the following in their publication titled, "2019 - Facing Forward, Cybersecurity in 2019 and Beyond”:

Cyber Attacks willContinue to Grow

In 2019 and beyond, we expect to see more nations developing offensive cyber capabilities. There are people that claim nations should not do this, but in the halls of most governments around the world, officials are likely thinking their nation needs to consider offensive operations or they will be at a disadvantage.

There have been a lot of cloud-related challenges throughout 2018 and we expect to see those continue & evolve as we move into 2019. First, a lot of data is moving to the cloud and the attackers are going right along with it. We’re seeing a massive uptick in the number of incidents that involve cloud, and that’s really just attackers following the data.

SKIP TO “THE SKINNY”

Cyber espionage activity related to the initiative will likely include the emergence of new groups and nation-state actors. Given the range of geopolitical interests affected by this endeavor, it may be a catalyst for emerging nation-state cyber actors to use their capabilities.

Attribution and accountability are two of the biggest sticking points when it comes to winning the war in cyberspace. Without risks and repercussions for malicious activity carried out on the internet, attackers will keep attacking and organizations will keep getting breached.

So, is all lost and can nothing be done against what seems to be an onslaught of never-ending cyberattacks coming our way? Not so fast, and let’s not get down on ourselves. Yes, there are effective measures that can be used for pushing back on such attacks, but the bigger question is this: Are businesses truly prepared to face the music and invest in comprehensive InfoSec and cybersecurity resilience measures? We can only hope.

Talk is cheap, as the old saying goes, but businesses will need to step up to the plate and hit a grand slam in terms of investing in information security strategies that work. This means acquiring proven security tools and solutions, hiring competent and well-qualified I.T. personnel, training employees on current and emerging security issues, and more. But more than anything, businesses need an about-face change when it comes to security. This is not a start and stop strategy, a one-and-done sce-nario that’s turned on and off like a light switch. This is about a true culture change whereby security is engrained into the mindset of the organization. Implementing information security, the “right” way will have profound benefits for years to come, no question about it.

Businesses can spend all the money they want on industry leading security tools and solutions, but without a “security first” mindset, one’s information security and cyber resilience programs are dead on arrival. I’ve heard countless stories of organizations investing heavily in high-priced network security tools, only to find these products sitting on standby gear as they’ve failed to be implemented at all. And with a tight labor market where well-qualified, highly-experienced security & compliance professionals are hard to come by, challenges will continue to mount for organizations.

Regardless, buying security products and doing nothing with them, well, that’s not security, that’s nothing but a waste of hundreds of thousands of dollars.

Changing the corporate culture is the very first – and most important element – when it comes to protecting organizational assets from growing cyber-attacks. Train your employees on emerging security issues, threats, trends, and best practices. Make security a priority with every new-hire in terms of training. Bring in experts from the outside for helping educate your employees.

3

THE SKINNY: CYBER ATTACKS WILL CONTINUE TO GROW

Breaches are on the rise and will continue to

grow.

Hackers are good at what they do, and getting

better all the time.

There are effective measures that can

be used for pushing back on cyber-attacks.

Changing the corporate culture is the very first

element when it comes to protecting your assets from

growing cyber-attacks.

4

#2Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. And ransomware attacks are growing more common with each passing day. Just ask City Hall in Atlanta, GA how damaging ransomware attacks can be. The City of Atlanta spent millions fighting an attack that was now believed to be perpetrated by two Iranians thousands of miles away.

Some of the more notorious examples of ransomware include the following: GrandCrab, Petya, Locky, WannaCry, and zCrypt. As for GrandCrab, it was discovered in late January, 2018, accepts Dash crypto-currency, and is based on ransomware-as-a-services model in that it essentially shares profits between criminals. To date, the developers of GrandCrab are quite active indeed, having put forth numerous versions of this ransomware.

I could write for days about the never-ending types of ransomware flooding the Internet, but what’s more important are the steps and strategies to take for preventing such an attack. First and foremost, ensure your systems are running a current version of anti-virus and anti-malware software.

Ransomware will be on the Rise

SKIP TO “THE SKINNY”

Second, invest in any number of anti-ransomware tools, such as the following:

There you have it – a great set of anti-ransomware tools – many of them free of charge – for keeping your systems and data safe and secure from today’s growing cybersecurity threats.

5

THE SKINNY: RANSOMWARE WILL BE ON THE RISE

Ransomware is on the rise and the attacks are becoming more

and more severe.

Trend Micro Lock Screen Ransomware Tool

Avast Anti-Ransomware Tools

ZemanaAntimalware

HitmanPro.Alert Kaspersky Anti-ransomware Tool

Webroot SecureAnywhere Antivirus

McAfee Ransomware Interceptor

CyberSight RansomStopper

BitDefender Anti-Ransomware

The vast majority of businesses do not have adequate security

tools in place to combat ransomware.

There are a number of high-quality, cost-effective,

and easy-to-implement anti-ransomware tools.

6

#3AI – also known as “Artificial Intelligence” – is intelligence demonstrated via processing by machines, particularly, computing systems. Remember the fear many years ago, “will robots replace humans”? Thankfully, that won’t happen anytime soon – or hopefully, ever – but AI is growing aggressively, becoming one of technology’s great disrupters of the new millennium. The notion that computers can learn, adapt, and improvise is a daunting thought no doubt, but it’s happening for sure, make no mistake about it.

Do we all remember the Terminator played by Arnold Schwarzenegger in the 1980’s & 1990’s? As each new sequel came out, a more advanced “Terminator” came to life, a human-created machine that was ultimately able to think and make decisions for itself. Scary, hey? Well, we’re not there yet, but one of the biggest concerns with AI is the ability for machines to think for themselves.

According to Guy Caspi of Deep Instinct, “Autonomous cars like Google’s (Waymo) are already using deep learning, can already raid obstacles in the real world...so raiding traditional anti-malware system in cyber domain is possible.”

Nicole Eagan, CEO of cybersecurity firm Darktrace, notes that “We’re still in the early days of the attackers using artificial intelligence themselves, but that day is going to come...And I think once that switch is flipped on, there’s going to be no turning back, so we are very concerned about the use of AI by the attackers in many ways because they could try to use AI to blend into the background of these networks.”

AI will Accelerate,and so will the Attacks

SKIP TO “THE SKINNY”

THE SKINNY: AI WILL ACCELERATE, AND SO WILL THE ATTACKS

AI has huge potentials, and huge concerns also.

There’s no turning back as AI will become a fixture in society.

Serious concerns regarding AI security are now being discussed, so now’s the time to be “in the know”

about Artificial Intelligence.

7

#4In the not so distant past, the term cyber insurance was about as foreign a concept as anything in business. After all, businesses had general liability policies, error and omissions policies, and other coverage, so why cyber insurance? Fast forward to 2019 and cyber insurance has now become an essential safeguard in the world of information security.

"The prevalence of high-profile breaches over the past year is only accelerating the process of companies investigating cyber-insurance," according to Michael Bruemmer, vice president at Experian Data Breach Resolution, noting that more of Experian’s clients are opting for cyber-insurance than ever before. "The greater awareness and interest in cyber-insurance started about two years ago, but certainly this has accelerated because of the recent large breaches."

Here are some expert tips when looking to obtain cybersecurity insurance for your business, as noted by bankinfosecurity.com:

Cyber Insurance will Become a Norm

SKIP TO “THE SKINNY”

Breaches can lurk for weeks, months, even years, before they are found, so it’s important to have a cybersecurity policy that provides such coverage. There are policies that extend back as far as 10 years, according to insurance expert Gregory Podolak, at Saxe Doernberger & Vita law firm.

Look for Retroactive Coverage:

Sean Hoar, member of the privacy and security team at the law firm Davis Wright Tremaine LLP, cautions policy holders when it comes to choosing their vendors and legal counsel, if a breach occurs. "I have had a number of existing clients who didn't realize their cyber-insurance policy limited their choice of legal representation," he says. "They were shocked and disappointed to find they had to engage unknown third-party counsel or pay out of pocket for all legal services related to the data breach or compromise."

Furthermore, Hoar notes that “When drafting the policy, organizations should ensure they have the right to select the forensics organizations, advisers and public relations firms they want as well, Berk says. "You want to be able to select your vendors."

Choosing Vendors and

Legal Counsel:

Because employers generally allow employees to use their own devices (i.e., laptops, home computers, cell phones, tablets, etc.) for work, make sure your cybersecurity policy covers breaches related to such devices. According to Lon Berk, a partner at the law firm Hunton & Williams, "You don't want the definition of a computer system [in the policy] to just be a computer system owned by the organization, because [employee-owned] devices might [be the cause of the breach].”

Get Coverage for Employee-owned

Devices:

8

Word to the wise – not all cyber insurance is the same, so make sure you find policies that will cover SPECIFIC instances relating to cybersecurity, such as data breaches, insider attacks, and other growing threats. Going cheap on cybersecurity can cost you – big time – so buyer beware.

THE SKINNY: CYBER INSURANCE WILL BECOME A NORM

Don’t have cybersecurity insurance? Now’s the time to start looking and

for some very obvious reasons.

With the growth in data breaches, companies need to start

looking at obtaining “quality” cybersecurity insurance.

Do your due-diligence for ensuring your cybersecurity coverage meets

your needs.

9

#5For years, we all worried about external threats to one’s environment. The DoS and DDoS attacks. The hackers trying to force their way into networks from thousands of miles away as they attack without notice. The droves of spam that saturate emails with malware links. Well, those threats abound, are alive and well, causing havoc for unsuspecting victims.

Yet what’s also taking shape are growing insider threats. Call it the enemy within, which means you’re now fighting a new kind of war – the war within. That’s right, businesses now have to look inside to nefarious employees and contractors who can create just as much damage – often more damage – than the well-known external threats. As to the types of insider threats, they’re plentiful, and growing by the day in sophistication and regularity. In fact, insider threats are now so rampant that businesses are investing heavily in Data Loss Prevention (DLP) techniques.

An insider is essentially anyone who has been given access to information and other assets for which outsiders do not have. This can be logical access to information systems, along with physical access to assets. According to the Information Security Forum (ISF), an independent, not-for-profit association of leading organizations from around the world, there are three (3) types of insider threat occurrences: Malicious, Negligent, and Accidental.

Insider Threats will be Bigger than Ever

SKIP TO “THE SKINNY”

What makes insider threats so difficult is that you start off as a business with the hope that every employee is ethical, honest – hoping to do all they can for helping a company succeed. Unfortunately, that’s not reality, and you also can’t pick and choose the bad apples once they’re hired. Think it can’t happen to your business, think again, as it’s happened to countless businesses all across the country.

10

THE SKINNY: INSIDER THREATS WILL BE BIGGER THAN EVER

Insider threats are going to continue to grow, unfortunately.

Now’s the time to invest in Data Loss Prevention (DLP) tools

and techniques.

Internal employees are now just as dangerous – potentially even more

so – than external hackers and other threats.

RSA Data Breach: Ironic that a data breach happened with one of the world’s leading security firms, RSA. The breach occurred when phishing emails were sent out over a two-day period with the subject line titled, “2011 Recruitment Plan”. This resulted in at least one employee (it only takes a single user to bring malware into a business!) opening the attached MS Excel file, which ultimately contained a zero-day exploit that installed a back door through an Adobe Flash vulnerability.

A zero-day exploit is a computer attack that occurs on the same day that the actual weakness is discovered in the software. Basically, a zero-day attack is the number of days a software provider has known about the problem and should fix it, which is zero. Hackers often are aware of the exploit for months, but nobody else, thus they can attack for extended periods of time before the issue is found.

Here’s a few notable, high-profile insider attacks:

11

#6Phishing attacks are a type of social engineering attack often used to steal a wide-range of user data, ranging from passwords to credit card numbers, and much more. A phishing attack happens when someone is masquerading as a trusted entity, effectively tricking an unsuspected victim into opening an email, a text message or some other form of electronic communication. The victim then clicks on the link, and this is where the attack essentially goes from bad to worse as malware then infects a user’s computer, often spreading to other systems, especially if that user is on a company network.

The attacks are becoming more sophisticated, and more damaging, unfortunately. Some of the more notable phishing attack strategies – and real-world examples – include the following:

Phishing Attacks will Continue to Grow

SKIP TO “THE SKINNY”

How closely do you look at a URL or images within a website for a major provider of services? Probably not close enough as an untold number of computer users continue to fall victim to look-alike websites that are nothing more than well-designed fraudulent websites aimed at stealing your information. A number of well-known U.S. businesses are often the target of look-alike websites in terms of fraudulent sites being served up to unsuspecting victims as the official website, so be careful what you click on!

Look-Alike Websites:

If you don’t log in to update your personal information, your account will be de-activated. That’s the general message used as a scare tactic to get you to click on a link by fraudsters initiating one of the more commonly executed phishing attacks.

A De-Activation Notice:

Also known as Advance Fee Scams, Nigerian Scams essentially involve a criminal overseas offering an individual a substantial amount of money on the condition you assist them in transferring money out of their country. While they technically originated in Nigeria, they now come from all over the globe. The emails are often written poorly with bad grammar, regardless, people fall victim to this scam all the time. Think smart people don’t fall victim to Nigerian scams? Think again as csoonline.com ran an online article on November 2, 2017 titled “15 real-world phishing examples — and how to recognize them” and how CEO’s, even Nobel Peace Prize winners – fell victim to Nigerian scams.

Nigerian Scams:

There’s been a rash of fraudulent scammers sending emails and making phone calls claiming they’re any number of federal agencies. Received a call from an IRS agent stating someone is about to seize your property and freeze your bank account if you don’t pay an exorbitant fine? You may laugh, but literally tens of thousands of U.S. taxpayers have fallen victim to this scam, and many others.

The Feds are Looking for You:

12

THE SKINNY: PHISHING ATTACKS WILL CONTINUE TO GROW

A phishing attack happens when someone is masquerading as a

trusted entity, thereby tricking an unsuspected victim into opening an

email, a text message or some other form of electronic

communication.

Phishing attacks are becoming more common, more sophisticated, and

more damaging.

There are a wide-range of phishing attacks, from look-alike websites to

online scams, and more.

Employees are not properly trained to identify such attacks.

Phishing scams also include fraudulent tech support emails and phone calls asking you to provide login information, or even worse, to download a certain type of software onto your computer. Falling for these scams often results in malware being placed onto your computer – and once again, if you’re connected to a larger network, then the malware can spread and create true havoc.

“Hi, this is Tech Support, we Need your

Login Information”:

There’s a lot to like about Craigslist – it’s free (for the most part), you can find almost anything you need, from puppies to ironing boards, even a great deal on a used car, and it can be downright entertaining. But it’s also a double-edge sword in that scammers love to troll Craigslist, putting up ads for any number of fraudulent and devious scams.

Scams on Craigslist:

This is one of the worst types of scams in my book as honest people are giving their hard-earned money away to fraudsters who claim they have a medical illness, need desperate financial assistance, or any other type of concocted scam. GoFundMe – and other fundraising sites – have been in the news quite a bit lately due to a number of high-profile scams that have caught the attention of the media.

GoFundMe Scams:

Think the digital giants are immune to fraudsters and phishing scams? Well, think again as Facebook and Google fell victim to a scam by Evaldas Rimasauskas, a 48-year-old Lithuanian who fabricated email addresses, invoices, and other business information to masquerade as Quanta Computer – a hardware supplier based in Taiwan that often works with large tech companies. This was a stunning display of phishing brazenness that duped even the savviest of tech companies.

Major Scam in the Millions

Scammers are now moving into SMS text phishing scams, a natural outlet considering almost everyone these days has a cell phone. And yes, people fall for SMS scams all the time. Some want payment for a service never performed. Some request a donation for a fraudulent charity. And some result in a malware being inserted on to your device after clicking on the link. Be suspicious of any text message requesting a payment and offering a link. Chances are it’s a scam.

SMS Phishing:

13

#7Are you familiar with today’s regulatory compliance mandates – PCI DSS, HIPAA, GDPR, SOC 1/SOC 2/SOC 3 audits, and more – if not, then now’s the time to get up to speed. Annual regulatory compliance commitments are costing businesses both time and money, and with no end in sight, businesses need to be better prepared in understanding, planning, and implementing ongoing compliance needs and commitments.

Here’s the short list of what I call the heavyweights of regulatory compliance – the most commonly requested regulations, frameworks, and standards throughout North America:

Regulatory Compliance is Just Getting Warmed Up

SKIP TO “THE SKINNY”

Health Insurance Portability and Accountability

Act (HIPAA)

General Data Protection Regulation (GDPR)

Payment Card Industry Data Security Standards (PCI DSS)

ISO 27001/27002 HITRUST SOC 1/SOC 2/SOC 3 Reporting

Federal Information Security Modernization Act (FISMA)

THE SKINNY: REGULATORY COMPLIANCE IS JUST GETTING WARMED UP:

Businesses are being hit hard with a seemingly never-ending wave of

regulatory compliance.

Compliance is costing businesses both time and money

– and lots of it.

Businesses need to be on the search for a competent, well-trained

compliance officer.

14

#8Speaking of compliance, one of the biggest, most monumental data privacy laws ever to hit the entire globe is the General Data Protection Regulation, simply known as the GDPR. Sure, there’s an already laundry list of legislative rulings in place that have resulted in notable financial and operational burdens on businesses in the U.S. – HIPAA, Sarbanes-Oxley, PCI DSS, GLBA, and more – and GDPR now becomes yet another strict regulation in what’s becoming an increasingly long-line of compliance rulings. GDPR compliance for U.S. companies has hit our shores, so it's time to get serious about data privacy and security, and this has businesses worried.

Here's the skinny for U.S. Businesses. If you store, process, and/or transmit personal information for EU data subjects, then you have to be GDPR compliant, which means the following:

An answer of yes, or even a slight hint or acknowledgement that your business may support such activities relating to personal data of EU data subjects will ultimately require some form of compliance with the GDPR.

The GDPR Will Continue to Expand its Global Footprint

SKIP TO “THE SKINNY”

Allow customers to view, modify, and/or delete their

personal information.

Provide notice of data breaches within 72 hours.

Make data policiestransparent.

Put in place a Data Protection Officer (DPO) in some cases.

Follow the “privacy by design” principles.

Develop robust information security & operational policies,

procedures & processes.

THE SKINNY: THE GDPR WILL CONTINUE TO EXPAND ITS GLOBAL FOOTPRINT

The GDPR is impacting businesses in all corners of the globe,

not just the EU.

North American businesses are realizing that GDPR compliance

is essential.

If you store, process, and/or transmit personal information for EU data

subjects, then you have to be GDPR compliant.

15

#9The cyber bad guys are always on the move, doing all they can to find new and innovative ways for stealing data. Fortunately, technology companies aren’t sitting idle.

Next Generation Security Tools & Solutions are Heading Your Way

THE SKINNY: NEXT GENERATION SECURITY TOOLS & SOLUTIONS ARE HEADING YOUR WAY

Scores of next generation security tools are coming.

Such tools will be doing battle against IoT, AI, and other emerging technologies.

A wave of new security tools & solutions are headed our way, & we’ll need them to continue to do battle with the ever-growing cybersecurity threats. A number of next generations security solutions will no doubt focus on the growing threats associated with ransomware, the Internet of Things (IoT) and Artificial Intelligence.

“Cyber defenders have been researching and working on their machine learning/AI/deep Learning for a long time. We expect over the next 5 years that these technologies will also empower adversaries to create more powerful and elusive attacks through a new generation of tools, tactics & procedures," according to David Capuano of BluVector. SKIP TO “THE SKINNY”

In the next 5 years, new technology will empower adversaries to create

more powerful and elusive cyber attacks.

16

#10The two (2) heavyweight cloud players, in terms of businesses adopting cloud platforms, are Microsoft Azure and Amazon AWS (with Google GCP also a viable entity), and they’re experiencing unprecedented growth, and will continue to do so in 2019, and beyond. Businesses want reliability, scale, ease-of-use, and also security, and that’s what they’re getting with the likes of Azure and Amazon.

No more costly data center deployments with dozens of high-paid network engineers cabling wires. No more tedious procurement measures for installing and de-commissioning rows of servers and other supporting devices. With just a click-of-the mouse, virtually (no pun intended!) anyone can set up a network in today’s cloud environments.

The Cloud will Continue to Grow Aggressively

SKIP TO “THE SKINNY”

So, is it really a surprise to the see adoption of cloud environments skyrocketing like they are? Not really – but the growth sees no end, and within a short period of time, the vast majority of businesses will have some or all of their development and production environments resting nicely and safely in the cloud.

True, most of what happens behind-the-scenes at Azure, AWS, and Google GCP we know very little about, but we are given a glimpse into such environments with an endless list of white papers, compliance audits, and other technical documents.

Also, remember that the trio of Azure, AWS and GCP are some of the wealthiest, most well-funded organizations in the world, and with massive revenues relying on their cloud environments, you better believe they’re spending a fortune in terms of security and privacy.

That’s not to say security should be an afterthought – not at all – as access to one’s cloud console by the wrong individual can turn into a security nightmare of epic proportions. Someone can very easily delete server instances, make unauthorized configuration changes – even worse – close down the entire environment with just a few clicks of the mouse. With so much at stake, it’s important that login credentials are closely monitored at all times. Cloud Service Providers (CSP’s) such as Azure, AWS and Google GCP all essentially run on what’s known as a Shared Responsibility Model. Specifically, the CSP is responsible for certain things, you the customer, are responsible for certain things, and then both the CSP and you the customer share a number of responsibilities.

17

THE SKINNY: THE CLOUD WILL CONTINUE TO GROW AGGRESSIVELY

Businesses are migrating to the crowd at record pace.

Amazon AWS and Microsoft Azure are experiencing

massive growth.

Cloud security concerns are heavy on the minds of executives as their data is now living outside of their

physical environment.

Now, let’s take a look at some statistics for further evidence of the explosion of cloud computing, according to Forbes Four Trends in Cloud Computing CIO Should Prepare for in 2019:

Subscription based software-as-a-service (SaaS) will grow at an 18% CAGR by 2020,

according to Bain & Company.

18%Investment in platform-as-a-service (PaaS) will

grow from 32% in 2016 to 56% in 2019, making it the fastest-growing sector of cloud

platforms, according to KPMG.

56%

83% of enterprise workloads will be in the cloud by 2020 -- 41% of enterprise workloads will run on public cloud platforms, while another 22% will be running on hybrid cloud platforms.

83% 41% 22%The infrastructure-as-a-service (IaaS) market is predicted to reach $72.4 billion worldwide by

2020, according to Gartner.

$72.4B

18

#11

The very fabric and way of life for which we as Americans have come to rely on – and take for granted – is America’s critical infrastructure, and its overall protection. Critical Infrastructure Protection (CIP) – as it’s generally called – has become fundamentally important in today’s world of growing national security threats.

Imagine waking up every day and your morning brew of coffee can’t be had because the electrical grid was knocked out by terrorists? Imagine going to an ATM and trying to pull out $200 for taking your wife and children to lunch and movies, only to find the entire banking system on the Eastern part of the United States had been attacked and brought down?

Imagine something even simpler – not being able to turn on your kitchen faucet for a much-needed glass of water, unable to flush your toilet, or even close the garage door? Life would become quite hectic, to say the least, and unfortunately, such scenarios are highly realistic and likely in the near future, so it’s time Americans took notice of the threat landscape, and ultimately, what it takes for all of us to protect America’s critical infrastructure.

America’s Critical Infrastructure will be a Prime Target

SKIP TO “THE SKINNY”

19

THE SKINNY: AMERICA’S CRITICAL INFRASTRUCTURE WILL BE A PRIME TARGET

America’s critical infrastructure is under ferocious attack from hackers and other nefarious

cyber-criminals.

Current security frameworks and compliance requirements are

failing to address growing cybersecurity threats.

The attacks will no doubt increase in the coming years.

A 2018 Government Cybersecurity Report issued by Security Scorecard noted the following:

“Throughout 2018, significant security weaknesses in federal, state, county, and municipal government agencies have left mission critical services, such as court systems, municipal utilities, bill payment services, traffic control systems, power grid systems, and voting registration infrastructures susceptible to cyberattacks.

The recent disclosures of successful attacks against governments and related critical infrastruc-tures in mainstream news media have solidified the public perception of the importance of cybersecurity risk management. Attackers motivated by profits have been using ransomware as their tool of choice to target enterprises in both the public and private sectors.

The ultimate result of all these factors is a tangled web of legacy web applications, legacy network software, exposed network services, slow patching implementations, and a new vector of access and attacks through IoT devices – leaving government agencies defending their infrastructures and applications with a difficult task.”

The 2018 Government Cybersecurity Report concluded by noting how governmental agencies need to do all they can in decreasing exposure, improving threat detection, accelerating incident response measures, along with other additional initiatives. It’s ironic, rather ominous, how the very industry we rely on for protecting our nation has one of the weakest information security frameworks in place when it comes to cybersecurity defenses.

20

#12Profits always seem to take precedent. Hey, that’s capitalism, right! Unfortunately, in today’s world where emerging cybersecurity threats are creating immense challenges, security needs to be front and center, and it’s often not. Businesses are scrambling to design, develop, and deploy to the market an ever-growing list of new technologies – and that’s great – but what about security?

Security Will be Lacking in New Product Launches

SKIP TO “THE SKINNY”

THE SKINNY: SECURITY WILL BE LACKING IN NEW PRODUCT LAUNCHES

Businesses are about making profits, and security is often secondary in thought, unfortunately.

21

#13One of the most fundamentally important initiatives for helping secure information systems is patching. Specifically, applying security and patch updates to operating systems and applications is absolutely essential, yet untold numbers of businesses are missing the mark on this, unfortunately.

There’s a reason Microsoft, UNIX, Linux and dozens of other major software vendors provide security updates – and no, it’s not to make your life miserable – it’s to correct serious security issues that can be exposed by hackers and other nefarious individuals. How important is patching? Important enough that a number of high-profile breaches happened due to operating systems and applications not being patched for months – even years – after updates were available!

Organizations will Fail Miserably – once again – in Applying Security Patches

SKIP TO “THE SKINNY”

THE SKINNY: ORGANIZATIONS WILL FAIL MISERABLY IN APPLYING SECURITY PATCHES

Patching is one of the most fundamentally important initiatives for securing information systems.

Take for example, in 2017, where a massive ransomware attack essentially shut down work at more than a dozen hospitals across the United Kingdom. According to researchers, the attack made use of an exploit called EternalBlue, believed to have been developed by the NSA to break through Windows security. Microsoft issued an update to protect against the vulnerability more than a month before the Shadow Brokers made it public, unfortunately, the update didn’t make it to every Windows machine, thus many systems were left unpatched.

Patching is one of the most overlooked security practices.

Massive data breaches have occurred – and will continue to – because of the

lack of security patches.

22

#14While the importance of cybersecurity continues to be preached by all corners of the InfoSec world – and while breaches continue to happen – organizations will still fail to spend money on the resources they need. And keep something in mind – spending and investing in security tools is a two-fold process. First, you need to bring the best and brightest employees on board. Second, those employees need to be armed with the very best security tools and solutions. You really can’t have one without the other – they do go together.

Organizations will Fail to Invest in Necessary Security Tools

SKIP TO “THE SKINNY”

THE SKINNY: ORGANIZATIONS WILL FAIL TO INVEST IN NECESSARY SECURITY TOOLS

Another example of security often taking a backseat to profits is that

businesses are still reluctant to spend on tools and solutions.

Now, understandably so, this can be a challenge with an extremely tight labor market for which employees are becoming harder and harder to come by.

Additionally, many organizations just don’t like to spend money unless they can see a direct ROI. I can talk for days about the ROI of spending and investing in security tools, regardless, I also find that if C level executives don’t see the direct ROI, then the conversation dies. This is a big problem, and it needs to change.

If businesses cannot see a direct ROI – in their eyes – they often will not

spend the money.

Businesses and their employees need to be armed with the very best security tools and solutions.

$VS

23

#15The “Human Element” is the single most fundamentally important aspect when it comes to securing an organization’s assets. And that’s because no matter how much money you spend on the latest, greatest, next-generation security tools and solutions, they’re absolutely meaningless if you don’t have well-trained employees.

SANS, one of the world’s most respected organizations in terms of offering information security information, notes that “One of the greatest threats to information security could actually come from within your company or organization. Insider ‘attacks’ have been noted to be some of the most dangerous since these people are already quite familiar with the infrastructure. It is not always disgruntled workers and corporate spies who are a threat. Often, it is the non-malicious, uninformed employee. One of the best ways to make sure company employees will not make costly errors in regard to information security is to institute company-wide security-awareness training initiatives that include, but are not limited to classroom style training sessions, security awareness website(s), helpful hints via e-mail, or even posters. These methods can help ensure employees have a solid understanding of company security policy, procedure and best practices”.

Organizations will (hopefully!) Continue to See the Benefits of Security Awareness Training

SKIP TO “THE SKINNY”

Security awareness training is still one of the very best measures for helping businesses protect themselves from

growing cybersecurity threats.

Security awareness training is cost-effective, doesn’t take much

time, and yields enormous benefits.

The vast majority of employees are unaware and uninformed when it

comes to cyber threats.

You don’t have to spend a king’s ransom on security awareness training as dozens of cost-effective providers offer great material that’s very useful in terms of comprehensive InfoSec and data privacy training. In fact, there are numerous websites that offer free security awareness training materials, so just do a quick Google search and you’ll be surprised at what you find.

THE SKINNY: ORGANIZATIONS WILL CONTINUE TO SEE BENEFITS OF SECURITY AWARENESS TRAINING

24

#16A security first mindset will hopefully – finally, once and for all – begin to truly sink in for businesses. One would think that after the onslaught of recent high-profile data breaches, businesses will take a new and hard look in protecting their assets.

Even with that said, a recent report from the National Cyber Security Alliance revealed that nearly 60 percent of small businesses will close within six months after experiencing a cyber-attack. With cash flow limited and resources pushed to the limit, do you really think that a small business has a cyber security team on hand sitting around and waiting to respond to a cyber- attack? Unfortunately, no.

Regardless, the stakes couldn’t be higher as growing regulatory compliance mandates, along with strict penalties for data compromises, are now affecting untold numbers of businesses. What does a security first mindset mean? It means much more than talking about security, it’s about the doing. Specifically, it’s about hiring the right people, securing the best tools, implementing security awareness training. It’s about everything related to ensuring the safety and security of your assets as a business.

This requires a culture change within organizations, no question about. Companies are driven by profits, market growth, expanded revenues – all the things that make the capitalistic engine thrive. And that’s great, but companies can also be obliterated with a click-of-the mouse by any number of cybersecurity threats. It’s time for the gloves to come off when it comes to cybersecurity defense strategies, which means it is time to change the corporate culture, and now!

Organizations will (hopefully!) begin Embedding a True Cybersecurity Mindset

SKIP TO “THE SKINNY”

A security first mindset is about hiring the right people, securing the best

tools, implementing security awareness training.

It’s about everything related to ensuring the safety and security of

your assets as a business.

Here’s a shocking statistic: Nearly 60 percent of small businesses will close within six months after experiencing

a cyber-attack.

THE SKINNY: ORGANIZATIONS WILL BEGIN EMBEDDING A TRUE CYBERSECURITY MINDSET

60%

25

#17If 2018 was a tight labor market, then expect 2019 to be even tighter. According to Forbes magazine, “The labor market is tight right now, and this is the biggest challenge business leaders face today. And I’ve got bad news for you: It’s not going to get better anytime soon.” According to Bill Conorly, contributing editor to Forbes, “As I go around the country speaking about the economy and labor markets, I’m also listening to business leaders as well as managers of non-profits and government agencies. They are telling me that hiring is hard and turnover is high. This is a problem you’ll be living with for years.”

Technology professionals know that they can command heavy salaries. They also know they can find a job within weeks – even as short as a few days – if they decide to jump ship for any number of reasons. Some companies are getting very creative in hiring, and most importantly – retaining employees. Stock options, significant bonuses, expanded pay – whatever it takes to get the right employees on board, and keep them – is now the new norm for many companies.

Well-Qualified IT Personnel will be Hard to Come by

SKIP TO “THE SKINNY”

A tight labor market is getting tighter when it comes to finding

well-qualified, experienced I.T. personnel.

Organizations will need to get savvy and creative in hopes of hiring – and

retaining – the best possible I.T. personnel they can find.

THE SKINNY: WELL-QUALIFIED IT PERSONNEL WILL BE HARD TO COME BY

Here's some more alarming information. According to FireEye’s publication, Facing Forward, Cyber Security in 2019 and Beyond:

“According to various industry estimates, there are two or three million cyber security jobs that will go unfilled by the year 2020. While the numbers vary by study, the point is that if you take every single person in every computer science major in the U.S., that’s still not enough to fill every open cyber security position. And we know most of those people will choose another field and won’t end up working in cyber security.”

What is cyber espionage? Cyber espionage is a form of cyber-attack resulting in the theft of highly confidential, classified, and/or sensitive data or intellectual property to gain an advantage over a competitive company or government entity. Specifically, espionage, according to Merriam-Webster, is “the practice of spying or using spies to obtain information about the plans and activities especially of a foreign government or a competing company.

Just how big of a problem is cyber espionage? Well, let’s look at China, one of many countries engaging in cyber espionage against the United States. “There is a concerted effort by the government of China to get into the business of stealing economic secrets to put into use in China to compete against the U.S. economy,” according to Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee.

26

#18 Cyber Espionage Threats Will Rise Significantly

SKIP TO “THE SKINNY”

China, Russia, Iran, North Korea – and others – are engaging in cyber espionage and want your data at

almost any cost.

Cyber espionage attacks will continue to grow at an alarming rate.

THE SKINNY: CYBER ESPIONAGE THREATS WILL RISE SIGNIFICANTLY

According to Adam Segal, a China Expert and Senior Fellow at the Council on Foreign Relations. “While China's economic growth has been rapid and amazing over the last 30 years, the Chinese are afraid that they're going to get stuck in a technology trap…The Chinese feel that they have to rely on the West — and Japan — for critical technologies.”

Additionally, according to Segal, “They are spending more on research and development and science as well as training more engineers and scientists,” Segal goes on to say. “But there's also a fairly widespread espionage plan put in place that's going after critical technologies.”

We are at war, no question about it, though maybe not in the traditional sense with infantry, guns, tanks and airplanes. The new war is the war on cybersecurity, so call it what you want – cyberterrorism, cyberwarfare, or any other name that’s commonly being used – but make no mistake, it’s here, and here to stay. The national security implications are monstrous – and that’s putting it lightly – especially when it comes to America’s critical infrastructure and the threats these sectors face.

Imagine a collapse of our banking system because of a cyber-attack? Imagine the dangers posed by harmful chemicals that found their way into our drinking water? How about no electricity for days, weeks – even longer – all because of a cyberterrorist attack that destroyed a power company’s SCADA systems? No, it’s not science fiction, these are scenarios that are very, very real and could – and probably will – happen one day. Society has ushered into a whole new paradigm where technology has completely transformed the world as we know it.

Almost everything we do in society relies on a complex web of computers and networks running sophisticated algorithms at lightning speed. The money from the ATM. The gas from the fuel pump. The tickets you just purchased for that much-needed vacation to Cancun. All of it relies on computers, and all of it is susceptible to cybersecurity attacks.

So, what does this mean for your business? Doom and gloom and more ominous news about cybersecurity and the coming cyberwars No! It means for CEO’s who have the knowledge & insight for using cybersecurity as their competitive advantage, there’s a huge upside – increased prices, customer retention, leads, and closure rates. The end-result is a substantial increase in business profits – big time.

27

#19 National Security Implications will be Front and Center for America

SKIP TO “THE SKINNY”

America is under attack as a new world emerges full of growing

cyber threats.

We live our lives fully dependent on a complex system of interconnected

computing systems.

THE SKINNY: NATIONAL SECURITY IMPLICATIONS WILL BE FRONT AND CENTER FOR AMERICA

The new war is the war on cybersecurity. Call it what you want – cyberterrorism, cyberwarfare, or any other name that’s commonly being used – it’s here, and here to stay.

For CEO’s and business owners who truly can see the opportunities with cybersecurity, the sky’s the limit. Greater market share, increased profits, longer customer retention periods – it’s all possible when you begin to see cybersecurity as your new competitive advantage. Stop running and start winning with cybersecurity. Learn more today from Charles Denyer.

28

#20 Cybersecurity is Your New Competitive Advantage

If you can be one of those few companies that willingly embrace cybersecurity, you’ve got a competitive advantage in your

industry that very few businesses – if any – have.

About Charles DenyerCharles Denyer is a best-selling author, in-demand speaker, and one of the world’s foremost experts in cybersecurity, data privacy, regulatory compliance, and domestic national security issues.

He’s helped thousands of businesses throughout the world in designing and implementing a wide-range of information technology & cybersecurity solutions. And he’s helped these very businesses grow by identifying their niche, launching new services, and ultimately obtaining a true competitive advantage in the marketplace.

Charles works with CEO’s, entrepreneurs, business owners – anyone with a true passion for securing & growing their company in today’s challenging & complex business arena.

Charles has over two decades of real-world experience with information technology, cybersecurity, data privacy, regulatory compliance, national security & other related issues. Charles also consults regularly with top political and business leaders including former Vice Presidents of the United States, Secretaries of State, ambassadors, high-ranking intelligence officials, CEO’s, entrepreneurs, civic leaders, and others. Learn more at charlesdenyer.com

Obtain a Competitive Advantage Through CybersecurityGet Started Today Want to Work with Charles? Learn About His Signature Services