2020 Cybersecurity Predictions and Resolutions for your Investment Firm
With the new year and new decade now upon us, we take a look at cybersecurity predictions and the resolutions your firm should be practicing for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
So, what will the big threats of 2020 bring to us?
Data breaches are said to dominate the threat landscape in 2020. Once a hacker can identify a vulnerability within your firm, they are able to obtain secure information of your firm and its employees. To be prepared for a security breach or cyber-attack, you must first have a plan. A response plan should be completed in advance of any type of incident. Put together a team of internal staff (e.g. IT, Human Resources, Operations, Client Service, BCP) and external members (e.g. public relations, vendors, law enforcement) that may need to be contacted if the attack cannot be contained. By formulating a plan in advance, roles and responsibilities will be clearly defined and minimize the potential for fallout. Once the plan has been completed, it should be presented in writing and easily accessible during any attack.
Password reuse and phishing attacks are predicted to skyrocket. Passwords should be changed at least every 90 days on your network, system and application passwords to prevent intruders from gaining unauthorized access. Remember: password creativity is critical, and password re-use is a big no-no.
Making sure your passwords are secure will help protect you and your firm from security breaches. Though, even when employees use password best practices, it's still possible for threat actors to steal credentials and sell them on the dark web. Realistically, most businesses don't have the expertise, resources or strategies required to effectively monitor the dark web for risk exposure. Employing a Dark Web Monitoring Service can also help reduce account takeover risk by alerting users when their credentials appear on the dark web. Just for the world's largest companies from the Fortune 500 list, one may ferret out more than 21 million of valid credentials exposed in the Dark Web in 2019, says ImmuniWeb.
According to Forbes, augmented reality (AI) will play a big factor in 2020 cyber threats. We will see an increased number of hackers use AI to scale their attacks. With the continued development of facial recognition, a big factor of our technology these days, we will begin to see government entities declaring privacy regulations on what data businesses can and cannot use. California, as of January 1, 2020, has implemented the California Privacy Law (CCPA). Californians will now have rights over the data that companies like Facebook, Google, etc., collect from them. This state law requires that companies notify users of the intent to monetize their data, and give them a straightforward means of opting out of said monetization.
As we think about these cyber threats that are constantly evolving, here are our recommended IT resolutions your firm should follow:
- Create a Cybersecurity Incident Response Plan
- Develop a Written Information Security Plan
- Create a comprehensive employee security training program
- Implement the necessary layers of defense such as Multi-factor authentication, Credential (Dark Web) theft monitoring, Phishing/social engineering training, Next-gen firewalls and IDS/IPS/SIEM
- Ensure your firm's data is backed up
- Audit your IT tools and processes
With all this in mind, if you find that this is right time to outsource any or all of your IT functions, you can contact Eze Castle Integration for a consult on how we can support your investment management firm and prepare you for 2020 and beyond. You can also check our our eBook on actionable steps on how to develop a cybersecurity incident response plan specific to your investment management firm.