Posted by Marbenz Antonio on February 22, 2023
As 2023 draws near, it’s only natural to reflect on the most significant security events of the current year and speculate on their potential impact in the coming year. The past two years have demonstrated that despite the advancements in data gathering, automated compliance operations, and SaaS technology, our world remains complicated and unpredictable.
Risk modeling professionals and analytics experts understand that we cannot accurately predict or completely control the world, but it’s crucial to prepare for the potential threats and opportunities that the upcoming year may bring. Below are three crucial risk management forecasts for 2023 that will significantly impact the risk management sector.
In 2022, cybersecurity breaches have been a widely discussed subject, with numerous notable instances gaining national attention. One such instance involves Joe Sullivan, who was in charge of security at Uber and was recently convicted of intentionally concealing a breach of customer and driver data from government regulators.
More specifically, Uber’s bug bounty program is currently facing criticism, and regulators are closely scrutinizing the ride-sharing behemoth’s practice of compensating “white hat” researchers up to $10,000 for identifying security flaws. This case has already triggered a transformation in how security experts approach data breaches, and its far-reaching impact is expected to extend into 2023.
Another recent incident that garnered attention was the FTC’s move to take action against Drizly, a company, and its CEO, Cory Rellas, for cybersecurity breaches that impacted more than 2.5 million customers. Noteworthy is that the FTC specifically singled out and penalized Rellas – a departure from their typical approach. This change in approach could signify a broader shift toward stricter enforcement by the FTC, particularly for entities that lack sufficient measures to secure and manage consumer data.
Lastly, Twitter came under scrutiny when Peiter “Mudge” Zatko, a former head of security and whistleblower, filed an 84-page complaint against the social media company. The complaint contained allegations of a wide range of cybersecurity deficiencies, including:
To say the least, these accusations were not received well, particularly given Twitter’s recent challenges since Elon Musk’s acquisition of the company in October 2022. The company’s Chief Privacy Officer, CISO, and Chief Compliance Officer have all left their positions, and the FTC is closely monitoring the tech giant. As a result of the turmoil, numerous individuals are now resigning from Twitter en masse.
A key takeaway from these incidents is the significance of conducting thorough internal assessments, as they are essential in identifying vulnerabilities in your security program and ensuring their remediation. In light of these major news stories and their real-time consequences, we anticipate a substantial surge in internal investigations with adversarial discovery in 2023. The ongoing turmoil at tech giants such as Twitter and Uber has led to significant layoffs, underscoring the profound business ramifications of cybersecurity breaches, particularly during times of economic instability.
In light of FTX’s recent downfall and the resulting economic turmoil, cryptocurrency has become a prevalent topic, even for those with minimal knowledge of the subject. Retail investors are now hastily withdrawing their investments after the once-revered cryptocurrency company, which had an initial value of $32 billion, experienced a sudden and dramatic decline in value, causing substantial losses and ripple effects throughout the market.
John J. Ray, FTX’s newly appointed CEO following the departure of founder and CEO Sam Bankman-Fried, claims that the company attempted to conceal the misappropriation of customer funds. Ray, who has previously led the cleanup efforts at Enron, conducted an evaluation of FTX’s management practices and identified deficiencies in areas such as record-keeping, system integrity, regulatory compliance, and the experience levels of senior management.
John J. Ray, FTX’s newly appointed CEO following the departure of founder and CEO Sam Bankman-Fried, claims that the company attempted to conceal the misappropriation of customer funds. Ray, who has previously led the cleanup efforts at Enron, conducted an evaluation of FTX’s management practices and identified deficiencies in areas such as record-keeping, system integrity, regulatory compliance, and the experience levels of senior management.
As if the existing security and compliance concerns were not enough to raise alarms for professionals and regulatory bodies, FTX’s problems were compounded when, just hours after filing for bankruptcy, the company reported “unauthorized transactions,” leading external analysts to suspect that the company had lost approximately $477 million in a possible hacking incident.
What are the implications of FTX’s collapse for security, compliance, and risk professionals? For starters, FTX customers may not be able to recover their assets, which could result in legal action. This type of legal battle could prompt regulatory bodies to reconsider how they monitor cryptocurrency. For example, the U.S. Securities and Exchange Commission (SEC) may view FTX’s collapse as justification for increased regulations on digital tokens and exchanges, and Congress may be more likely to pass new regulatory laws as a result.
The cryptocurrency market’s volatility and its emergence as a new frontier of economic trade have exposed regulatory and security gaps that governing bodies are still grappling with, and we anticipate the emergence of new discussions and a surge in crypto regulation in 2023.
Smaller businesses are at a higher risk of being targeted by cyberattacks, but what makes them more vulnerable? In short, they lack the financial resources to effectively counter ransomware attacks, which is why they are attractive targets for malicious actors. For instance, multi-factor authentication has gone from being optional to being essential in the past couple of years due to the pandemic, which has caused an increase in remote work and more precarious security settings.
The implementation of additional security controls requires additional maintenance processes, which results in more manual work for IT security professionals. For instance, small and medium-sized businesses (SMBs) must convert GDPR compliance requirements into actionable breach notification controls or rapidly locate CIS Control Group 3 to assist with data disposal.
To prepare for applications and renewals of their cyber insurance policies, professionals in IT, security, and risk management will need to improve their evidence collection and organization. They may also want to consider using a tool that links risks to controls, helping them determine the amount of coverage they require.
As we navigate the uncertain road ahead, one thing is clear: automating manual processes for risk management and compliance operations will be crucial for adapting to the changes ahead. The upcoming year will bring more cybersecurity audits, new crypto regulations, and greater control management, leading to heavier workloads for IT security professionals.
Organizations seeking to integrate risk management and compliance operations can prepare for the anticipated changes by exploring new tools that can simplify workflows. Adopting the right tools that enable evidence, control, and risk management in a single platform can help security and compliance teams concentrate on adapting to upcoming regulatory changes and ensuring the safety and security of the organization.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com