Cyber risks will pose rising threats in 2020
iSpeech
Leroy Terrelonge of the Cyber Risk team discusses how cybersecurity risks are becoming a more significant issue for many rated entities. As companies and governments put more information online and cyberattack sophistication increases, more sensitive data is at risk of disclosure.
TRANSCRIPT
Cyber risks are rising globally and will likely lead to increased credit impact in 2020. My name is Leroy Terrelonge, and I’m on Moody’s cyber risk team.
Cyber risks are rising globally, and that’s happening for two main reasons. First, organizations are increasingly moving both their data and operations to computer systems, and while this brings cost cuts and greater efficiencies, it also exposes them to greater cyber threats.
Second, attack sophistication is increasing. Hackers increasingly have access to better tools, more tools, and more targets, and credit risks rise when organizations are not able to keep up with these increasing cyber threats. This can lead to business disruptions or exposure of sensitive data, and this can also have governance risks for boards of directors, trustees, and other chief executives.
Ransomware attacks will be more damaging in 2020. In 2019 there was a spike in ransomware attacks, particularly affecting US regional and local governments where those attacks more than doubled. This trend is likely to continue because enough victims are paying the ransoms to make it worthwhile for the attackers. We expect in 2020 that ransomware attacks will become more targeted and coordinated, and attackers will steal and threaten to publish data to coerce victims into paying.
Cloud implementation errors will result in more data breaches in 2020. More and more organizations are moving their operations to cloud services because of the efficiencies offered. However, human errors in setting up these services have resulted in data breaches.
Cyberattacks that leverage AI techniques will increase, and organizations will need to adapt their defenses. One example of an AI-based attack is the use of deepfakes, which is using deep learning to create fake content. In one instance, an attacker was able to steal money from a company, tricking them into sending it to a bank account by mimicking the voice of the CEO.
Finally, attacks by governments and geopolitically-motivated hackers will likely continue. Current tensions between the US and Iran have raised fears that Iranian hackers will target US organizations or those of US allies around the world.The Moody’s cyber risk team continues to monitor these developments. You can follow our progress at our cyber topics page on moodys.com.
source
Gloss