As several U.S. communities, and the Nation, continue to mourn the loss of innocent lives due to senseless and incomprehensible active shooter incidents—with three of four recent incidents occurring in commercial business environments—it is common for business leaders and their employees to ask “Can this happen in my community or at my office?” The answer is, unfortunately, “Yes.” A natural follow-up question may be “What would we do” and “Are we prepared to respond?” The answers to these questions are not as straight forward and heavily depends on the specific company and what proactive steps, if any, the business has taken to prepare for adverse events.

Last week, The Chertoff Group hosted the Security Series Event “AI, Threat Intelligence, and The Cyber Arms Race” which convened an exclusive group of thought leaders to discuss critical security issues facing the public and private sectors.

Below are key take-aways and trends to watch from the event. Check out the full panel to hear how experts are leveraging AI solutions to prevent, detect, and respond to adversaries attacking our critical infrastructure and the private sector.

For years, hackers have abused the registration process to obtain new domain names which they then use to orchestrate cyber intrusions. More recently, security researchers revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers through the manipulation of Domain Name System (DNS) infrastructure.  News reports from earlier this year have also indicated manipulation of DNS infrastructure in Venezuela (likely by the Maduro government) to redirect users attempting to access an opposition humanitarian aid website to a malicious page.

When the network of the internet and related systems was first imagined, those who built it had a rose-colored view of humanity. They created a cyber-world without borders and, to a very large degree, without regulation or limitation.

This network sparked the growth of a digital economy that, today, contributes to roughly one-quarter of the growth of the world’s GDP. The internet and digital economy are global in ways that we could have only imagined just a few short years ago. For service providers and most end users, the network knows no boundaries and the practical barriers to making a purchase or providing a service to a customer in another country are minimal.

In early January, The Chertoff Group released a series of predictions around key cyber threat, policy, and market trends shaping the landscape in 2019. On the tails of the RSA conference, here are our thoughts on how those predictions are faring and highlights of important trends to watch.

Privacy breaches, large-scale hacks and other security incidents have exposed critical cybersecurity inefficiencies to the public eye in the last few years. With consumers experiencing first-hand consequences of these breaches, including compromised personal data and financial losses, companies and consumers are paying close attention to cybersecurity. As the public becomes more security-conscious, these cyber market trends will dominate 2019.

2018 saw both an upward trend in data breaches coupled with public concern for federal and political security. To help organizations navigate the uncertainties of a changing regulatory landscape, The Chertoff Group spotlights the trends that will shape cyber policies in the year to come.

Hackers are constantly learning, innovating and developing new attack methods – a phenomenon that crippled and embarrassed many organizations in 2018. Data breaches rose 45 percent last year, underlining the success of hacking innovations, with healthcare and banking racking up hits and the business sector weathering more than half of all breaches.

Last night, House and Senate leaders released their draft Omnibus appropriations bill. The bill not only sets spending levels for the various Federal government agencies and departments, but also includes several important updates to the laws and policies governing lawful access to data. Among them is a revised version of The CLOUD Act, which includes changes designed to strengthen privacy protections and Congressional oversight made in response to concerns raised by civil liberties and privacy groups upon review of an earlier version of the bill.

Earlier this week, two dozen civil liberties-focused organizations, including the American Civil Liberties Union (ACLU), Center for Democracy and Technology (CDT), and Amnesty International USA, wrote to members of Congress to express their opposition to The CLOUD Act. These organizations are concerned that, if enacted, the bill would erode civil liberty protections in the United States, allowing foreign governments to circumvent U.S. legal protections while “empowering” them to engage in human rights violations. While I understand their concerns, I believe that these groups are mistaken about the impact that the act will have on civil liberty protections in both the U.S. and around the globe.

For those who have not been following The CLOUD Act, the bill aims to clarify the laws governing how law enforcement in the U.S. and other countries obtain access to data stored in the Cloud, meet the legitimate investigatory needs of law enforcement while helping to resolve the conflicts of law currently facing service providers. The act has drawn bipartisan support in Congress, as well as support from the technology community, the White House, and our allies in the United Kingdom. I’ve also expressed my support for the bill last month in the Wall Street Journal.