2019 will soon come to a close, and it was as eventful as ever. During the first half of the year we have already seen more than 4 billion records exposed, almost 4,000 data breaches made public and a rise of more than 50% in the number of reported breaches.
It is time for us to speculate about what 2020 will bring, to help us stay ahead of the curve and keep our critical systems out of harm’s way.
What new or improved attack vectors are we likely to see? What technologies will emerge or become more widely adopted? What steps will organizations take to combat these threats? Below is a round-up of our security predictions for 2020.
1. Secure Data Containers for BYOD
As BYOD becomes more commonplace in large enterprises, we will likely see an increase in use of ‘secure data containers’ for Smartphones and other mobile devices. A ‘secure data container’, such as Samsung KNOX, is a mobile application that creates an isolated, secure and controlled environment in which work-related operations can be performed.
2. Authentication Controls Getting Tighter
Weak authentication protocols that continue to puncture the defenses of many organizations may drive the adoption of recognition technologies. Or, at the very least, encourage more organizations to switch to multi-factor authentication. However, we may also see third-party identity providers becoming more attractive targets for cyber-criminals.
3. Shadow IT Attacks Will Increase
BYOD, with all of its benefits, has led to an increase in the use of unauthorized cloud services, hardware, or applications in the workplace. As such, we will likely see an increase in the number of attacks on “Shadow IT”. Shadow IT results in a lack of visibility and control, which in turn results in an increase in the number of security incidents.
4. IoT Under Attack
We will see an increase in the number of attacks on IoT devices, with medical devices being a prime target. In 2019 we saw 300% increase in cyberattacks on IOT devices, largely due to an increase in the number of IoT devices being used across the globe. These days nearly all healthcare organizations use IoT devices for some purpose or another. However, a lot of these devices, such as insulin pumps, pacemakers and heart monitors, are more vulnerable to attack than regular computers as they lack the built-in risk prevention tools that come with most operating systems.
5. Ransomware Attacks Continue
We can’t have an article about security predictions without mentioning good old ransomware. Yes, it’s more than likely that ransomware attacks will continue to rise, and they will continue to become more targeted.
6. Phishing Attacks Continue
Phishing attacks will continue to evade security measures. In 2019 we saw a 25% increase in the number of phishing emails that successfully bypassed perimeter defenses and made their way to the inboxes of our employees, according to a recent report by GreatHorn.
7. BAS Tools Become More Mainstream
Breach and Attack Simulation (BAS) tools will be become more mainstream. BAS technologies carry out continuous and consistent cyber-attack simulations and alert IT teams of any gaps in their security posture. According to the research carried out by Gartner, BAS technologies are expected to go mainstream within the next 10 years.
8. 5G Will Bring More Threats to Security
As 5G becomes more available, it could open the door to an increased number of threats. New network architecture and software applications will be required to run the 5G networks. This will create an increase in the number of potential entry points for attackers.
9. Third-Party Contractors and Suppliers Will Be Targeted
We will likely see more attacks on third party vendors and service providers. Third-party contractors, suppliers and software developers have access to critical data, and many of these third parties may have sub-standard data security protocols in place.
10. Spend on Insider Threat Security Solutions Will Increase
Businesses are slowly but surely shifting their focus from external threats to internal threats – a trend that we will likely see more of in 2020. This is not surprising given the majority of security incidents are, in some way or another, the result of negligent or malicious insiders. Businesses will look towards comprehensive data security platforms to detect, alert and respond to insider threats in a timely and efficient manner.
11. Cybersecurity Budgets Increase Further
Between 2010 and 2018, cyber-security budgets have increased by 141% – a number that will continue to rise in 2020. With the many data breaches making the headlines, and the advent of more stringing data privacy laws, such as the GDPR, businesses are starting to take cyber-security a lot more seriously.
12. AI-Based Attacks to Increase
We’ve not seen that many AI-based cyberattacks as of yet. However, according to Mikko Hypponen, chief research officer at F-Secure, businesses could soon be defending themselves against a new order of AI attacks. We’ve already seen examples of AI-power malware, which can automatically insert email messages into pre-existing threads. It uses AI to learn and mimic the language used in the threat, thus allowing for highly customized and seemingly authentic messages.
13. Business Email Compromise to Increase
Business Email Compromise (BEC) is a social engineering technique that is used to trick unsuspecting employees and executives into transferring funds into an account owned by fraudsters. According to a recent report by the FBI, “losses related to Business Email Compromise (BEC) attacks have increased by 136% from December 2016 to May 2018”. The reason why BEC attacks are so popular is because they are easy to launch, there’s not much risk of getting caught, and they work!
14. Automation Plugs the Cybersecurity Skills Gap
The IT skills shortage will push IT teams to a breaking point, which will lead to a much greater focus on automation. However, automation brings many positives, such as faster and more efficient data collection, real-time auditing and improved analytics. In the long term, automation will help to free-up resources by carrying out repetitive, time-consuming tasks, enabling IT teams to focus on more complex, high-priority tasks.
15. Greater Focus on Data Access Management for Cloud Services
According to a survey of 400,000 members of the Cybersecurity Insiders community, data loss and leakage (64%) was the top security concern when it comes to using cloud services. In recent times we’ve seen a number of data breaches involving unsecured amazon S3 buckets. This was largely caused by a design flaw in the buckets, which allowed public access by default. Of course, it is also up to IT teams to ensure that risk assessments have been carried out before storing any sensitive data in the cloud.