Forcepoint has unveiled five predictions about the cybersecurity landscape for 2020. These predictions span across topics such as attacker techniques, communication platforms, infrastructure adoption, data protection legislation and cybersecurity strategies.
- Deepfakes-as-a-Service increases ransomware effectiveness and election interference
Deepfakes are getting more popular as various machine learning algorithms are able to produce indistinguishable hyper-realistic photos and videos of people. In 2020, we can expect to see an increase in ransomware by cybercriminals threatening to leak photos and videos of individuals in compromising situations utilising deepfake technology. At the organisational level, deepfakes will also be used to impersonate high-level targets at organisations to scam employees by transferring funds into fraudulent accounts. In the political arena, we can expect deepfakes to be leveraged as a tool to discredit electoral candidates and push inaccurate falsehoods to voters via social media. In 2020, we will see deepfakes-as-a-service move to the fore as it becomes widely adopted for entertainment such as the viral FaceApp, and we can also expect to see an increase in its use for malicious intent online.
- 5G offers unprecedented data theft speeds
2020 will see a rise in the adoption of the fifth generation (5G) cellular network technology around the world. Data transfer rates on 5G is well-documented to be 10 times faster than 4G networks. While this will appear to be a promising service for organisations looking to be one step ahead of the competition, the more reliable connectivity and lower latency of 5G will essentially also work in favour of cyber criminals or even employees looking to transfer large amounts of data on the cloud. With the roll-out of 5G continuing in 2020, we can expect to see an increase in the volume and speed of data theft.
- Organizations will become “Cloud Smart” but remain “Cloud Dumb”
With greater adoption of public cloud systems, organisations will become “Cloud Smart” in their digital transformation efforts. However, when it comes to securing these cloud systems, organisations will remain “Cloud Dumb” as they face challenges in cloud security. Cloud service vendors are responsible for protecting the infrastructure, while the onus is on organisations to protect their data by monitoring access, managing configurations, and analysing risky user behaviours. Organisations need to understand that securing data on the cloud is a shared responsibility with their cloud service providers.
- Organisations will mature in their approach to data/privacy protection legislation
There is greater organisational and individual awareness on the need for data privacy and protection due to regulations such as the European Union’s General Data Protection Regulation (GDPR). This trend will continue in 2020, where organisations will begin to recognise that customers value an organisation’s commitment and compliance with data protection laws and will perceive this as a business differentiator. In 2020, we will see organisations move away from a breach prevention approach to a holistic principles-based approach when it comes to data security. We can also expect to see businesses prioritise automation in data discovery as the volume of Subject Access Requests under GDPR increases in tandem with greater customer awareness of their data privacy rights.
- Cybersecurity strategies will incorporate a move from ‘Indicators of Compromise’ to ‘Indicators of Behaviour’
Traditional cybersecurity methods focus on identifying threats based on Indicators of Compromise. This includes malicious activities based on URLs, email subjects, IP addresses, network traffic, suspicious registry changes or abnormal read/write volumes etc. An Indicator of Behaviour approach on the other hand, focuses on the behaviour of users and how they interact with data. In 2020, we can expect to see a shift from an outside-in approach – by looking at how external attackers are seeking to gain access into systems, towards an inside-out approach – which can prevent data breaches by analysing abnormal user behaviours across any device, medium or cloud application. “Fast evolving cyberthreats are becoming more perilous by the day, and organisations need a proactive and business aligned cybersecurity strategy to protect themselves,” said Alvin Rodrigues, Senior Director and Security Strategist, Forcepoint Asia Pacific. “Human beings remain the weakest link. IT and security leaders must take urgent measures to better understand the rhythm of their users’ interaction with critical data and systems as part of their digital transformation process.”