Hindsight is 20/20 vision, as the old saying goes: it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future. However, by looking at security developments over the past couple of years, it’s possible to forecast what’s likely to happen in the cyber landscape over the next 12 months. Here are the key security and related trends that we expect to see during 2020.
Technology cyber-security predictions for 2020:
1 Targeted ransomware – 2019 saw ransomware exploits getting highly targeted against specific businesses, as well as government and healthcare organisations. Attackers are spending time intelligence-gathering on their victims, to ensure they can inflict maximum disruption, and ransoms are scaled up accordingly.
2 Phishing attacks go beyond email – While email remains the #1 attack vector, cybercriminals are also using a variety of other attack vectors to trick their intended victims into giving up personal information, login credentials, or even sending money. Increasingly, phishing involves SMS texting attacks against mobiles, or use of messaging on social media and gaming platforms.
3 Mobile malware attacks step up – The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware can steal payment data, credentials and funds from victims’ bank accounts, and new versions are available for widespread distribution by anyone that’s willing to pay the malware’s developers. Phishing attacks will also become more sophisticated and effective, luring mobile users to click on malicious web-links.
4 The rise of cyber insurance – More cyber-insurance policies will be bought by businesses and public-sector organisations. Insurance companies will continue to guide their policy holders to pay ransoms, as this can be cheaper than the costs of recovering from an attack. This will in turn drive more attacks, and fast growth for the cyber insurance industry.
5 More IoT devices, more risks – As 5G networks roll out, the use of connected IoT devices will accelerate dramatically, massively increasing networks’ vulnerability to large scale, multi-vector Gen V cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: It’s hard to get visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, combining traditional and new controls to protect these ever-growing networks across all industry and business sectors.
6 Data volumes skyrocket with 5G – The bandwidths that 5G enables will drive an explosion in numbers of connected devices and sensors. eHealth applications will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how citizen live. This ever-growing volume of personal data will need securing against breaches and theft.
7 AI will accelerate security responses – Most security solutions are based on detection engines built on human made logic, but keeping this up-to-date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more evasive malware.
8 Security at the speed of DevOps – Organisations already run a majority of their workloads in the cloud, but the level of understanding about securing the cloud remains low, and security is often an afterthought with cloud deployments. Security solutions need to evolve to new, flexible, cloud-based architectures that deliver scalable protection at the speed of DevOps.
9 Enterprises rethink their cloud approach – Increasing reliance on public cloud infrastructure increases enterprises’ exposure to the risk of outages, such as the Google Cloud outage in March 2019. This will drive organisations to look at their existing data center and cloud deployments, and consider hybrid environments comprising both private and public clouds.
In conclusion, we don’t have the luxury of hindsight to show us exactly what security threats we will face in 2020. Today’s hyper-connected world creates more opportunities for cyber criminals, and every IT environment is a potential target: on-premise networks, cloud, mobile, and IoT devices. But forewarned is forearmed.
By using advanced threat intelligence to power unified security architectures, businesses of all sizes can automatically protect themselves against the most advanced attacks the new year can throw at them.
By Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies