Year 2020 has already begun and it is time for us to surmise what this year will bring to help us stay ahead of the curve and keep our critical systems out of harm.
What new or improved attack vectors can be seen? What technologies will come out or become more widely adopted? What are the steps the organizations must take to combat these threats? And much more.
Let us take a look at the security predictions for 2020.
1. Secure Data Containers for BYOD
As BYOD becomes more usual in large enterprises, we will likely see an increase in use of ‘secure data containers’ for Smartphones and other mobile devices. A ‘secure data container’, like Samsung KNOX, is a mobile application that creates an isolated, secure and controlled environment in which work-related operations can be performed.
2. Authentication Controls gets dense
Weak authentication protocols that continue to deflate the defenses of many organizations may lead to the adoption of recognition technologies or persuade more organizations to switch to multi-factor authentication. However, we may also see third-party identity providers becoming more attractive targets for cyber-criminals.
3. Shadow IT Attacks Will Increase
Besides having many advantages, BYOD, has led to an increase in the use of unauthorized cloud services, hardware or applications in the workplace. So, there are chances that we might see an increase in the number of attacks on “Shadow IT”. Shadow IT results in a lack of visibility and control, which leads to an increase in the number of security incidents.
4. IoT Under Attack
We will see a rise in the number of attacks on IoT devices and the main target being the medical devices. In 2019 there was a 300% increase in cyberattacks on IOT devices, mainly due to an increase in the number of IoT devices being used worldwide. Nowadays almost all healthcare organizations use IoT devices for most of the works. Most of these devices, like insulin pumps, pacemakers and heart monitors, are more vulnerable to attack than regular computers because they do not have built-in risk prevention tools which most operating systems have.
5. Ransomware Attacks Continue
It is more than likely that ransomware attacks will continue to rise, and they will continue to become more targeted.
6. Phishing Attacks Continue
Phishing attacks will continue to trick security measures. According to reports, last year there was a 25% increase in the number of phishing emails that successfully bypassed perimeter defenses and made their way to the inboxes of the staff.
7. BAS Tools Become More Mainstream
Breach and Attack Simulation (BAS) tools will become more mainstream. BAS technologies perform continuous and consistent cyber-attack simulations and alert IT teams of any gaps in their security posture. Research studies shows that BAS technologies will go mainstream within the next 10 years.
8. 5G to Bring More Threats to Security
With 5G becoming more available, there are chances of increase in the number of threats. New network architecture and software applications are necessary to run the 5G networks. This will create an increase in the number of potential entry points for attackers.
9. Third-Party Contractors and Suppliers Will Be Targeted
The attacks on third party vendors and service providers will be more. Third-party contractors, suppliers and software developers have access to critical data, and most of these third parties may have poor data security protocols in place.
10. Spend on Insider Threat Security Solutions Will Increase
Businesses are shifting their focus from external threats to internal threats mainly because most of the security incidents are, in some way or another, the result of negligent or malicious insiders. Businesses will look towards comprehensive data security platforms to detect, alert and respond to insider threats in a timely and efficient manner.
11. Cybersecurity Budgets Increase Further
The cyber-security budgets have increased exponentially from the past few years and this year too, it is likely to increase. The rise in the data breaches, the emergence of more secure data privacy laws, such as the GDPR makes the firms starting to take cyber-security a lot more seriously.
12. AI-Based Attacks to Increase
So far, we have not seen many AI-based cyberattacks. But it is likely that businesses could soon be defending themselves against a new order of AI attacks. An example we have seen already is the AI-power malware, which can automatically insert email messages into pre-existing threads. It uses AI to learn and mimic the language used in the threat, thereby allowing for highly customized and seemingly authentic messages.
13. Business Email Compromise to Increase
Business Email Compromise (BEC) is a social engineering technique used by the criminals to trick unsuspecting employees and executives into transferring funds into an account owned by fraudsters. BEC attacks are so popular as it is easy to launch and very less risk is associated with it.
14. Automation Plugs the Cybersecurity Skills Gap
Shortage of IT skills will lead the IT teams to a much greater focus on automation. Automation has several advantages such as faster and more efficient data collection, real-time auditing and improved analytics. In the long term, automation will help to free-up resources by carrying out repetitive, time-consuming tasks, enabling IT teams to focus on more complex, high-priority tasks.
15. Greater Focus on Data Access Management for Cloud Services
Survey results shows that data loss and leakage was the top security concern when it comes to using cloud services. Recently we have seen a number of data breaches involving unsecured amazon S3 buckets. It was due to a design flaw in the buckets, that let public access it by default. It is the responsibility of the IT teams to ensure that risk assessments have been carried out before storing any sensitive data in the cloud.