2019 saw a rise in ransomware attacks on institutions, more cyberattack services from the Dark Web and data breaches galore.
What will 2020 bring? The Security Bytes series is all about senior security professionals sharing their most savvy advice. Here, I ask several leading cybersecurity insiders:
Which cybersecurity trends do you anticipate in 2020?
Anastasios Arampatzis, cybersecurity content writer for Bora
“I constantly have the feeling we’re failing. And we’re failing BIG. No matter how many hours we spend writing, talking, presenting… the risk and threat of poor cybersecurity insight, data breaches and security incidents keep growing. Although cybercriminals do their worst, it’s our own cybersecurity industry that fails to live up to our expectations.
“Have you ever seen a security warranty for any technology product? Warranties only cover mechanical parts and not software-related ones.
“So I hope in 2020, cybersecurity will change in two ways.
“Firstly, the industry needs to embrace security-by-design and privacy-by-design frameworks. Existing legislation in many countries leans towards this. In the near future, I’d love to see a product with a security warranty so companies offering cyber-insurance won’t be able to deny reimbursing their customers.
“Secondly, I’d love to see cybersecurity becoming an integral part of the school curriculum, starting even from elementary schools.
Just as kids learn the basics about hygiene and being safe on the street, they should also learn how to be safe in the virtual streets.
Let’s see what goodies Cyber Santa will bring.
Ian Anderson, Security Manager and Sec Ops
“I see significant control system threats. Not just critical infrastructure like electric utilities or oil and gas, but also transport. The likelihood is low, but the impact could be enormous.
“Cities and states have the least funding and resources to defend their networks and systems. Cyberattacks can affect water systems, emergency services and other civic services like public transport. We’ve already seen examples in Atlanta and Baltimore. Those cities were big enough to afford recovery. What would happen to smaller towns and cities?”
Ian predicts positive change too.
“We will see significant improvements to cloud security – improved tools, default settings and accompanying technologies that focus on keeping the organization’s cloud-based systems secure.
“End-user awareness is rising. InfoSec pros are generally getting better at detecting attempts at compromise. Initiatives like multi-factor authentication (MFA) and role-based access control mean phishing awareness campaigns are getting easier. I think users take some of these practices home, which means safer web access for families.”
While not perfect, the tide is turning. I’m cautiously optimistic.
I researched vulnerabilities in food manufacturing and power plant ICS (industrial control systems) and SCADA (supervisory control and data acquisition). I also observed reports of the city of Toronto’s susceptibility to ransomware and data breaches in the wake of Atlanta‘s 2018 SamSam ransomware incident. So I think Ian’s predictions are on the money.
Cheryl Biswas, threat intelligence specialist
“The 2020 US election is around the corner. Disinformation and deepfakes are worrying trends. Obfuscation and evasion tactics keep evolving, like hiding files in files, breaking them up across deliveries and renaming processes to make malware look legitimate to the operating system. I hope national DDoS attack mitigation systems have improved to withstand the next generation of botnets.”
Nation-state attacks will only get more intense. Industrial control systems and Internet of Things (IoT) devices are especially at risk. But since cybersecurity practitioners become more aware of the threat, I’m optimistic we can become better prepared.
Sameep Agarwal, Information Security Consultant and Penetration Tester
Sameep makes predictions for new surfaces we need to protect.
“With the automotive industry bringing in remote vehicle administration and infotainment integration as standard, vehicles will become new targets for hackers.
“Biometrics is another risk area. Mass fingerprinting data from biometric technology will be at risk of breaches. Cyberattackers may use in-body chip implants intended for geo-location, medical and psychological purposes to monitor people.
“I foresee the disruption to food processing and manufacturing to cause mass damage and spoiling. Agriculture will be targeted in 2020, through automated, remote-monitored farming systems, all possible because of industrial IoT.”
The in-body chips worry me most. There are already IoT medical devices like pacemakers susceptible to cyberattack, and the number of IoT devices in people’s bodies will increase. If we can understand the risks now, we can make medical IoT and augmented bodies more secure.
Amin Hasbini, Head of Research, Kaspersky, Middle East
“The 5G telecommunications revolution is imminent. This fifth-generation network will host more network-connected devices, increase speeds considerably for users and serve as the foundation for many futuristic technologies.
“But the security concerns of 5G are inescapable. As an evolving and developing technology built on top of the previous 4G infrastructure, it will inevitably inherit vulnerabilities and misconfigurations. Large-scale distributed denial-of-service (DDoS) attacks could be amplified; the massive increase in the volume of connected devices, with all the uncertainties about their quality and security in the network, will be a challenging task for telco administrators.
“5G will be a more complex environment compared to its predecessors. In a global supply chain setting, bans based on the nationality of a provider offer little assurance especially to countries that have adopted a “banned provider” as part of its vendor diversification process.”
Vendor diversity is crucial when it comes to 5G ecosystem offerings to avoid a single point of failure.
Read more about Mohamed’s predictions for 5G security. A more connected world is an efficient but inherently vulnerable one – how will we adapt?
Kurt Waller, Cyber Intelligence Analyst
Kurt’s predictions seem reasonable to me.
“I think targeted ransomware will be used to disrupt the supply chains of bigger organizations.
“The same attack could use seemingly targeted sextortion (blackmail with private photos and videos) mixed with fake thumbnails, deepfake video and phishing.
“Phishing and malware distribution methods will move to office documents that aren’t macro-based.”
Sextortion is no laughing matter. Nobody should assume they’re immune to that kind of abuse.
What stands out?
The common threads in these points of view from some of InfoSec’s brightest stars give me pause for thought. What’s the one issue above all others that will define cybersecurity in 2020?
I’m most concerned by the expansion of IoT without proper security measures. We’ll soon see the first car accidents caused by cyberattacks to self-driving vehicles.
I’m optimistic that as an industry, we can prepare for the future of IoT. It has impressive potential, like fewer accidents from synchronized cars, or checking the performance of your pacemaker through a mobile app. The future of cybersecurity is making all these new technologies safer.
Here’s to a year ahead of working together to make the world a safer place.
Article reflects the opinions of the author and speakers quoted. Published in 2020.