{"id":31587,"date":"2019-11-28T04:50:25","date_gmt":"2019-11-28T09:50:25","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=31587"},"modified":"2022-08-08T04:56:58","modified_gmt":"2022-08-08T08:56:58","slug":"security-bites-2020-plans","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-bites-2020-plans\/31587\/","title":{"rendered":"How will the cybersecurity industry evolve in 2020? Perspectives from InfoSec pros"},"content":{"rendered":"

2019 saw a rise in ransomware attacks<\/a> on institutions, more cyberattack services from the Dark Web and data breaches galore.<\/p>\n

What will 2020 bring? The Security Bytes series<\/a> is all about senior security professionals sharing their most savvy advice. Here, I ask several leading cybersecurity insiders:<\/p>\n

Which cybersecurity trends do you anticipate in 2020?<\/p>\n<\/blockquote>\n

Anastasios Arampatzis<\/a>, cybersecurity content writer for Bora<\/a><\/h2>\n

\u201cI constantly have the feeling we\u2019re failing. And we\u2019re failing BIG. No matter how many hours we spend writing, talking, presenting\u2026 the risk and threat of poor cybersecurity insight, data breaches and security incidents keep growing. Although cybercriminals do their worst, it\u2019s our own cybersecurity industry that fails to live up to our expectations.<\/p>\n

\u201cHave you ever seen a security warranty for any technology product? Warranties only cover mechanical parts and not software-related ones.<\/p>\n

\u201cSo I hope in 2020, cybersecurity will change in two ways.<\/p>\n

\u201cFirstly, the industry needs to embrace security-by-design and privacy-by-design frameworks. Existing legislation in many countries leans towards this. In the near future, I\u2019d love to see a product with a security warranty so companies offering cyber-insurance won\u2019t be able to deny reimbursing their customers.<\/p>\n

\u201cSecondly, I\u2019d love to see cybersecurity becoming an integral part of the school curriculum, starting even from elementary schools.<\/p>\n

Just as kids learn the basics about hygiene and being safe on the street, they should also learn how to be safe in the virtual streets.<\/p>\n<\/blockquote>\n

Let\u2019s see what goodies Cyber Santa will bring.<\/p>\n

Ian Anderson, Security Manager and Sec Ops<\/h2>\n

\u201cI see significant control system threats. Not just critical infrastructure like electric utilities or oil and gas, but also transport. The likelihood is low, but the impact could be enormous.<\/p>\n

\u201cCities and states have the least funding and resources to defend their networks and systems. Cyberattacks can affect water systems, emergency services and other civic services like public transport. We\u2019ve already seen examples in Atlanta<\/a> and Baltimore<\/a>. Those cities were big enough to afford recovery. What would happen to smaller towns and cities?\u201d<\/p>\n

\"security
\nIan predicts positive change too.<\/p>\n

\u201cWe will see significant improvements to cloud security \u2013 improved tools, default settings and accompanying technologies that focus on keeping the organization\u2019s cloud-based systems secure.<\/p>\n

\u201cEnd-user awareness is rising. InfoSec pros are generally getting better at detecting attempts at compromise. Initiatives like multi-factor authentication (MFA) and role-based access control mean phishing awareness campaigns are getting easier. I think users take some of these practices home, which means safer web access for families.\u201d<\/p>\n

While not perfect, the tide is turning. I\u2019m cautiously optimistic.<\/p>\n<\/blockquote>\n

I researched vulnerabilities in food manufacturing and power plant ICS (industrial control systems) and SCADA (supervisory control and data acquisition). I also observed reports of the city of Toronto\u2019s susceptibility to ransomware and data breaches in the wake of Atlanta<\/a>\u2018s 2018 SamSam ransomware incident. So I think Ian\u2019s predictions are on the money.<\/p>\n

Cheryl Biswas, threat intelligence specialist<\/h2>\n

\u201cThe 2020 US election is around the corner. Disinformation and deepfakes<\/a> are worrying trends. Obfuscation and evasion tactics keep evolving, like hiding files in files, breaking them up across deliveries and renaming processes to make malware look legitimate to the operating system. I hope national DDoS<\/a> attack mitigation systems have improved to withstand the next generation of botnets.\u201d<\/p>\n

Nation-state attacks will only get more intense. Industrial control systems and Internet of Things (IoT) devices are especially at risk. But since cybersecurity practitioners become more aware of the threat, I\u2019m optimistic we can become better prepared.<\/p>\n

Sameep Agarwal, Information Security Consultant and Penetration Tester<\/h2>\n

Sameep makes predictions for new surfaces we need to protect.<\/p>\n

\u201cWith the automotive industry bringing in remote vehicle administration and infotainment integration as standard, vehicles will become new targets for hackers.<\/p>\n

\u201cBiometrics is another risk area. Mass fingerprinting data from biometric technology will be at risk of breaches. Cyberattackers may use in-body chip implants intended for geo-location, medical and psychological purposes to monitor people.<\/p>\n

\u201cI foresee the disruption to food processing and manufacturing to cause mass damage and spoiling. Agriculture will be targeted in 2020, through automated, remote-monitored farming systems, all possible because of industrial IoT<\/a>.\u201d<\/p>\n

The in-body chips worry me most. There are already IoT medical devices like pacemakers susceptible to cyberattack, and the number of IoT devices in people\u2019s bodies will increase. If we can understand the risks now, we can make medical IoT and augmented bodies more secure.<\/p>\n

Amin Hasbini, Head of Research, Kaspersky, Middle East<\/h2>\n

\u201cThe\u00a05G\u00a0telecommunications revolution is imminent. This fifth-generation network will host more network-connected devices, increase speeds considerably for users and serve as the foundation for many futuristic technologies.<\/p>\n

\u201cBut the security concerns of 5G are inescapable. As an evolving and developing technology built on top of the previous 4G infrastructure, it will inevitably inherit vulnerabilities and misconfigurations. Large-scale distributed denial-of-service (DDoS) attacks could be amplified; the massive increase in the volume of connected devices, with all the uncertainties about their quality and security in the network, will be a challenging task for telco administrators.<\/p>\n

\u201c5G will be a more complex environment compared to its predecessors. In a global supply chain setting, bans based on the nationality of a provider offer little assurance especially to countries that have adopted a \u201cbanned provider\u201d as part of its vendor diversification process.\u201d<\/p>\n

Vendor diversity is crucial when it comes to 5G ecosystem offerings to avoid a single point of failure.<\/p>\n<\/blockquote>\n

Read more about Mohamed\u2019s predictions for 5G security<\/a>. A more connected world is an efficient but inherently vulnerable one \u2013 how will we adapt?
\n<\/em><\/p>\n

Kurt Waller, Cyber Intelligence Analyst<\/h2>\n

Kurt\u2019s predictions seem reasonable to me.<\/p>\n

\u201cI think targeted ransomware will be used to disrupt the supply chains of bigger organizations.<\/p>\n

\u201cThe same attack could use seemingly targeted sextortion (blackmail with private photos and videos) mixed with fake thumbnails, deepfake video and phishing.<\/p>\n

\u201cPhishing and malware distribution methods will move to office documents that aren\u2019t macro-based.\u201d<\/p>\n

Sextortion is no laughing matter. Nobody should assume they\u2019re immune to that kind of abuse.<\/p>\n

What stands out?<\/h2>\n

The common threads in these points of view from some of InfoSec\u2019s brightest stars give me pause for thought. What\u2019s the one issue above all others that will define cybersecurity in 2020?<\/p>\n

I\u2019m most concerned by the expansion of IoT without proper security measures. We\u2019ll soon see the first car accidents caused by cyberattacks to self-driving vehicles<\/a>.<\/p>\n

I\u2019m optimistic that as an industry, we can prepare for the future of IoT. It has impressive potential, like fewer accidents from synchronized cars, or checking the performance of your pacemaker through a mobile app. The future of cybersecurity is making all these new technologies safer.<\/p>\n

Here\u2019s to a year ahead of working together to make the world a safer place.<\/p>\n

Article reflects the opinions of the author and speakers quoted. Published in 2020.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Cyberattacks on medical devices, infrastructure and agriculture. What else will 2020 bring and how will the industry adapt? Senior security pros share their thoughts on cybersecurity\u2019s near future.<\/p>\n","protected":false},"author":2531,"featured_media":31589,"template":"","coauthors":[3535],"class_list":{"0":"post-31587","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity","7":"emagazine-category-opinions","8":"emagazine-category-security-bytes","9":"emagazine-tag-autonomous-vehicles","10":"emagazine-tag-cloud-computing","11":"emagazine-tag-data-security","12":"emagazine-tag-democracy","13":"emagazine-tag-healthcare","14":"emagazine-tag-malware","15":"emagazine-tag-predictions","16":"emagazine-tag-trends"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-bites-2020-plans\/31587\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/security-bites-2020-plans\/20256\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/31587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2531"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31589"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31587"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=31587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}