What should we expect from cybersecurity in 2020?
So, as 2019 draws to a close, ten security experts share their thoughts on the year ahead and where companies need to focus their cybersecurity efforts, with ITProPortal.
Be ransom-awareWith the number of ransomware attacks having taken place over the past year being higher than last year, it’s unlikely that this will slow down in 2020. Steve Nice, Chief Technologist at Node4 predicts: “In 2020, there’s no doubt that phishing and ransomware will continue to evolve and be the number one threat to businesses, as attackers are always looking for – and exploiting – new attack vectors. Whilst there may be headline grabbing attacks on connected vehicles, TVs etc, phishing and ransomware are still the primary revenues for cyber-criminal gangs, and users will still be blasé about security.”
Steve continues, “However, there will be new vulnerabilities in 2020, and while older technologies (technical debt) will continue to be exploited, mobile phones will evolve to become a prime attack vector. For example, there could be a ransomware attack on Android phones, where the whole phone becomes completely inoperable unless you pay for a decryption key.”
Alan Conboy, Office of the CTO, Scale Computing agrees with this, commenting that, “The recent news cycle has been flooded with organisations from airlines to banks and hospitals, even entire local governments, falling victim to ransomware attacks. Threats such as these are evolving at a horrific pace, and they will continue to become smarter, more lucrative and increasingly devious in 2020. So, to the organisations that think they can’t afford to modernise their infrastructure defences, well, the truth is that they can’t afford to not do so.”
“As this malicious momentum snowballs into next year, businesses must realise that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organised criminals. We will see organisations taking advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defences, disaster recovery, and backup.”
Ransomware attacks continue to increase because the barriers to entry are low and return on investment is high as John Ford, CISO at ConnectWise explains: “Ransomware is as close to a perfect economy as one could enter, other than the fact that it is an illegal underground market. 2019 saw a dramatic increase in the amount of malicious code created and made available for sale on the black market. The seller not only makes the code affordable ($300-$500), they also provide full tech support in teaching the attacker how to execute an attack. This code is then further modified by the purchaser. This last action makes certain that security products that may have seen and prevented the original code, will likely fail to do the same with the modified version. A single version of modified malicious code could yield hundreds of thousands of dollars, and when the ransomware fails to execute, the attacker simply modifies the code and continues on. Given that the number of attack groups has risen by 25 per cent over the past year, coupled with the fact that the amount of malicious code has exponentially increased and the barrier to entry remains low, I do not see any reduction in the amount of ransomware attacks for 2020. “
Don’t expect attacks to slow down and be prepared to fight
According to Anurag Kahol, CTO at Bitglass, “threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more.”
With this in mind, Anurag predicts that, “one technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.”
And cyber-attacks aren’t just limited to organisations – as Tim Bandos, Vice President of Cybersecurity at Digital Guardian predicts, “I think geopolitical relationships around the world have increasingly become strained and uncertain with direction and I believe we’ll see state-sponsored attacks being carried out much more; possibly even against critical infrastructure. There have been a number of attempts and even successful attacks against these types of systems but for the most part they’ve all been isolated incidents. One can only wonder though if these attacks were merely conducted to set up backdoor functionality for a future panic button push to cripple the target’s systems. Not to mention the considerable adoption of IoT devices connecting once-segregated Operations Technology (OT) environments; which only further widens the attack landscape. The security in these environments need to be fully assessed and controls need to be put in place as soon as possible in order to mitigate against future attacks. It’s only a matter of time.”
With this in mind, the risk of a cyber-attacks and threats continue to be a risk. It’s no longer a matter of if, but when a disaster strikes. So, as Avi Raichel, CIO at Zerto explains, organisations need to become IT resilient: “Cyberthreats will continue to be a major, strategic risk for companies in 2020, especially those going through a digital transformation. These risks include loss of productivity, loss of revenue, loss of customers and severe—often irreversible—damages to the brand. The more digital your company becomes, the more you lean on your IT staff systems. This tight correlation means that whenever there is a disruption to your IT, it becomes a disruption to your whole business. Consequently, IT resilience will become increasingly invaluable to companies as they undertake—and complete—their digital transformation journeys.
“In 2020, we anticipate a continued shift to a more fully digital business model and expect the vitality of cyber-resilience, IT resilience and business resilience to follow suit.”
When it comes to being cyber-resilient, it’s not just about the technology, as Sascha Giese, Head Geek at SolarWinds comments. “Organisations across the U.K. public sector should recognise the need to reprioritise their security best practices to ensure they demonstrate healthy cyberhygiene,”
Sascha continues, “It’s important for IT teams in the public sector to have up-to-date cybersecurity knowledge to help prevent, as well as prepare for, the security threats they’ll inevitably face in the current hostile landscape.”
“To implement this, many public sector organisations in the coming year will look to prioritise cybersecurity training for everyone, from entry level right through to the C-suite, and across every department—not just IT teams. Going back to basics in terms of fostering ongoing cybersecurity awareness is one of the simplest yet most effective ways to keep an organisation secure. The cyberthreat landscape is ever-changing; therefore, it’s vital to ensure employees are continuously aware and informed of their organisation’s latest security postures.”
Use new technologies to support IT security
“2020 should herald a true golden age of ‘deep learning’, which will see a resurgence of artificial intelligence (AI) embedded into the fabric of our security frameworks. Expect to see some exciting machine learning (ML) developments in the seemingly ‘ad infinitum’ war on cyberthreats and bad actor group attack circuits,” predicts Richard Cassidy, Senior Director Security Strategy at Exabeam.
Richard continues, “Security focus will move away from the tired alerting methodology we’ve all painfully relied on for far too long, to a far more ‘risk context’ approach, combining data-classification, trust modelling and security analytics functions.”
“We’re already seeing almost all security vendors scramble to jump on the AI band-wagon, with those who managed to book early now trying to differentiate with new waves of ML algorithms, offering more enhanced ways to detect the ‘unknown unknowns’. That said, however, security practices should pay heed to the fact that AI is not all about the new and ultimately unfathomable. It’s about enabling organisations to do far more with what they have, super-charging existing security and GRC functions – not least hyper-enabling already over-stretched teams – to focus on doing more of what they enjoy and innovating for the betterment of business outcomes.”
According to Bryan Becker, DAST product manager at WhiteHat Security, security organisations will begin accepting that there is just too much to do when it comes to security, and not enough resources: “Teams will start looking for methods to make the overall process less demanding as well as for new techniques to allocate resources most effectively.”
“Vendors will start to focus more on making the process easier, while teams will start to lean more on defence in depth than perhaps they were previously. Prioritisation techniques and frameworks will start having a seat at the front of the table. Asset management, discovery, and documentation will continue to be a challenge for enterprise organisations.”
Looking at other technologies that will strengthen security, Josh Flinn, Director of Product Strategy & Innovation at Cybera believes: “2020 will be the year that we see a deeper integration of security and WAN technology. Historically, the network has always come first, and then security is bolted on to protect it. We’re rapidly heading towards a security-first and connectivity-second approach – the total opposite of how the Internet was designed!”
He continues, “We will continue to see significant moves towards connectivity and security becoming seamless. Security and networking teams will converge into one team. I suspect this will put a lot of additional pressure on folks working in these areas as they’ll need to focus on multiple tasks. As a result, we’ll see a much bigger reliance on machine learning and analytics tools to reduce the white noise and phantom alerts and enable teams to spend more time on actions, rather than digging through masses of data.”
Whilst 2020 will bring its own host of cybersecurity challenges, it’s clear that organisations, both public and private need to prioritise putting the right security procedures in place to ensure their company doesn’t face an attack or data breaches next year and suffer the wrath from the ICO. Prevention is always better than cure, even when it comes to IT security.