2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
The wheels of 2020’s biggest cybersecurity threats have already been set motion. Mobile, the cloud and artificial intelligence, to name a few, are trends that will continue to be exploited by criminals. Couple that with the rapid growth of software development and a cybersecurity skills shortage and that should be enough to keep security pros on their toes. Here is what experts say the year ahead in cybersecurity has in store.
Ransomware was the scourge of 2019 and will also be in 2020. Organized cyergangs will shift focus from leveraging banking trojans in huge multi-million dollar SWIFT-related heists and instead focus on smaller ransomware attacks. Why? “[They are] easier to anonymize, easier to launder, and [require] less sharing of illicit profits with street gangs that launder bank fraud proceeds,” said Limor Kessem, with IBM Security.
Mobile will become a primary phishing vector for credential attacks in 2020. “Traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS,” according to Lookout security experts.
As software development increases, so will the need to nip security threats in the bud. The attack surface has grown from local code to pipeline code. To answer the challenge, a DevSecOps mindset must prevail, say security pros. Code inspection will need to start from app inception to production in 2020, say experts. “We’re seeing organizations start to build security into each phase of the development pipeline, and expect to see more of this shift in 2020,” wrote Veracode’s Suzanne Ciccone.
As more corporate infrastructure moves to the cloud, so will the focus of criminals. The good news and bad news following this trend is “conducting an attack will become harder and the actions of threat actors will become more sophisticated or more frequent – relying on chance rather than planning,” according to a Kaspersky look at 2020 security trends.
Global adoption of 5G infrastructure technology will begin in earnest in 2020. That will give rise to an uptick in edge computing and a host of new connected IoT devices. Add to that some old issues magnified by the massive 5G buildout such as authentication, confidentiality, authorization, availability and data security. “Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices,” wrote Forescout in its year ahead outlook.
- “Authentication will move from two-factor (2FA) to multi-factor (MFA), including biometrics,” according to 2020 predictions by Lookout security experts. The company said in 2019 it saw implementations of one-time authorization codes (OTAC) to provide 2FA circumvented in advanced phishing attacks. “To protect against credential theft and to address regulatory compliance, enterprises are increasingly adopting MFA and biometrics using mobile devices,” the company wrote.
Specific attacks such as phishing will continue to leverage machine learning to automate the optimization of campaigns. “Phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms,” Lookout said.
Last year our interest in deep fakes piqued as proof-of-concept examples surfaced and real ones swayed opinion and tricked one company out of $243,000. Deep fake technology used against businesses and in misinformation campaigns are predicted to ramp up in 2020. The problem is forecast to become so pervasive that, “By 2023, up to 30 percent of world news and video content will be authenticated as real by blockchain, countering deep fake technology,” according to Gartner’s 2020 predictions.
On January 14, 2020 Microsoft will sunset support for Windows 7. For most consumers and businesses that do not have extended-support in place, that means Microsoft will stop patching and regularly updating the OS even when a security vulnerability is found. “History will repeat itself in 2020, with at least one major attack leveraging the vulnerability to affect companies around the world, similar to what we saw with the end of life of Windows XP,” wrote Forescout.
Driven by the high cost of sophisticated malware-based attacks, a rise in insider attacks are forecast for 2020. “Direct attacks on infrastructure… is becoming much more expensive, requiring more and more skills and time for the attacker,” Kaspersky wrote. As a result the year ahead will see, “Growth in the number of attacks using social engineering methods… [T]he human factor remains a weak link in security.” As a result, “Attackers will be willing to offer large amounts of money to insiders. The price for insiders varies from region to region and depends on the target’s position in the company,” according to Kaspersky.