Technological advances in the cyber realm may hold the biggest security threats in 2020. We need to be vigilant to how cyber criminals exploit artificial intelligence and machine learning to launch malicious attacks. Mobile devices and the Cloud are prime phishing attack trajectories and will increasingly be seen as fertile ground for compromise by criminals. Coupled with the rapid growth of software development, is the cybersecurity skills shortage which could see vulnerabilities in systems worldwide. Experts predict the following cybersecurity threats that 2020 may have in store.
Ransomware was the menace of 2019 and will continue to be a threat through 2020. Limor Kessem from IBM Security indicates that organised cyber gangs will focus on smaller ransomware attacks because they are easier to anonymize, easier to launder, and require less sharing of illicit profits with street gangs that launder bank fraud proceeds. This is a move away from banking trojans in huge multi-million-dollar SWIFT-related heists.
Lookout security experts predict that mobile will become a primary phishing focus for credential attacks in 2020. This is primarily because traditional secure email gateways, “neglect mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS.”
The role of security in the past was isolated to a specific team in the final stage of development, and outdated security practices compromised even the most efficient DevOps initiatives. A DevSecOps integrated approach will allow organisations to take advantage of the agility and responsiveness to threats. Suzanne Ciccone from Veracode states: “We’re seeing organizations start to build security into each phase of the development pipeline, and expect to see more of this shift in 2020. Hence, code scrutiny should start from app inception to production in 2020.
Kaspersky warns that as more corporate infrastructure moves to the cloud, the sophistication and rate of attacks will increase with cybercriminals playing on chance rather than planning.
Forescout states that, “Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices.” This pertains particularly to the anticipated global adoption of 5G infrastructure technology in 2020, prompting edge computing and new connected IoT devices. Issues such as authentication, confidentiality, authorisation, availability and data security will be more prominent. Lookout security experts specify that “Authentication will move from two-factor (2FA) to multi-factor (MFA), including biometrics.”
Lookout explains that automated machine learning will optimise phishing attacks,“Phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms.”
AI-generated Deepfake is becoming more common and convincing, and the technology will be used against businesses in misinformation campaigns. Deepfakes use a form of artificial intelligence called deep learning to make images of fake events, thus the term ‘deepfake’. Gartner predicts that the problem will become so pervasive that “By 2023, up to 30 percent of world news and video content will be authenticated as real by blockchain, countering Deepfake technology.”.
Kaspersky forecasts an increase in in-insider attacks due to the high cost of sophisticated malware-based attacks. “Growth in the number of attacks using social engineering methods… The human factor remains a weak link in security.” Consequently, insiders will be offered large amounts of money by attackers.
TÜV Rheinland, in their seventh annual report on Cybersecurity Trends for 2020, predict attacks on smart supply chains, threats to medical equipment and weaknesses in real-time operating systems. Their cybersecurity researchers and experts also identified uncontrolled access to personal data as carrying the risk of destabilising the digital society and stresses the fact that data protection is now very challenging.
According to TÜV Rheinland, the proliferation of personal smart devices would mean that the attack surface could quickly increase hundreds or thousands of times. Specifically, the trend of owning a medical device such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers connected to the Internet, as part of the ‘Internet of Medical Things’ (IoMT), increases the risk of an Internet health crisis. Researchers identified several software vulnerabilities which can lead to targeted attacks on both individuals and entire product classes.
Security experts advise that being proactive is vital as 2020 marks a make-or-break year in the cybersecurity industry. Criminals are becoming more devious and sophisticated in their approaches to harvesting money from individuals and enterprises, and the challenge is up to cybersecurity firms to step up and take on the mantle of viable solution providers.
Concurrently, cybercrime-as-a-service (CaaS) is becoming more popular and fuels the growth of the cybercrime environment. It facilitates the emergence of new criminal organisations and accelerates the operations of existing ones.
“Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will monopolize the threat landscape in the coming months”. (Hacking 2019).
Take your business connectivity guide to find the perfect solution for your business!