One thing’s clear about what will happen with online threats in 2020: cybersecurity is not getting any easier. The good news is that it’s the early months of the year and all predictions are in, so there’s still some time to get ready. What to expect from cybersecurity in 2020?
And
so, we went on a quest through the vastness of cyberspace in search of the best
and finest predictions out there. Then we added our own expertise to the mix.
The result is a shortlist of considerations we suggest you keep in mind when
designing or implementing your cybersecurity strategy for the year ahead.
On history and its annoying tendency to repeat itself
Remember WannaCry? The National Health Service surely does after almost £100m in losses and the cancellation of 19.000 appointments. But the NHS was not alone. Around 230,000 computers in over 150 countries were infected in a matter of hours, leading to an estimated $4 billion in total losses. The culprit? An NSA-devised exploit of Windows’ EternalBlue vulnerability, for which Microsoft released a patch shortly after the liability was made public.
The
problem with software updates, however, is that not everybody installs them. Furthermore,
some users cannot even install the patch since they’re running older software
versions that are no longer offered support — Rings a bell?
Microsoft’s Windows 7 service cut is bound to follow the same path. Sure — the company is extending its support to businesses until 2023, so those running business-critical applications that only work on the old OS should be fine. But, that’s only if they are willing and able to pay. Add those who can’t to the forgetful types who won’t be upgrading out of plain carelessness, and you have 2017 all over again.
Be
ready for the very real possibility of a massive attack that infects unpatched
users and spreads laterally from one organization to another, from one country
to the next. It only takes one sloppy third party for disaster to unfold.
Dark clouds on the horizon
As
everyone and their mother moves their infrastructure and business-critical workloads
to the cloud, the potential for a massive data breach affecting all the nodes
in the network is skyrocketing.
Perhaps the strike comes from a company or cloud provider that didn’t carry out due diligence and didn’t effectively protect their data during transmission, storage or processing. Or, maybe, as Kaspersky Lab suggests, attackers will leverage the cloud themselves to increase the frequency of their attacks until one breaks through.
What
is obvious at this point, is that you should tread very carefully when
navigating the multi-cloud ecosystem. Make sure all the involved stakeholders
understand the extent of your cloud ramifications. Hire a robust security team.
Partner with the right providers.
Cybersecurity in 2020: The advent of 5G
The more connections in a network, the greater the benefit for those who manage to break into it. As Forescout points out, enterprise 5G adoption is expected to reach critical mass in 2020. The sheer number of connected devices and the amounts of data they hold should be attractive enough for attackers to try to exploit the vulnerabilities of cellular networks.
If
you’re betting big on IoT and 5G, make sure your team is prepared for, or at
least aware of, these vulnerabilities and is monitoring for potential attacks.
The industry as a whole will need to reevaluate 5G security post-deployment,
but, in the meantime, response time is key.
Oh, my — AI
Here’s
some good and bad news.
The good news first: AI and Machine Learning will be instrumental in helping cybersecurity experts detect attacks and protect data and infrastructure. The benefits are more than evident. Security tools and protocols that can learn and have increased autonomy are great allies for defending your virtual castle. According to Capgemini, 63% of organizations will have AI-based solutions in place by the end of 2020. Most of these applications will have a security focus.
The
bad news? Hackers can do that too. Expect AI-powered hackbots coming to your
neighbourhood very soon. Certainly, an eerie thought to entertain.
Corrupting the root
In the art of sabotage, simplicity is key. Why bother trying to compromise the finished product when you can alter one of its key components right at the factory line? As Enterprise SpA CTO Pierluigi Paganini notes, supply chain attacks are only going to increase with time. Although they still pose a relatively low threat, it can’t hurt to be a bit more cautious with the vetting of third-party suppliers.
Cybersecurity in 2020: Final reflections on the fallibility of the human mind
We
often focus solely on the might of technology, its great potential for good and
evil. The truth is that people have been duping each other since ancient times.
As many of the biggest cyberattacks of the past years remind us, it is usually
a human error that starts it all.
An
employee that inadvertently exposes vital information. Someone clicking on a
link that their boss allegedly sent them. An infected thumb drive. A computer that
wasn’t updated.
The
human element is a decisive factor in the world of cybersecurity. Organisations
need to implement better security training for their employees, as well as
improved data hygiene and BYOD policies.
The scary part, however, is that, no matter how many precautions you take, someone can still be tricked – or paid — into letting in the attackers. Kasperky alerts of these perils. As the costs of breaking into a network raise due to improved security, hackers are going to increasingly target employees — whether it is through phishing attacks and very convincing deepfake calls, or by paying them money or extorting them.
Read our article: How the Covid-19 Pandemic is Accelerating the hybridisation of Careers in Tech & IT