Andy Wright, Regional Director Northern Europe for Check Point
Hindsight is 20/20 vision, as the old saying goes: it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future. However, by looking at security developments over the past couple of years, it’s possible to forecast what’s likely to happen in the cyber landscape over the next 12 months. Here are the key security and related trends that we expect to see developing during this year.
Global cyber-security predictions for 2020:
A new cyber ‘cold war’ – The new cold war is intensifying and taking place online as Western and Eastern powers increasingly separate their technologies and intelligence. The ongoing trade war between the U.S. and China and the decoupling of the two huge economies, is a clear sign. Cyber-attacks will increasingly be used as proxy conflicts between smaller countries, funded and enabled by large nations looking to consolidate and extend their spheres of influence.
Fake news 2.0 at the U.S. 2020 elections – The U.S. election in 2016 saw the beginning of AI-based propagation of fake news. Political adversaries made huge progress creating special teams that created and spread false stories to undermine support for their opponents. In the run-up to the 2020 elections, we can expect to see these activities in full effect once again.
Cyber-attacks on utilities and critical infrastructures will continue to grow – Utilities continue to be a target of cyber-attacks, as seen in attacks on U.S. and South African utility companies this year. Nations will need to look at radically strengthening cyber defenses around their critical infrastructure.
High profile US brands, beware – As tensions between the U.S. and Iran continue to escalate, cyber-attacks will increasingly target high-profile American companies. These attacks will focus on disrupting Internet-facing services that these companies’ customers and employees rely on.
Increased lobbying to weaken privacy regulations – As new privacy regulations are put into effect, it is clear that many organizations, regardless of size or sector, are not prepared to deal with them effectively. Large corporations will accelerate their lobbying efforts asking governments to weaken privacy regulations, especially those covering rapid breach disclosures and the size of fines, such as the $228M fine against British Airways following its 2018 breach.
Technology cyber-security predictions for 2020:
Targeted ransomware – 2019 saw ransomware exploits getting highly targeted against specific businesses, as well as local government and healthcare organizations. Attackers are spending time intelligence-gathering on their victims, to ensure they can inflict maximum disruption, and ransoms are scaled up accordingly. Attacks have become so damaging that the FBI has softened its stance on paying ransoms: the agency now acknowledges that in some cases, businesses may need to consider paying to protect shareholders, employees and customers.
Phishing attacks go beyond email – While email remains the #1 attack vector, cybercriminals are also using a variety of other attack vectors to trick their intended victims into giving up personal information, login credentials, or even sending money. They will exploit any breaking news stories – such as the current Coronavirus outbreak – to attract unwitting clicks.
Mobile malware attacks step up – The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware can steal payment data, credentials and funds from victims’ bank accounts, and new versions are available for widespread distribution by anyone that’s willing to pay the malware’s developers. Phishing attacks will also become more sophisticated and effective, luring mobile users to click on malicious weblinks.
The rise of cyber insurance – More cyber-insurance policies will be bought by businesses and public-sector organizations. Insurance companies will continue to guide their policy holders to pay ransoms, as this can be cheaper than the costs of recovering from an attack. This will in turn drive more attacks, and fast growth for the cyber insurance industry.
More IoT devices, more risks – As 5G networks roll out, the use of connected IoT devices will accelerate dramatically, massively increasing networks’ vulnerability to large scale, multi-vector Gen V cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: it’s hard to get visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, combining traditional and new controls to protect these ever-growing networks across all industry and business sectors.
Data volumes skyrocket with 5G – The bandwidths that 5G enables will drive an explosion in numbers of connected devices and sensors. eHealth applications will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how citizen live. This ever-growing volume of personal data will need securing against breaches and theft.
AI will accelerate security responses – Most security solutions are based on detection engines built on human made logic, but keeping this up-to-date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more evasive malware.
Security at the speed of DevOps – Organizations already run a majority of their workloads in the cloud, but the level of understanding about securing the cloud remains low, and security is often an afterthought with cloud deployments. Security solutions need to evolve to new, flexible, cloud-based architectures that deliver scalable protection at the speed of DevOps.
Enterprises rethink their cloud approach – Increasing reliance on public cloud infrastructure increases enterprises’ exposure to the risk of outages, such as the Google Cloud outage in March 2019. This will drive organizations to look at their existing data center and cloud deployments, and consider hybrid environments comprising both private and public clouds.
In conclusion, we don’t have the luxury of hindsight to show us exactly what security threats we will face during the rest of 2020. Today’s hyper-connected world creates more opportunities for cyber criminals, and every IT environment is a potential target: on-premise networks, cloud, mobile, and IoT devices. But forewarned is forearmed. By using advanced threat intelligence to power unified security architectures, businesses of all sizes can automatically protect themselves against the most advanced attacks the new year can throw at them.
To learn more about Check Point, click here.
Check Point will be in attendance at our CIO Event at Said Business School, Oxford University. To learn about this and other CIO events, click here.
You have missed out some details, please try again.