Kiuwan Cybersecurity Predictions for 2020
Ransomware attacks will become more efficient
The capital investment for a given ransomware attack is so low that this will continue to be a big and frequent deal in 2020 for cybersecurity. It’s probable that it will become easier and cost-effective to pay the ransom and get on with business, instead of fighting it. The requests will become “right-sized” as the “ransoming business” finds the sweet spot when it comes to the “price point” of their “clients”.
Business owners should recognize that getting attacked in this way is not a matter of IF, but WHEN. They should prepare all necessary precautions so that when that bad day comes, there is an option of blowing out the system and doing a rebuild (Disaster Recovery or Business Continuity).
Two-Factor Authentication Will Slowly Become Standard
Though it has become standard and mandatory in the EU for certain types of payments over online retailers, two-factor authentication is far from being a widespread standard for cybersecurity. When it is offered only as an option, the hardest part is getting people to use it.
However, as the general population becomes more and more aware of data protection, we predict that many will choose to adopt MFA to protect their assets.
Artificial Intelligence (AI) is on its Way to Becoming a Key Player in Cybersecurity
Though we still haven’t seen a fully AI-powered malicious attack, it is highly likely that the “bad guys” will do like all good businesses and take routine tasks (e.g. hacks that worked and are commoditized now) and push them into automation (if that isn’t already “business as usual”). The next stage is to begin to fold in ML/AI to target their efforts and increase efficiency.
IS practitioners will be forced to step up their game (because of limited bodies, limited hours in a day, unlimited attackers and attacks with increasing sophistication) and get up every morning, look themselves in the mirror and (repeat after me): Work Smarter Not Harder. They will be forced to follow the lead of the hackers and take routine tasks off of human responders and assign those tasks to AI to help reduce the total noise in the system and bubble up the items of interest (insert segue here to rant about how 2020 will NOT be a year of increasing intelligence around Risk Management).
Security Spending Will Keep On Increasing
This one is almost a freebie, with the increase in tech and decrease of the barriers to entry for a given hacker, the other side (IS) must add more fuel to keep pace. IS people are in short supply, awareness is up, penalties exist (think about GDPR, CCPA, and about 50 others), barriers to entry for hackers are down. Spending on security is bound to increase exponentially in this year.
Attacks on data will be more threatening than Cyberwar
There has always been a cyberwar component (North Korea, Russia, Iran, FVEY, etc.) just as there is a space war component (killer satellites and satellite killers: India, China, US, etc.) – it is just that most of us don’t get wrapped up in that level of work. International Cyberwar was not so widespread as predicted; however, a lot happened with regards to disinformation and data manipulation.
What we did see and will see more of in 2020 is attacks on data.
Data usage, data manipulation, poisoning, maybe data DDoS. 5G and the shift from the Internet of People to a truer IoT will mean significant upticks in data flows and the opening of new threat vectors (our database people/processes/paradigms will probably start to be a really big deal in the coming years). Persistence values will probably be found to be wildly underestimated (i.e. lurkers that penetrate a system and “hang out” there, spreading through the system and creating many back doors for others to access your network and reduce cybersecurity level).
Supply-Chain Attacks will continue increasing in 2020
This will be a 2020 thing as a variation of Ransomware. Attackers can give companies the option: “Either I lock down your computers or disrupt your supply chain – your choice.” It is then up to companies to figure out the daily cost of that disruption and send attackers 85% of that to put everything back to normal.
Rise of Evangelism for Basic Cyber Hygiene
In 2020 we predict the rise of evangelism for basic cyber hygiene. That is, simple, cost-effective steps that can be done at all levels of an organization (or home) that will leave folks in a better, more defensible posture. These include such strategies as two-factor authentication (2FA)/multi-factor authentication (MFA) using SMS or an authenticator app, password managers, extremely strong passwords (> 12 characters), regular backups, etc. For organizations, essential strategies include segmentation, disaster recovery, and business continuity thinking/planning.