Top 5 Cybersecurity Predictions for 2020
The other day I had a conversation with a colleague regarding the Ring doorbell and the potential security flaws we saw in an IoT home camera. Just a day later, “multiple U.S. families have reported incidents of Ring camera systems being hacked”. These hackers were/are able to covertly watch customers as well as interact with them through the camera’s microphone function – A horrifying and disturbing reality. Our discussion and the news that followed made me ponder the past and think about the future. cybersecurity predictions of 2020!
1. Organizations will have a heightened focus on supply chain attacks
Malicious threat actors understand that the large entities typically have a strong security posture and that their weakness lies in their smaller, third-party partners who have access to their data and systems. The increase of these attacks is shown in Supply Chain Insight’s report from July of 2018 – “Cyber-attacks or computer hacking” became the #1 event to impact supply chains (impacting 52% of organizations). This is the first time SCI’s risk management report included cyber-attacks as a major risk factor. I believe that this trend will continue into 2020 and that organizations will invest in mitigating their supply chain risk by identifying critical business functions that involve third-party vendors and modelling data access around those business functions. If you are interested in learning more about supply chain attacks and preemptive measures your organization can take, here is my previous blog post detailing the Airbus breach.
2. Increase of Managed Service Provider Attacks
Trends have shown that Managed Service Providers (MSPs) will be another big target for 2020. A singular entity having access to sensitive data pertaining to a large number of clients is a goldmine for adversaries looking to obstruct the daily operations of as many organizations as possible. In just the last few weeks both CyrusOne, one of the largest data center providers in the U.S., and Complete Technology Solutions, an IT service vendor for dental practice clients, were victims of ransomware attacks that together disrupted the daily operations of hundreds of organizations. In July, one of the largest data breaches ever occurred at Capital One, where 100 million credit card applications and accounts were stolen from their cloud hosting company, Amazon, through a misconfigured web application firewall. In the next year I predict that modelling employee permissions and access to certain datasets will be vital in helping fortify systems in case of a breached server.
3. Ransomware will become more prevalent than ever
Until recently, local and state governments have fallen under the assumption that they refuse to negotiate with terrorists or extortionists. However, cyber-adversaries have made it clear in 2019 that smaller municipal systems are willing and able to meet their demands – and that they will continue to be a growing target of ransomware attacks into the new year. The city of Baltimore was effectively shut down by EternalBlue, two Floridian cities paid over $1MM in bitcoin ransom, Louisiana had to declare a state of emergency, the Oklahoma Law Enforcement Retirement System lost $4.2MM in pension funds, and the list continues to grow by what seems to be the week. I expect that by the end of next year municipal systems and other critical service function providers (hospitals, utilities, etc.) will continue to see an increase in this trend, and in return, a growth in cybersecurity insurance practices and consultations to limit their associated risk and strengthen their security posture.
4. Internet of Things Devices will become Internet of Risky Devices
Internet of Things Devices are notorious in the cybersecurity community for the major security flaws found in most, as well as the concerns around their privacy and data collection standards. With over 26 billion active devices to start 2019, the increased variety of operating systems and respective security flaws will allow for ransomware or MitM attacks using old “outdated” CVEs that have been patched in Windows, etc. If not through the infrastructure of IoT product organizations, Ring has already taught us that human error will allow attackers to compromise the integrity of these devices through phishing campaigns. As a result, my prediction for 2020 is that there will be a major security breach that causes a mainstream distrust in IoT devices – dubbed now as “IoR” devices.
5. SOAR will become a feature of SIEM and cease to be a standalone platform
SOAR (Security, Orchestration, Automation, and Response) platforms primarily focus on gathering cybersecurity information and aggregating the data in a way that is easily manageable by humans. Automation allows for reduced response time and improved visibility, and when paired with SIEM technology there are overwhelming benefits. The real-time monitoring benefits from SIEM alongside the automation of routine work from SOAR reduces the time required to respond to an alert, and reduces alert fatigue within a SOC. In 2018, we saw Splunk acquire Phantom as one of the first major SOAR acquisitions. This was followed by Palo Alto’s acquisition of Demisto and Fortinet’s acquisition of CyberSponse in 2019. I predict that prevalent SOAR platforms will be acquired by other major players in the SIEM space this coming year, and the combination of platforms becomes a new standard for the SOC.
These predictions are based on trends I have seen in 2019 and believe will continue to increase into the new year. That being said, I’m not a prognosticator – I look forward to discussing at the end of 2020 which of my predictions have come to fruition and which have not. In the meantime, feel free to discuss your own thoughts on where the cybersecurity landscape will shift in the new year below!