Cybersecurity Predictions for 2020: VPN Disruption, Bad AI, More
The check is coming due for a lot of businesses that have failed to protect their customers' data.
December 26, 2019
![Person holding crystal ball Person holding crystal ball](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt46893084d0efc8ad/6524363953c26e7db24d8299/Person-Holding-Crystal-Ball.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Almost one-quarter (21%) of security leaders are experimenting with quantum computing strategies, according to new research from the Neustar International Security Council (NISC). The majority (73%) expect quantum computing to overcome existing cybersecurity technologies within the next five years. Despite pressing concerns over encryption breakage and security fails, most (87%) of CISOs, CSOs, CTOs and security directors are excited about the potential in quantum computing. The remaining 13% fear quantum technology will bring more harm than help.
“In 2020, a foreign adversary will take advantage of the neglected infrastructure and create the first monumental disruption in a Western government’s electrical grid. When citizens riot due to the sustained outage, law enforcement will be called to quell the physical disruption as it hurries to fix the electrical one,” said Jake Olcott, vice president of BitSight, a security ratings company.
“This will force virtually all large enterprises to have some type of cyber insurance policy in the coming year, and it will focus them on modeling catastrophic cyber incidents surrounding third-, fourth- and fifth-party risk, supply chain disruption, and financial losses,” Olcott added.
“In 2020, several publicly traded, Fortune 1000 companies will face the same fate as Equifax. Due to holes in their security posture and in their third-party business partners’ (and lack of visibility into these issues), data breaches will plague these organizations. Fed up with the breaches, attacks, and frauds impacting revenue, shareholder suits targeting board members will gain traction — forcing boards to take a larger, more informed role in cyber,” said Olcott. “As the role of cybersecurity becomes ever more important, investors will keep a closer eye on how companies perform in this area, going so far as to incorporate cyber into their ESG analysis.”
“Increasingly complex IT environments and digitally savvy student populations increase risk exposure, and threaten school and student safety in K-12 organizations,” according to a research report on the state of cybersecurity in the education sector in 2020, by Absolute, an endpoint security provider.
Schools are now the second largest group of ransomware victims, second only to local governments and closely followed by health care organizations, according to an Armor Threat Intelligence brief.
“DR strategies typically depend on a VPN to connect the on-premises source to the cloud-based target, but traditional VPNs are obsolete for the new IT reality of hybrid and multicloud. They weren’t designed for them. They’re complex to configure, and they expose ‘slices of the network,’ creating a lateral network attack surface,” said Don Boxley, DH2i’s CEO and co-founder. “In 2020, a new class of DR software with integrated SDP security will emerge to eliminate these issues. This new SDP-enhanced DR software will enable organizations to build smart endpoint DR environments that can seamlessly span on-premises and the cloud without the added costs and complexities of a VPN, and with virtually no attack surface.”
“In 2020, enterprises will take advantage of the ubiquity of RasPi and the security of Software defined perimeter – SDP – software to enhance product differentiation with secure, low-cost but high value IoT networks,” predicts DH2i’s CEO and co-founder, Don Boxley.
“Ransomware will become one of the biggest threats in 2020, particularly as it becomes less randomly sprayed at consumers, and as attackers sharpen their aim directly at local government, health-care organizations and SMBs,” said Daniel Goldberg, senior security researcher, Guardicore. “Attackers will continue to automate ransomware, which is a profitable repeat business.”
“In 2020, cybercriminals will leverage AI and machine learning (ML) to find exploits on systems – and it will lead to prolific and public data security breaches,” said Cindy Provin, General Manager of nCipher Security and SVP at parent company, Entrust Datacard.
“While 2020 will bring continued chatter about national data privacy, it won’t come to fruition for another five to 10 years,” said Provin. “Consumers will continue to demand a better user experience and ‘always on’ availability of their devices and applications, which will require them to give up even more PII data to applications and services.”
The lack of data privacy rules will both help and harm security efforts. On the one hand, there will be more personal identifying information (PII) to steal, but presumably also more ways to establish user identity.
“Security professionals will be more difficult to recruit despite the huge interest and awareness around the importance of this role,” said Provin.
The growing gap will likely spur more use of AI and automation in cybersecurity products as well as an intense surge in internal cross-training programs for computer savvy employees.
“Security professionals will be more difficult to recruit despite the huge interest and awareness around the importance of this role,” said Provin.
The growing gap will likely spur more use of AI and automation in cybersecurity products as well as an intense surge in internal cross-training programs for computer savvy employees.
While it’s easy to foresee several current trends continuing into next year, 2020 isn’t shaping up to be just more of the same.
Among some of the most surprising developments in the new year is the high interest in adding quantum strategies to cybersecurity plans. Shareholder lawsuits are equally surprising as they gain traction against board members and thus are a rising enterprise threat.
An increase in Raspberry Pi popularity in IoT networks makes sense, but who saw that coming to the point that Raspberry Pi becomes a backbone for IoT? Conversely, VPNs look to be facing a surprising but potentially serious disruption, at least in the disaster recovery (DR) market.
Perhaps most alarming is the expectation of some experts that cyberthreats will leave bigger footprints on reality than the traditional data theft and all that implies.
BitSight’s Jake Olcott
“Despite years of warning, governments still haven’t invested in the cybersecurity of critical infrastructure, as highlighted during the March 2019 attack on the U.S. energy grid. In 2020, a Western government will be forced to quell looting and rioting when a cyberattack disrupts their electric grid,” predicts Jake Olcott, VP at security ratings company BitSight.
Even so, many attackers are going to go considerably more low-key next year.
“Zero-day vulnerabilities receive the most attention from the media, but in 2020, hackers won’t bother with these highly publicized attacks; instead, they will home in on simple strategies, like gaining access to a network through an org’s vendor or third-party or through lack of patching,” said Olcott.
“The NSA reports that it responds to intrusions from zero-day vulnerabilities very rarely — instead its time is taken up with incidents where unpatched hardware and software have been exploited.” Olcott added.
Most organizations will need a bigger budget next year to protect the ever-expanding threat surface and expand their defensive arsenal. In any case, cybersecurity is now a top critical risk for businesses of any size and the evolving issues require your full attention.
According to ISACA, CMMI and Infosecurity Group’s “State of Enterprise Risk Management 2020” study, 29% of respondents found that cybersecurity is the most critical risk category facing enterprises today and 33% believe that information/cybersecurity risk will be the most critical category of risk facing their organization in the next 18-24 months.
However, security pros should also take heart because all is not lost. Attackers wouldn’t have to work so hard to change their strategies and tactics if the security measures already in place weren’t so effective.
“As 2020 rolls up, it’s important to take a step back and understand the average internet user has never been safer. Automatic updates, embedded phishing protection and more help ensure the average user is safe to run his life online,” said Daniel Goldberg, senior security researcher at Guardicore.
“The flipside is that the check is coming due for a lot of organizations, large and small, that have failed to protect their company and customers’ data,” Goldberg added.
Click through the slideshow above to see what else the experts say 2020 has in store.
Read more about:
MSPsAbout the Author(s)
You May Also Like