Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Saryu Nayyar, CEO of Gurucul
11 Ways Cybersecurity Will Change in 2020
From the advent of 5G to the proliferation of
AI and Smart Devices, 2020 will usher in a host of new challenges for those of
us on the cyber security front lines. But technology advances won't just force
changes in security next year, some will also help us detect threats more
quickly, easily and reliably than before.
My colleagues at Gurucul, Nilesh Dherange, CTO
and Craig Cooper, COO and I have assembled 11 significant changes we expect to
see in the year ahead. Here's the list:
1. 5G is coming. Are you ready?
Major 5G network deployments are expected
in 2020, and the technology will create opportunities across many industries
with its next-gen mobile Internet technology and lightning fast speeds.
Analysts expect triple digit market growth over the next five years in the EU
(ResearchAndMarkets.com) and double digits in the U.S. However, 5G has a cyber
dark side.
Enterprises looking at 5G may experience
security challenges with disparate network configurations and differing
solutions and approaches from vendors. Some of the biggest 5G issues we expect
to see in 2020 involve the supply chain and deployment. The vast 5G supply
chain is susceptible to the introduction of vulnerabilities including malicious
hardware/software and poor designs. Many of the companies providing hardware
and software for 5G networks have their own security vulnerabilities, so we are
expecting an increase in network asset compromise and a negative impact on the
confidentiality and availability of data. As for the deployment of 5G networks,
security issues will include an increased attack surface, due to more
information and communication technology (ICT) components used compared with
previous generations of wireless networks.
"5G is the connectivity technology of the
future." said Nilesh Dherange, CTO of Gurucul. "Expect to see a significant
spike in 5G handsets this year, making the attack surface exponentially
higher."
2. Expect an increase in supply chain attacks.
Cyber criminals look for the easiest path
to achieve their goals, and that path can run straight from third party vendors
into your organization. Both the Target data breach of 2013 and the 2010
Stuxnet attack were initiated through vulnerable third-party providers.
While attacks via the supply chain are
already prevalent, we expect to see an uptick in 2020. Suppliers, external
developers, service contractors and other third parties that have access to
your critical systems can have weak cybersecurity programs and processes,
providing a rich target for cyber criminals that leads straight into your
organization.
According to Craig Cooper, COO of
Gurucul, "Threat actors are looking for the easy path in. Supply chain attacks
allow attackers to gain access to multiple enterprises while staying under the
radar of IT security."
3. Hackers with automated tools will increase
the velocity of attacks.
Automation has been used sparingly in the
enterprise due to the number of false positives generated by older technologies
and the risk of impeding employees in their work. However, this will have to
change in 2020.
Hackers will increase their use of
automated tools, and this will lead to massive increases in the volume of data
that cyber security teams will have to manage. This quickly becomes impossible
for humans to analyze and manage. We expect to see an increase in the use of
machine learning technologies that will help security teams intervene when the
data indicates an actual cyberattack in progress.
Enterprises will need to improve their
use of automation in cyber security, and this will help IT security focus their
efforts on high-risk threats. Increased use of machine learning technologies
will be key in 2020.
4. Cyber security budgets will increase
drastically.
In 2020, we expect organizations to
significantly increase spending on cyber security but we also expect to see an
uptick in data breaches. The big challenge will be to focus spending in the
right areas.
Many organizations struggle with basic
cybersecurity hygiene, including patching, frequently changing privileged
credentials and utilizing multi factor authentication. Additionally,
organizations continue to use yesterday's security technologies to fight
tomorrow's security battles. For instance, rules based security solutions like
SIEMs are great for detecting known vulnerabilities, but they are ineffective
against new, unknown threats. So even as companies invest large sums of money,
data breaches will continue.
As Craig Cooper says, "Organizations will
continue to increase spending on security but will also continue to struggle
with preventing breaches. Regardless of whether it is an employee mistake, lack
of resources, or operational priorities, we are sure to see this trend continue
in 2020."
5. Organizations will seriously focus on the
Insider Threat.
Insider threat attacks are much more
lucrative due to insiders having the keys to the kingdom and knowing where the
valuable data resides. While organizations have recently been spending large
amounts of money securing network perimeters, cloud systems and services, in
2020 they will focus on tackling the insider threat element, which to be
successful requires more than technology. They will need to address processes
and policies, and they will need to coordinate efforts across multiple
departments.
According to our research, 40% of
organizations can't detect insider threats or can only detect them after the
data has left the organization. And according to the Verizon Insider Threat
Report, 57% of database breaches involve insider threats. More organizations
are now recognizing the threat from within as well as the external threat, so
2020 should be the year in which proactive insider threat security programs
become more mainstream.
To tackle the challenge of the malicious
insider, companies will need to utilize machine learning algorithms that are
specifically tuned to detect behaviors indicative of malicious intent. Data
science has successfully derailed employees and third-party contractors intent
on theft and fraud. Insider threat detection and prevention will be a priority
in 2020.
6.
Healthcare fraud will be in the spotlight.
Defrauding health insurance companies,
healthcare providers and individual consumers is big business. With false
insurance claims, duplicate claims, inflated claims, fake healthcare provider
websites, insurance scams, the list of healthcare fraud is long and growing, in
no small part due to increasingly complex, interconnected healthcare systems.
As the population ages, hackers are
increasingly targeting the elderly and frail. Governments can't investigate
every consumer complaint, and healthcare companies continue to struggle with
conflicting priorities. It's a systemic weakness and hackers will up the ante
in 2020, placing organizations and patient lives at risk.
According to Craig Cooper, "Healthcare
should be about saving lives. So, it's no surprise that cybersecurity takes a
back seat to medical innovations even though data breaches can literally put
lives at risk if patient treatment, data or medical operations are compromised.
It's hard for IT staff in healthcare organizations to get share of wallet, let
alone share of mind. Unfortunately, priorities will only shift when healthcare
fraud detection and prevention tools become more critical than life support.
Sadly, that time is not far off."
7.
More attacks will be directed at the cloud.
As organizations continue to migrate
their data and workloads to the cloud in 2020, we expect more attacks to target
cloud service providers as a way to pilfer data from companies the cloud
providers serve. As a result, companies will look for more ways to gain
visibility and control over data across their cloud environments. Organizations
that work with sensitive data will start pressuring their cloud service
providers to adopt the same level of data security measures that they apply
internally.
We also expect to see more controversy
from governments stepping in to investigate cloud-based breaches (like the
Capital One breach), and more finger pointing between cloud hosting vendors and
customers whose data has been breached.
Nilesh Dherange says, "In 2020 companies
will invest even more heavily in cloud security as they increasingly migrate to
the cloud. Supporting DevOps use cases and enforcing secure cloud
configurations are the initiatives that will spur the increase."
8.
AI-based cyber attacks will increase.
In 2020 we will see an increase in
cyberattacks that use Artificial Intelligence (AI) and Machine Learning.
Weaponized AI will be used by attackers to find and exploit weaknesses, and to
take information gleaned from successful hacks to develop even more powerful
attacks.
As machine learning development tools
become simpler to use, criminals will increasingly easily leverage them in new
attacks. While some of their initial AI attacks will be rudimentary, hackers
will grow more sophisticated using AI to create malware capable of adapting to
obstacles. Techniques like AI-enabled spear phishing will let attackers launch
phishing attacks at scale, significantly increasing their chances for success.
Nilesh Dherange warns, "Attackers are
already leveraging AI to evade detection and build more effective attacks. But
2020 will see the most AI-backed cyberattacks to date. Given the immense volume
of data available online, AI will be utilized to build even more narrowly
targeted attacks by learning about potential victims."
9.
Small, municipal governments will be targeted with ransomware.
Local government networks are often seen
as low hanging fruit by cyber criminals. Smaller government agencies lack the
budgets for efficient information security programs, and the IT departments are
frequently understaffed with experienced workers.
In 2019, we saw an increase in
well-coordinated ransomware attacks, including the ones that impacted 22
communities in Texas. Nearly two-thirds of all ransomware attacks in the United
States in 2019 targeted state or local governments, according to IT security
firm Barracuda Networks. According to research from Coveware, governments paid
almost 10 times as much ransomware money on average as their private-sector
counterparts over the second quarter of 2019. While the overall rate of
ransomware attacks may diminish, ransomware attacks against municipalities will
increase in 2020 as criminals go where the money is.
Craig Cooper explains, "Ransomware
attacks are common because they're profitable for the attackers. Ransomware
usually relies on human errors or known, unpatched vulnerabilities to succeed.
When it does succeed, and the victim doesn't have backups, the attacker's
extortion tactics often work. Many government agencies have overburdened IT
departments, sometimes without the resources or experience to handle today's
cyberattacks. For that reason, we can expect to see more successful ransomware
attacks against government agencies in 2020."
10.
Malware attacks against medical devices will threaten healthcare.
Ransomware attacks on medical devices is
continuing to increase. While these attacks have mostly been under the radar,
we can expect more of these highly targeted attacks in 2020.
In the past, medical devices were built
with proprietary firmware or other exclusive features. That meant the ROI for
compromising medical devices wasn't lucrative. But now manufacturers are
building cheaper and more scalable medical devices running Windows, and this
approach greatly expands the opportunity to adapt and scale attacks across a
wide range of devices.
Consequently, medical devices are
increasingly in the crosshairs of automated ransomware attacks, and the
healthcare industry is unprepared. Due to the mission critical, live or die
nature of medical devices, cyber criminals are placing a safe bet that their
victims will pay up.
Within the next five years, 44% of
medical technology companies surveyed by Deloitte predict that all of their
devices will be connected through IoT. This shift is creating a dangerous new
attack surface. Despite the growing threat to medical devices, most U.S.
healthcare providers still lack a documented strategy for protecting them, thus
ensuring that this will be a trending cyber threat in 2020.
11.
Business Email Compromise (BEC) will become a top threat.
BEC has been used by bad actors for a
considerable amount of time. Based on what we have seen in 2019 this threat has
not only increased in complexity, but also in profitability. According to
Forrester, the estimated exposed losses due to BEC between 2016 and 2019
totaled $26 billion. We expect that BEC will become even more profitable than
ransomware in 2020.
Historically BEC attacks got users to
unknowingly install malware that allowed bad actors to gain access to networks
and resources to gather data. More recently, BEC has been used to create
plausible changes to payments, sometimes to the tune of millions of dollars, to
redirect funds to the attackers' own accounts. This short circuits the need for
hackers to waste time digging in a customer network for usable data. They
simply compromise email accounts and watch conversations until they have
sufficient information to interject and make changes to routing funds.
BEC impacts finance teams more than IT,
so there are few, if any, controls in place to identify and stop this
fraudulent activity. It's not like you
can configure your security solution (firewalls, IPS, DLP etc) to block these
transactions. BEC traverses boundaries and becomes part of the fraud team's
work (if there even is a fraud team in the organization). For these reasons,
BEC attacks will be on the rise in 2020.
We've laid a stake in the ground with
these predictions for 2020, but being right isn't really as important as
helping others prepare for the challenges on the horizon. We hope this
information helps you navigate the year ahead and that you will be successful
in defending your organization against the year's cyberthreats.
##
About
the Author
Saryu Nayyar is CEO of Gurucul,
a provider of behavioral security analytics technology. She is an
internationally recognized cybersecurity expert, author, speaker and member of
the Forbes Technology Council. Saryu was named 2017 EY Entrepreneurial Winning
Women and 2018 Thought Leader in SC Media's Reboot Leadership Awards. Prior to
founding Gurucul, Saryu was a founding member of Vaau, an enterprise
role-management start-up acquired by Sun Microsystems. She has held leadership
roles in product strategy for security products at Oracle and Sun Microsystems,
and spent several years in senior positions at the IT security practice of
Ernst & Young.