Virtualization Technology News and Information
Mimecast 2020 Predictions: Deep fakes, AI and IoT will be utilized by threat actors as attacks increase in sophistication

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

Contributed by Mimecast executives

Deep fakes, AI and IoT will be utilized by threat actors as attacks increase in sophistication

As we close out the busy year in cybersecurity, the executives at Mimecast look ahead to the trends and themes they expect to see in 2020 and beyond. Mimecast provides comprehensive, pervasive email security to organizations at the perimeter, inside the perimeter and beyond the perimeter. Mimecast thought leaders give their insights on what we might see in 2020 with regards to deep fakes, cyber insurance, public sector attacks and much more. For more predictions, check out their latest Threat Intelligence Report.

Matthew Gardiner, Security Strategist

Matthew Gardiner 

With more than 15 years focused in security, Gardiner's expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies.

"The discussion around the security "skills gap" evolves to an increased discussion around the "security automation" gap - too many manual security steps contribute heavily to the apparent security skills gap.

Cloud-to-cloud integration (and the existence of open APIs and off-the-shelf integrations) of security cloud services will increase in importance as more traditionally on-premises security controls move to the cloud...thus the need for integration shifts to cloud-to-cloud."

Bob Adams, Security Strategist

Bob Adams 

As the threat landscape evolves, Adams focuses on understanding the anatomy of attacks. He works closely with our Product Management team to continually enhance our products, to devise new ways to protect our customers.

"2020 will see the greatest uptick in the use of advanced artificial intelligence - in both the defense AND offense of cyberattacks. Organizations aiming to implement AI will have to spend time monitoring their tool's effectiveness and accuracy, while attackers have incredible amounts of information gathered through Open-source intelligence. The balance between those trying to defend versus attack is a digital battlefield that will see a continually shifting landscape."

Josh Douglas, VP, Threat Intelligence

Josh Douglas 

Douglas joined Mimecast in 2019 after a stint as Chief Information Security Officer for TRC Companies Inc. He has two decades of experience in helping global organizations secure their most prized business/mission assets. Before TRC, Josh spent 12 years at Raytheon serving as the Chief Technology Officer for Forcepoint/Raytheon Cyber Products and Chief Strategy Officer for Raytheon Cyber Services. He is a forward-looking cybersecurity executive who creates advanced services and solutions that help protect enterprises from ever-changing risks and threats.

"In 2020 we will see a rise in attacks utilizing platforms and mediums that promote productivity and mobility. In an effort to simplify the experience of the end-user, create rapid communication and automate mundane tasks, attackers are able to leverage these same benefits to abstract and hide in plain sight. We have seen such activities around Microsoft's Forms being leveraged against its own consumers to mimic the brand and steal credentials."

Jonathan Miles, Head of Strategic Intelligence and Security Research

Jonathan Miles 

Miles has worked in the public sector as an intelligence, counterintelligence, and security analyst for more than two decades, with particular interests in threat intelligence, cyber intelligence, and threat modelling. At Mimecast, he is the Head of Strategic Intelligence and Security Research, with a responsibility for providing threat intelligence reporting focused on email threats blocked by Mimecast, horizon scanning activities, and research into the current and future threat landscapes.

"Cyber insurance will be a topic to watch in 2020. Will a rise in popularity of cyber insurance mean that companies will pass on resilience concerns to after incident remuneration? Will rise in attacks seek to pass costs onto insurance companies for data loss rather than being proactive and fixing issues to prevent incidents and losses from occurring? Will this merely be a safety net, with no insurance for reputational damage that will likely follow customers' loss in confidence of any brand. Fines and financial damage are only passed on to third party / insurance provider, but will they insist on certain resilience / system metrics being in place? Will insurance companies shape protective network security infrastructure, with preferred suppliers in place?"

Carl Wearn, Head of E-Crime and Cyber Investigations

Carl Wearn 

Wearn provides threat intelligence focused on email threats blocked by Mimecast. His work adds a wider context for organizations that face attacks, he helps them understand who is targeting them and why. Prior to Mimecast, Carl worked as a UK Police officer in London for 24 years, specializing in antisocial behavior and court applications before moving into the Metropolitan Police's Falcon fraud and cybercrime command in 2014. This work also included the specialist investigation of high value cyber related fraud and management of the commands tasking process.

"The internet of things (IoT) will increasingly be subject to attack and compromise with the potential for embarrassing security and extortion opportunities being realized during numerous incidents throughout 2020. A number of serious security breaches and criminal offenses will result from these compromises globally in 2020. As a consequence of these events, and increasing data privacy concerns in general, there will be increased legislating in relation to the connectivity and use of such connected devices. This area of connectivity and the general lack of security inbuilt to these devices has been significantly ignored for too long and public awareness as to their uses and potential exploitation is growing.

Implantable nano technology will be more widely tested for convenient use in "smart homes" and for access to vehicles, and inbuilt security will, for the first time, be considered absolutely critical to the construction of devices as a result of this impetus (potentially a 2-10-year journey).

A significant compromise at a well-known University will result in the loss of highly sensitive research information key to a particular nation's future national security (It's likely we'll never hear about it though...)."

Garth Landers, Product Marketing Director, Archiving

Garth Landers 

Landers is the Director of Product Marketing for the Mimecast Cloud Archive. Prior to joining Mimecast, he was a Research Director/Analyst at Gartner with primary coverage responsibilities for advising clients on archiving management software and related topics such as e-discovery and information governance policies and procedures. In addition, he provided research and advisory services in other areas related to storage, software and services associated with archive and backup/recovery.

"The State of NY will hand out significant fines related to non-compliance with the SHIELD Act and privacy violations which goes into effect March 2020.

We will begin to see an increased interest in archiving and governance of video content such as Zoom in the workplace. In addition, "deep fakes" and the use of apps like Tik Tok on company issue devices or sanctioned use, will reinforce this trend in a mainstream way.

The continued enterprise interest in blockchain will result in it surfacing as evidence (Electronically Stored Information) in litigation in at least one high profile case."

Garrett O'Hara, Principal Technical Consultant

Garrett O'Hara 

O'Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organizations understand and manage their cyber resilience strategies.

"Technology and people will continue to be critical, with a refocus on the importance of good supporting processes. The emergence of deep fake voices, and possibly soon video, points to flaws with human to human biometric tests (voice, visual on a VC, etc.) for any process workflow. Organizations will be forced to use processes that remediate social engineering attacks - a simple example being to always call the organization requesting a bank details change using their public number."

Dirk Jan Koekkoek, VP, DMARC at Mimecast

Dirk Jan Koekkoek 

Jan Koekkoek was the CEO & co-founder of DMARC Analyzer which was acquired by Mimecast in November of 2019.

"For many years, we have seen a trend of attacks becoming more sophisticated. In a relatively short amount of time, malicious actors have found a lucrative way to monetize their attacks with ransomware and cryptocurrency. This trend is catalyzed by the fact that more and more organizations and their cybersecurity insurance companies choose to pay the ransom as opposed to recovering from backups. Money is flowing into the dark ecosystem. An increasing number of big organizations and large enterprises have appropriate security measures in place. Bad actors will move further down to SMB and relatively smaller public organizations such as municipalities and universities. Ransomware as a service (RaaS) has proven its business model and will grow further. With this being available to less organized groups or even individual attackers, the landscape will see even more email phishing."


Published Friday, December 27, 2019 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2019>