By Dr. Srinivas Mukkamala, CEO of RiskSense

RiskSense CEO Predicts Five Major Security Threats in 2020

Willy Sutton famously said that the reason he robbed banks was, "That's where the money is." In projecting cyber-security trends for 2020, the best predictor is to focus on where the money is for perpetrators. Cybercrime is a mature industry dominated by large and technically sophisticated criminal syndicates. They behave like every other legitimate business in that their goal is to simply maximize revenue while controlling costs. There is one BIG exception to this rule for 2020, but we'll get to that.

Five major trends will dominate cyber security next year, some are threat oriented while others are inward looking and focus on defensive measures. Here they are... 

Ransomware

Ransomware will continue to be the growth driver in cyber-crime. The reason is simple, it's the shortest distance between investment and revenue for its perpetrators. Unlike, identity theft, crypto-currency theft, or bank fraud, ransomware is a fast, cheap, and effective method of extracting fees from victims. But ransomware too is showing signs of maturity. The rate of appearance of new ransomware families fell by half in 2019(1). The reason for this is that the families that did appear were more sophisticated, harder to prevent, and contained better distribution mechanisms. 

At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019(2). But this number really understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites(3).

Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company's Q1 profit also fell 82% due to production downtime caused by the attack(4).

The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware.

Automation and Orchestration

While many organizations (and security vendors) will continue to focus on developing and deploying new detection technologies, progressive enterprises will look for ways to better utilize the tools they already have in place. In most cases this will involve automating and orchestrating common and repetitive remediation tasks to free up security analysts to focus on more sophisticated threats and vulnerabilities. The battle cry from many CISOs in 2020 will be, "Stop giving me ‘actionable data' and tell how we can take unattended actions that don't require people."

Container Security

Concern for container security will continue to increase significantly and with good reason. With 90% of enterprises currently implementing containers(5), securing these assets is now a top priority. While the prevention technologies like TwistLock, Aqua, and StackRox are important, the ability to map vulnerabilities to individual container assets (static and run-time), which has proven so valuable for securing other parts of the IT attack surface, is sorely lacking. One of the leading security vulnerabilities that will need to be addressed in 2020 is that far too many containers are running with far too many privileges. In these scenarios, if one container is compromised, an attack can quickly laterally across the enterprise IT infrastructure. 

As an industry, we invested heavily on identity and access management at the user level, but have not done the same for container and cloud implementations.

Data Supply Chain

It's no longer sufficient for an enterprise to simply lock down its own infrastructure, since every organization, large and small, relies on a patchwork of third parties for their data supply chain. As such, organizations are not only responsible for protecting their own data but ensuring its security and integrity when used by "downstream" companies. Several large data breaches this year did not involve the enterprises that collected the data, but rather their analytics service provider partners. 

My belief is that this phenomenon will drive the majority of big enterprises to insist on data protection and security as part of their supplier contracts and demand transparency from vendors in terms of their security posture and defensive measures. 

The Election

Next year we can expect to see a range of cyber attacks that will target the U.S. presidential election in much more sophisticated ways than the social media campaigns we experienced in 2016. Several nation states have vested interests in influencing or disrupting the 2020 election and we are ill-prepared to defend against such foreign intervention. 

One of the things to keep in mind is that from a data management perspective, the U.S. presidential election isn't a single data collection and processing exercise. It spans 50 different instances that are independently operated by different teams using different tools and security processes. As it turns out, a bad actor does not have to compromise all 50 election systems to influence or disrupt the election. The outcome of the election will be determined by results in a dozen or fewer swing states(6). I expect we'll see significant phishing activity targeting the offices of the Secretary of State and other election officials in these battleground states starting in the spring. Their aim will be to establish undetected beachheads that can be exploited next fall. 

##

About the Author

Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, is a recognized expert on artificial intelligence (AI) and neural networks. He was part of a think tank that collaborated with the U.S. Department of Defense and U.S. Intelligence Community to apply these concepts against cybersecurity problems. Dr. Mukkamala was also a lead researcher for CACTUS (Computational Analysis of Cyber Terrorism against the U.S.) and holds a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing.

References:
(1) TrendMicro
(2) Coveware
(3) https://www.itgovernance.co.uk/blog/the-5-biggest-ransomware-pay-outs-of-all-time
(4) BBC & CNBC
(5) Portworx
(6) Colorado, Florida, Iowa, Michigan, Minnesota, Ohio, Nevada, New Hampshire, North Carolina, Pennsylvania, Virginia, Wisconsin