Virtualization Technology News and Information
Resecurity 2020 Predictions: What does the threat intel landscape look like in 2020?

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Gene Yoo, CEO and cofounder of Resecurity

What does the threat intel landscape look like in 2020?

2019 proved that we still have a long way to go in making the cyber world a safer place. The appearance of new threats and security challenges this year only further demonstrates how important the threat intelligence community is. Looking at the past year, we have a sense of what the threat landscape will be in 2020 -- we'll see things like targeted phishing attacks with much larger stakes; a focus on data-driven intelligence over innovation; and the rise of more women in cybersecurity.

1. Phishing will get more sophisticated and bad actors will more often target the biggest fish possible: CEOs. Specifically, whaling attacks will be on the rise. Unlike a phishing attack, which may be targeted at the general rank-and-file in a corporation, a whaling attack is personalized for the recipient. Whaling attacks are crafted to appear to come from a trusted source, such as another executive in the company or potential partnering company. The attacker's goal is to get the recipient to act impulsively without considering the validity of the request or the authenticity of the email itself. Unfortunately, the threats are always changing, and criminals are continually trying new techniques to avoid detection. In the case of spearphishing and whaling attacks, we see cybercriminals sending emails to several different individuals as part of a single attack. The time and effort required to execute these highly orchestrated attacks can pay back in dividends. Fortunately, security researchers are also doing their own work to stay up to date with the techniques and tactics cybercriminals are using. We are constantly collecting and analyzing methods that criminals are using to compromise information systems.

2. We'll see more women rising to the top in cybersecurity. In the cyber world, the need for complex thinking is critical. In the past, success in this field was more about knowledge of the tool base, but in today's world sophistication in thought, semantics and strategy is imperative. This is what women bring to the cybersecurity field. Studies have shown that female brains may be optimized for combining analytical and intuitive thinking. And other studies show that the female brain is simply more wired for leadership. Let's look at some recent examples of the top leaders in cybersecurity, all women: Myrna Soto has demonstrated success managing global cybersecurity and technology risk programs at leading Fortune 500 companies. Tanya Janca, formerly of Microsoft, recently launched Security Sidekick, who's whole mission statement is about approaching app security from a different angle. That means thinking differently. Then there's Resecurity's own Selene Giupponi coming up through the ranks, leading our entire European operations. She's also a founding member of the European Cyber Security Organization (ECSO) and is in Women4Cyber. I think 2020 will show the glass ceiling getting some more cracks in it.

3. We'll see more focus on the data-driven details of cybersecurity, not "innovation." Why? Because the bad actors exploit every weakness they find, and we simply are offering up too many weaknesses. As long as we in the tech development industry are more focused on the "bells and whistles" of technology than we are on embedding data-driven cybersecurity, we are going to have hygienic mistakes in our code. These mistakes lead to highly coordinated attacks around elections, sporting events and other high profile happenings. Some of the ways the bad guys are getting in are so blatantly simple to fix, we'd argue they shouldn't have happened in the first place. Yes, we can and do provide incremental fixes but that doesn't solve the bigger problem: the focus on innovation has led to some sloppy cybersecurity. In 2020, we need to make a conscious effort worldwide to spend more time developing the details, creating data-driven cybersecurity from the beginning of a software's lifespan.


About the Author

Gene Yoo 

Gene Yoo is the CEO and cofounder of Resecurity, the Los Angeles-based cybersecurity firm. He has over 25 years of experience in cybersecurity for some of the world's largest brand names such as Warner Bros., Sony, Computer Science Corporation, Coca-Cola Enterprise, Capgemini, and Symantec. Most recently, Gene served as Senior Vice President and Head of Information Security for City National Bank. He also served in an advisory role to Phantom (acquired by Splunk), Protectwise (acquired by Verizon), Elastica (acquired by Blue Coat) and Vorstack (acquired by ServiceNow). 

Published Thursday, January 02, 2020 7:42 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>