Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Gene Yoo, CEO and cofounder of Resecurity
What does the threat intel landscape look like in 2020?
2019 proved that we still have a long way to go in making the
cyber world a safer place. The appearance of new threats and security
challenges this year only further demonstrates how important the threat
intelligence community is. Looking at the past year, we have a sense of what
the threat landscape will be in 2020 -- we'll see things like targeted phishing
attacks with much larger stakes; a focus on data-driven intelligence over
innovation; and the rise of more women in cybersecurity.
1. Phishing will get more sophisticated and bad actors will more
often target the biggest fish possible: CEOs. Specifically, whaling attacks will be on the
rise. Unlike a phishing attack, which may be targeted at the general
rank-and-file in a corporation, a whaling attack is personalized for the
recipient. Whaling attacks are crafted to appear to come from a trusted source,
such as another executive in the company or potential partnering company. The
attacker's goal is to get the recipient to act impulsively without considering
the validity of the request or the authenticity of the email itself.
Unfortunately, the threats are always changing, and criminals are continually
trying new techniques to avoid detection. In the case of spearphishing and
whaling attacks, we see cybercriminals sending emails to several different
individuals as part of a single attack. The time and effort required to execute
these highly orchestrated attacks can pay back in dividends. Fortunately,
security researchers are also doing their own work to stay up to date with the
techniques and tactics cybercriminals are using. We are constantly collecting
and analyzing methods that criminals are using to compromise information
systems.
2. We'll see more women rising to the top in cybersecurity. In the cyber world, the
need for complex thinking is critical. In the past, success in this field was
more about knowledge of the tool base, but in today's world sophistication in
thought, semantics and strategy is imperative. This is what women bring to the
cybersecurity field. Studies have shown that female brains may be optimized for combining analytical and
intuitive thinking. And other studies
show that the female brain is simply more wired for leadership. Let's look at
some recent examples of the top leaders in cybersecurity, all women: Myrna Soto
has demonstrated success managing global cybersecurity and technology risk
programs at leading Fortune 500 companies. Tanya Janca, formerly of Microsoft,
recently launched Security Sidekick, who's whole mission statement is about
approaching app security from a different angle. That means thinking
differently. Then there's Resecurity's own Selene Giupponi
coming up through the ranks, leading our entire European operations. She's also
a founding member of the European Cyber Security Organization (ECSO) and is in
Women4Cyber. I think 2020 will show the glass ceiling getting some more cracks
in it.
3. We'll see more focus on the data-driven details of
cybersecurity, not "innovation." Why? Because the bad actors exploit every weakness they find, and
we simply are offering up too many weaknesses. As long as we in the tech
development industry are more focused on the "bells and whistles" of technology
than we are on embedding data-driven cybersecurity, we are going to have
hygienic mistakes in our code. These mistakes lead to highly coordinated
attacks around elections, sporting events and other high profile happenings.
Some of the ways the bad guys are getting in are so blatantly simple to
fix, we'd argue they shouldn't have happened in the first place. Yes, we can
and do provide incremental fixes but that doesn't solve the bigger problem: the
focus on innovation has led to some sloppy cybersecurity. In 2020, we need to
make a conscious effort worldwide to spend more time developing the details,
creating data-driven cybersecurity from the beginning of a software's
lifespan.
##
About the Author
Gene
Yoo is the CEO and cofounder of Resecurity, the Los Angeles-based cybersecurity
firm. He has over 25 years of experience in cybersecurity for some of the
world's largest brand names such as Warner Bros., Sony, Computer Science
Corporation, Coca-Cola Enterprise, Capgemini, and Symantec. Most recently, Gene
served as Senior Vice President and Head of Information Security for City
National Bank. He also served in an advisory role to Phantom (acquired by
Splunk), Protectwise (acquired by Verizon), Elastica (acquired by Blue Coat)
and Vorstack (acquired by ServiceNow).