Virtualization Technology News and Information
Armis 2020 Predictions: Top 5 2020 Predictions From the Desk of a CISO

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Curtis Simpson, CISO at Armis

Top 5 2020 Predictions From the Desk of a CISO

As 2019 -- and the 2010s more broadly -- come to a close, one thing has become clear: internet connectivity is now foundational to every facet of modern life, and it has created both new opportunities and new risks. According to our research, enterprise IoT devices are growing at 29% CAGR and will reach 7 billion by 2021. At that point, IoT devices will account for approximately 90% of all devices in enterprise environments, many of which are already in workplaces, improving productivity, collaboration, and convenience. This IoT explosion is pervasive and transformative, but for all of the benefits it has introduced, attackers have evolved in tandem, and enterprise usage today is not without risk. 

There are certain spaces that should be of particular concern to the board and C-suite; most notably, the use of IoT in mission-critical healthcare and OT environments, and in highly-regulated, emerging areas like data privacy.

As we kick off a new year and new decade, these are my top 5 predictions for the cybersecurity landscape in 2020.

IoT Will Take Data Protection & Privacy Efforts 10 Steps Back

The rapid adoption of IoT devices in enterprise environments to assist with shipping and distribution, manufacturing, and the delivery of healthcare to patients has enabled industries to minimize costs while expediting services in a way never imagined before. However, not enough attention is being paid the way IoT devices will remain secure, putting not only enterprise IP at risk but in certain environments, potentially running afoul of privacy regulations like GDPR and CCPA. I anticipate threat actors will increasingly take advantage of hastily deployed, insecure IoT devices as a point of entry for IP theft, and due to the spotlight on corporate data protection practices, leading to downstream impacts on privacy and compliance efforts as well.

Voice Deepfakes will become the new phishing bait

C-level executives, politicians and other high-profile individuals are already high-risk targets for standard email phishing attacks given their level of access and financial decision making within their organization. With advancements in the deepfake voice technology, I expect a rise of voice phishing schemes in 2020 in which employees are tricked into sending money to scammers or revealing sensitive information after getting voice messages and calls that sound like they are from the CFO or other executives. We've already seen one fraudulent bank transfer convert to $243,000 for criminals. Given how hard it is to identify these deepfakes compared to standard phishing attacks, I expect these operations will become the norm in the new year.

IoT attacks will hinder patient healthcare

The majority of IoT devices in healthcare organizations have been targeted by attackers within the last year, yet the reality is that most healthcare IoT devices can't be updated for security. This lack of patchability will come to a head in 2020. I've seen an infusion pump infected by malware that was still connected to a patient; in 2020, the vulnerable medical devices will be an increased focus for attackers and if compromised could prevent doctors from providing timely care to their patients and put lives at risk.

Energy grid attacks on the rise

As IT/OT convergence gains momentum, IT is discovering the scale at which connected devices have been deployed in OT environments -- but often in a haphazard manner and unmanaged by IT. Because IoT is often introduced outside the purview of IT's management, teams are scrambling to gather critical details like the types and quantity of devices introduced and integration. In 2020, attackers will continue to target this weak point in IT/OT convergence. In particular, as industrial environments move towards convergence, we'll see more attack attempts, particularly targeted at energy grids.

2020 is the year of CISO burnout

The security industry has been struggling with the skills shortage for years, and all along, the CISO has been creating solutions to work around these gaps. Pressure from lack of skilled resources, limited funding, on-the-job stress from security events, and lack of support from the C-Suite and board (until a major security incident) will come to a boil. In 2020, CISOs will express fatigue to their c-level peers. If nothing happens to change their circumstances, we'll start to see a migration of CISOs from large enterprises to smaller, more nimble companies in the next 2-3 years.


About the Author

Curtis Simpson 

As CISO at Armis, Curtis is responsible for ensuring that the Armis product continues to maintain its high standard and vigilant focus on platform and customer security and privacy. Curtis brings 20 years of diversified information technology experience, with direct information security and management experience in positions of increasing responsibility. Prior to joining Armis, he served as Vice President and Global CISO at Sysco -- a Fortune 54 corporation. Curtis directed a portfolio of innovative and effective, business-focused security and compliance programs responsible for reducing security risks faced by a global organization.

Published Thursday, January 09, 2020 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>