Virtualization Technology News and Information
BAE Systems 2020 Predictions: Cyber Sophistication - Top Five Cyber Security Predictions for 2020

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Dr. Adrian Nish, BAE Systems Applied Intelligence

Cyber Sophistication - Top Five Cyber Security Predictions for 2020

With no sign of cyber security criminal activity dropping, 2020 will be a pivotal year for businesses and governments across the globe dealing with ever-evolving cybersecurity threats. As new technologies and techniques accelerate at a rapid pace, your cybersecurity defenses have never needed more support than at this moment.

Over the past year, our threat intelligence analysts have seen cyber criminal gangs become more sophisticated, with new financial targets in mind. New sectors and subsectors in the financial services industry will be impacted in 2020 and we may even see the rise of a new international cyber power.

Adrian Nish, BAE Systems Head of Threat Intelligence shares what your company should watch out for in 2020.

1.  Cyber concerns become safety concerns

Human safety has become dependent on automated, connected, cyber-physical systems. Factory machinery, medical devices, autonomous vehicles or city energy distribution going down could be disastrous - impacting not just costs but human life. We have already seen cyber attacks disrupt access to basic resources with the BlackEnergy and Industroyer malware in 2015 and 2016 - it is only a matter of time until we see a cyber threat to human life.

If safety is compromised by an attributable state-sponsored cyber attack, this will draw the attention of governments and international law - the Secretary General of NATO Jens Stoltenberg has already made it clear that a cyber operation could trigger Article 5, and adversaries may choose 2020 to test that commitment.

As cyber threat actors focus more on targeting industrial equipment and critical infrastructure including emerging 5G technology, there needs to be a big shift in safety mentality to include cyber security, or we anticipate civilians will suffer the physical consequences of cyber attack in 2020.

2.  As criminal cyber operations become more sophisticated, attacks on financial infrastructure will rise

Previously we've largely seen cyber criminals attack consumers, business accounts, and banks. In 2020 criminals will delve deeper into the financial ecosystem, targeting payroll services, interbank networks, Fintechs and Open Banking.

These high-end cyber criminal groups are funded in part by their global money-stealing cyber operations, by large ransomware payouts including from government and critical infrastructure targets, and even by some of the state-sponsored cyber threat groups that we track, who increasingly purchase tools and victims from cyber criminals. With more funding channels and better toolsets, there is no sign of cyber criminal activity dropping.

3.  Cyber insurance policy holes lead to legal action

Until recently, cyber security risks have been absent from insurance documents, with some insurers refusing to pay out after a cyber attack under the "acts of war" exemption.

Cyber insurance products are emerging but still need to tackle the array of possible outcomes: what costs would arise from a denial-of-service ransomware attack, versus theft of personal data, versus a threat to leak intellectual property? What if the attack is made possible by a cyber vulnerability that the organisation should have known about and mitigated already?

As it becomes clearer what a cyber attack actually costs, and who has insurance, criminals will adapt their targeting and ransom demands accordingly.

4.  Social media companies invest in bigger compliance teams

Social media giants operating globally often appear to have an "open to all" philosophy about sharing content online, however they still have to comply with individual laws of the countries in which they operate.

Governments have different stances and priorities when it comes to free speech, violent or extremist content, online abuse, political campaigning, and fake news. Well-planned misinformation campaigns and hyper-realistic "deep fake" video technology further complicate the challenge of establishing which content to block.

The desire by governments to clamp down on parts of the vast and complex online content will make it harder for social media platforms to keep compliant with many different laws across the world. This can be compared to the banking sector, where a global bank investigating a fraud or money-laundering operation needs large compliance departments to address the challenges of operating with different national laws and regulations.

5.  Rise of a new international cyber-power.

The internet and computing technology have been democratising forces since their inception, and the barriers to entry in tech are lower than ever. 2020 may be the year a new international power takes the world stage - all because of their cyber capability. A previously smaller or sidelined country could establish offensive cyber capabilities that would put the international community on alert.

The best wisdom in the intelligence community tells us to stop fighting the last war and look to what the next one will be. A protracted period of back-and-forth cyber attacks could bring the world to a sudden stop. As more countries and militaries begin to realise the importance of cyber defence, bad actors will turn to higher-tech threats to get what they want. In 2020, we may hear less about a nuclear option, and more about a cyber option. In the wrong hands, it could be just as threatening.


About the Author

Dr. Adrian Nish 

Dr. Adrian Nish leads the Threat Intelligence team in BAE Systems cyber-defense division. His team tracks both criminal and national security threats to build a picture of the actors in terms of their motivation and capabilities. These insights feed the technical defensive systems deployed by customers as well as providing context for decision makers.
Adrian regularly advises Government and Business on evolutions in the threat landscape. Adrian holds a PhD in Physics from the University of Oxford and is an Associate Fellow at the London based defense think-tank RUSI.

Published Monday, January 13, 2020 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>