Virtualization Technology News and Information
Instart 2020 Predictions: The Blindspot Security Threats You Need to Prioritize in 2020

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Jon Wallace, Security Technologist, Instart

The Blindspot Security Threats You Need to Prioritize in 2020

There's little doubt about the massive impact security threats can have on a company's revenue stream, customer retention, and overall brand perception. But consumers still remain largely uneducated about the risks they are up against, and security professionals are faced with increasingly complex challenges when dealing with sensitive information online. As breaches become more sophisticated, it's critical for security teams to understand the gaps in their web security strategy and for consumers to make more informed decisions with their data.

As 2020 approaches, we'll continue to see data thefts rise significantly across all industries, with an emphasis on sensitive consumer data, as well as increased browser exploits. As a result, we will see an increase in compliance regulation and punitive action taken on organizations that fail to adequately protect their users. These three predictions will shape the way businesses analyze security blind spots and will encourage consumers to hold businesses accountable for protecting data. Here's how: 

Prediction 1: Data theft will increase significantly

Data theft is nothing new, but the value of stolen data for hackers will only increase in 2020. If an attacker is able to steal a large enough cache of data from a website, the potential profits from selling the data on the dark web can be very high - but this all depends on what the data consists of. A credit card number for example, with complete details, is worth around $30, but a person's medical records can be worth $1,000. Diplomas and passports are also worth anywhere from $100 to $2,000 and upwards.

With this in mind, attackers aren't settling on just stealing credit card numbers. They are expanding their malware and targeting sites where there is more opportunity to mine and steal a plethora of personal consumer information. 

Prediction 2: GDPR and CCPA will show their teeth

In 2020, we'll see oversight bodies make organizations feel more pressure. The reality is that in order to force an organization to act, they must feel substantial pain. This happened to British Airways earlier this year when the company was given a fine amounting to 1.5 percent of its annual revenue after they were hit with a data breach in 2018. GDPR penalties can currently be as high as 4 percent of a company's annual revenue, which is a significant loss for any organization.

In light of consumer lack-luster negativity against organizations over their data-loss, compliance bodies will look to ‘act in the consumer's behalf' and punish organizations for not protecting their customers sufficiently - and these penalties will only increase until a change is enforced.

Prediction 3: Browser exploits will increase

Given that attacks on the web server are generally more challenging, attackers will instead look to leverage holes and weaknesses in the browser. Web applications generally come together in the browser, similar to how traditional applications come together in the compiler - with external libraries and first-party code, all being linked together. The problem, however, is that the same robust development and QA practices that are often in place for traditional apps aren't applied within the web-app world. 

What's even more dangerous though, is the use of thousands of third-party code libraries and JavaScript tags that are used by websites. This alone makes them especially vulnerable to a wide variety of exploits and we're just starting to see the impact of this (for example, the recent Ticketmaster magecart breach). I anticipate that these types of attacks will only increase in 2020. 

Over the past couple of years, businesses have made headlines for falling victim to the above e-skimming attacks, and these are just two of many recent examples. As a result of these two breaches, attackers gained access to sensitive account details from hundreds of thousands of customers, which resulted in fines of more than $200M for failing to protect their customers' data. With data theft so top of mind, awareness of new security exploits and increased penalties that incentivize organizations to protect customer data, there is more potential for privacy violations to be avoided in 2020.


About the Author

Jon Wallace

Jon Wallace is a security technologist at Instart. He has over 20 years of technical experience in the fields of systems management and security. As a consultant, technologist and CTO, Jon has worked with some of the largest organizations to design and implement solutions to protect their corporate assets. At Instart, Jon helps the organization direct messaging and vision with respect to the business’s security offerings.

Published Monday, January 20, 2020 7:20 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>