As we commence a new year and century, we tend to look at the different trends from the previous years and think about what the future holds for us. When looking back at 2019, it was a wild run for organizations that were fighting different challenges such as cryptojacking, phishing, ransomware and making sure their critical resources stayed in the clear from hackers. However, not everyone stayed safe in 2019 as we saw different organizations fall prey, for example, the Capital One breach. As we move forward it is important to dwell on what we experienced, take those lessons, and implement them in order to improve your organization’s internal and external security. Looking forward to 2020 and beyond, organizations will need to be prepared against attackers who will create and implement different kinds of attacks. We talked to different security experts who explained what 2019 trends and 2020 predictions they’re most excited about seeing in security in the upcoming year.
Hackers and malicious actors have a massive resource pool available to them which helps them easily access an organization’s networks and resources. One of the most popular kinds of attacks in 2019 was insider threat attacks. “The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.” – Steve Durbin, Managing Director of the Information Security Forum
“With new legislation such as CCPA for California Residents and previous regulations such as GDPR, Data Privacy and Compliance are huge issues for 2019. There is an ongoing focus on protecting consumer’s personally identifiable information (PII) and a lot of companies are falling short. If each person took five minutes to run an internet search, they would likely find a wealth of information about themselves on public websites that they didn’t know existed. This will continue to be a problem in 2020 as not all companies will comply with privacy laws and some companies will continue to sell people’s personal information for profit.” – Courtney H. Jackson, Founder & Chief Information Security Officer (CISO) at Paragon Cyber Solutions
With the rollout of 5G, we have seen more data than ever before being gathered from IoT, to protect access to those devices, IAM solutions for IoT will be a major need in 2020. “With the opportunity of higher bandwidth provided by 5G, there are emerging threats, to name a few, that threat actors will dedicate more effort to hijack these devices for botnets for DDOS, malware distribution and recognizance of the target organization. Enterprises should start planning now to protect this type of asset that is often forgotten, leaving them unmanaged from a security point of view and a low effort entry point for an attacker, often combined with the device vendor unwilling or unable to patch known vulnerabilities. This lead to a continued spread of Mirai botnet and their clones across the globe in 2019, three years after the threat was identified it is still a danger, given the current trend, I predict we will continue to see them grow in 2020.”- Fausto Oliveira, Principal Security Architect at Acceptto
Ransomware has always been a continuous threat to organizations over the years and in 2020 and beyond we will see many businesses and users in the financial sector become a more popular target by hackers. “We will continue to expect to see more ransomware attacks on healthcare, education, and government sectors due to the large ransoms and success over the past year. Additionally, several ransomware groups have started to exfiltrate data in order to force victims to pay ransoms as many organizations started to ensure that they had good backup systems in place and avoided paying ransoms. But with this new twist to ransomware, companies now face the release of information and a data breach.“ – Shannon Wilkinson, CEO of Tego Cyber
There’s a huge shortage of skilled cybersecurity personnel, several million worldwide according to some reports. “To make do with too few skilled resources, more companies will explore and expand security automation initiatives. In recent years, a whole market has emerged for Security Orchestration Automated Response (SOAR) platforms which enable teams to orchestrate and automate security actions to get more done in less time and with less manual effort. In 2020, look for greater adoption of SOAR platforms and automated playbooks, as well as for SIEM and Threat Intelligence Platform vendors to add more SOAR-type capabilities.” – Atif Mushtaq, CEO of SlashNext
Over the past decade, many organizations have considered “shadow IT” as one of the key risk trends expected to change the way we think about security risk. As we enter 2020 and the next decade, shadow IT will become not just a trend but the native way we do business. “Organization, from the largest hospital systems to rapidly-growing startups, will have an ever-growing set of thousands of external, cloud-based software systems, or externally managed dependencies introduced into their systems and software. It will be critical that companies understand which type of data they are sharing and with which third parties – and the security postures of those third parties. In order to mitigate the risk in this fundamental change to the way we do business, information security organizations will need to support all areas of the business with more efficient processes and practices so everyone can make informed, risk-based decisions about the software they use and how to manage it securely – in line with a shared responsibility model.” – Ben Waugh, CSO at digital health firm Redox.
Today the majority of organizations are continuously adopting many different kinds of security solutions. Most of them are outdated, hard to manage and no longer relevant to the modern world and its new threats. The idea of a unified security platform will be introduced in 2020. “Modern organizations will need to adopt Saas based unified cybersecurity platforms that are easier to implement and manage inside the organization’s environment. Moving forward, instead of using different vendors for different security needs, I believe IT managers will prefer to implement a central security system that provides complete visibility of its networks to help the cybersecurity analysts identify threats and respond in real-time in case of an incident. This concept presents the idea of having one platform for all solutions which provide the idea of a one-stop-shop to consume cybersecurity.” – Amit Bareket, Co-Founder and CEO of Perimeter 81
When looking back at 2019 and even earlier, we must learn from our previous security experiences and mistakes to learn what worked well and what didn’t. However, looking into 2020 and forward we can’t depend on outdated tactics to fight off hackers and attacks. The security community as a whole needs to stay informed daily about the different kinds of attacks, tactics and trends and start implementing them on an organization level to stay safe in 2020. We wish everyone a happy and secure 2020!