Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review those predictions to see how well we did, and make some new predictions about what the new year might have in store.
Let’s have a look at our predictions!
Ransomware Attacks
2019 prediction: Rates of Ransomware Attacks Will Decline
Continuing a trend from 2018, it is likely that rates of ransomware will continue to fall throughout 2019 and 2020. While ransomware will still continue to be a problem and pose a threat to businesses, hackers have shifted their focus to targeted attacks that are likely to generate more revenue. While ransomware was the dominate cybersecurity threat in 2017, affecting about 48% of businesses at the time, the next year saw a sharp decline in ransomware attacks with only 4% of businesses being affected by ransomware attacks in 2018. However, it is important to keep in mind in 2019 that while ransomware attacks are less common than they once were, ransomware is still a threat to businesses at is remains one of the most expensive cyber threats businesses face. As the year progresses, it is likely that rates of ransomware attacks will continue to drop, but ransomware attacks that do take place will be devastating and represent significant financial losses.
It seems like we missed this prediction in 2019 and it is likely not to happen in 2020 either. The capital investment for a given ransomware attack is so low that this will continue to be a big and frequent deal in 2020. It’s probable that it will become easier and cost-effective to pay the ransom and get on with business, instead of fighting it. The requests will become “right-sized” as the “ransoming business” finds the sweet spot when it comes to the “price point” of their “clients”.
Business owners should recognize that getting attacked in this way is not a matter of IF, but WHEN. They should prepare all necessary precautions so that when that bad day comes, there is an option of blowing out the system and doing a rebuild (Disaster Recovery or Business Continuity).
Our cybersecurity prediction for 2020:
Ransomware attacks will become more efficient
Two-Factor Authentication
2019 prediction: Two-Factor Authentication Will Become Standard
As websites work to stop increasingly sneaky cybercriminals from hacking into profiles and stealing user information, it is becoming more common for websites to offer users the option to use a two-factor authentication process in order to sign into one’s account. Two-factor authentication requires users to provide a second piece of identification such as an answer to a security question or a verification code received via text before being allowed to log in. Currently, this feature is being offered as an option by major websites such as Google and Facebook, and many financial institutions have made two-factor authentication a mandatory part of accessing one’s online banking. While two-factor authentication is not a perfect cybersecurity solution, it is likely that multi-factor authentication will become a mandatory part of logging into one’s online accounts, and placing transactions online, in the next year in an effort to enhance cybersecurity.
Though it has become standard and mandatory in the EU for certain types of payments over online retailers, two-factor authentication is far from being a widespread standard. When it is offered only as an option, the hardest part is getting people to use it.
However, as the general population becomes more and more aware of data protection, we predict that many will choose to adopt MFA to protect their assets.
Our cybersecurity prediction for 2020:
Two-Factor Authentication Will Slowly Become Standard
Artificial Intelligence
2019 prediction: AI Will Become a Key Player in Cybersecurity
As artificial intelligence (AI) technology improves, it is likely that AI and machine learning will play an integral role in cybersecurity. In particular, AI will likely prove crucial in helping companies to defend themselves against cyberattacks, as AI software can help to automatically detect and neutralize threats before they can cause significant harm. Additionally, AI will also likely be increasingly used to perform simulated attacks on a network in order to find and fix system vulnerabilities that could be exploited by hackers. Unfortunately, it is also likely that artificial intelligence will be used by hackers to find these weaknesses and use them to deploy even more sophisticated AI-generated attacks. It is then likely that AI will play a major role in shaping the future of cybersecurity not only in the coming months, but also in the years to come as this technology becomes more sophisticated.
Though we still haven’t seen a fully AI-powered malicious attack, it is highly likely that the “bad guys” will do like all good businesses and take routine tasks (e.g. hacks that worked and are commoditized now) and push them into automation (if that isn’t already “business as usual”). The next stage is to begin to fold in ML/AI to target their efforts and increase efficiency.
IS practitioners will be forced to step up their game (because of limited bodies, limited hours in a day, unlimited attackers and attacks with increasing sophistication) and get up every morning, look themselves in the mirror and (repeat after me): Work Smarter Not Harder. They will be forced to follow the lead of the hackers and take routine tasks off of human responders and assign those tasks to AI to help reduce the total noise in the system and bubble up the items of interest (insert segue here to rant about how 2020 will NOT be a year of increasing intelligence around Risk Management).
Our cybersecurity prediction for 2020:
AI is on its Way to Becoming a Key Player in Cybersecurity
Security Spending
2019 prediction: Security Spending Will Increase Drastically
As cybercriminals continue to develop increasingly sophisticated methods of attack, it is estimated that cybersecurity spending will increase dramatically in the next 12 months. As organizations grow increasingly fearful of the cost and PR nightmare a security breach can pose, businesses are wisely investing more money into defending themselves against cyberattacks. In fact, it is estimated that businesses worldwide spent $114 billion on cybersecurity measures in 2018, and it is estimated that this number will likely increase to $124 billion in 2019 as businesses continue to defend themselves against attacks.
This one is almost a freebie, with the increase in tech and decrease of the barriers to entry for a given hacker, the other side (IS) must add more fuel to keep pace. IS people are in short supply, awareness is up, penalties exist (think about GDPR, CCPA, and about 50 others), barriers to entry for hackers are down. Spending on security is bound to increase exponentially in the next year.
Our cybersecurity prediction for 2020:
Security Spending Will Keep On Increasing
International Cyberwar
2019 prediction: The Threat of International Cyberwar Will Increase
While no one is certain how it will start, evidence of international, government-sponsored, cyberattacks in recent years makes it likely that the threat of cyberwarfare will continue to grow in the next year. 2019 will likely see the world’s major powers using cyberattacks that will continue to destabilize already strained international relations. Whether these attacks take shape in the form of voter fraud or attacks on energy-supply grids, it is likely that international cyberwarfare could become more blatant and common in the coming year.
There has always been a cyberwar component (North Korea, Russia, Iran, FVEY, etc.) just as there is a space war component (killer satellites and satellite killers: India, China, US, etc.) – it is just that most of us don’t get wrapped up in that level of work. International Cyberwar was not so widespread as predicted; however, a lot happened with regards to disinformation and data manipulation.
What we did see and will see more of in 2020 is attacks on data.
Data usage, data manipulation, poisoning, maybe data DDoS. 5G and the shift from the Internet of People to a truer IoT will mean significant upticks in data flows and the opening of new threat vectors (our database people/processes/paradigms will probably start to be a really big deal in the coming years). Persistence values will probably be found to be wildly underestimated (i.e. lurkers that penetrate a system and “hang out” there, spreading through the system and creating many back doors for others to access your network).
Our cybersecurity prediction for 2020:
Attacks on data will be more threatening than Cyberwar
Supply-Chain Attacks
2019 prediction: Supply-Chain Attacks Will Increase
An increasingly common target of cyberattacks is the software and hardware supply chain. Cybercriminals have begun implanting malware into legitimate software packages and updates at the plant, distribution location, or third-party facility. Any user who unknowingly uses the malicious version of the software will then find that their computer is automatically infected, and this could open them up to a wider data breach. There is also a risk that attackers could use hardware to send compromised components out to millions of users. The last year has seen a drastic increase in the number of supply-chain attacks, and it is likely that this number is only going to grow in the coming year. This makes it critical that companies that rely on partners and third-party vendors create vendor risk management processes that will help them to prevent such attacks in the future.
This will be a 2020 thing as a variation of Ransomware. Attackers can give companies the option: “Either I lock down your computers or disrupt your supply chain – your choice.” It is then up to companies to figure out the daily cost of that disruption and send attackers 85% of that to put everything back to normal.
Our cybersecurity prediction for 2020:
Supply-Chain Attacks will continue increasing in 2020
Cyber Hygiene
This is not a topic that we discussed last year, but in 2020 we predict the rise of evangelism for basic cyber hygiene. That is, simple, cost-effective steps that can be done at all levels of an organization (or home) that will leave folks in a better, more defensible posture. These include such strategies as two-factor authentication (2FA)/multi-factor authentication (MFA) using SMS or an authenticator app, password managers, extremely strong passwords (> 12 characters), regular backups, etc. For organizations, essential strategies include segmentation, disaster recovery, and business continuity thinking/planning.
Our cybersecurity prediction for 2020:
Rise of Evangelism for Basic Cyber Hygiene
Whatever happens in 2020, Kiuwan has your back with the fastest SAST and SCA analysis tool in the market. Scan your code and get results in minutes, then start working straight away at remediating vulnerabilities in your code. Contact our sales team to get to know Kiuwan better.
