It’s been another eventful year for cyber attacks. More than 4 billion records have been breached so far – and we’re not even to the end of the year yet!
But is behind us. It’s now time to look forward through 2020 and speculate on what will transpire next in the ongoing cybersecurity battle. What new and evolving technologies will be at the forefront of cybersecurity? Which attack vectors are most likely to be exploited? And what will organizations do to combat these growing threats?
We queried Gurucul executives for their 2020 forecasts and settled on the 11 cybersecurity predictions for 2020 below. We’ll look back at this time next year to check our accuracy. In the meantime, it may be wise to heed the words of humorist Leo Rosten: “Some things are so unexpected that no one is prepared for them.” It’s sound advice, especially for the constantly evolving cybersecurity industry.
1. 5G and Its Effects on National Infrastructure
Major 5G network deployments are expected in 2020. The technology will create opportunities across many industries, but also will create increased threats from the cyber dark side. The EU5 5G market is anticipated to show a triple-digit growth rate in the forecasted period 2019 – 2025 (according to ResearchAndMarkets.com). Enterprises looking at 5G face security problems with disparate network configurations and very different solutions and approaches from vendors.
Some of the biggest 5G issues we can expect to see in 2020 involve the supply chain and deployment. The vast 5G supply chain is susceptible to vulnerabilities such as malicious software or hardware and poor designs. Also, many of the companies providing hardware and software for 5G networks have their own security vulnerabilities. Therefore, we should expect an increase in network asset compromise and a negative impact on the confidentiality of data. As for the deployment of 5G networks, security issues will include an increased attack surface. This is due to using more information and communication technology (ICT) components compared with previous generations of wireless networks.
2. Even More Supply Chain Attacks
Cybercriminals look for the easiest path to achieve their goals, and sometimes that path runs straight through third-party vendors. Attacks via the supply chain are already prevalent. Both the infamous Target data breach of 2013 and the destructive Stuxnet attack uncovered in 2010 were initiated through vulnerable third-party providers.
When many people think about the insider threat, they’re most likely imagining malicious employees or accidental insiders. But third-party vendors are another type of insider threat that are sometimes overlooked. Whether it’s a supplier, an external developer, or a service contractor, third parties have access to critical systems. And many of these third parties have weak cybersecurity programs and processes, making them a rich target for cybercriminals and an avenue into even bigger prizes.
3. Automated Real-time Response to Cyber Threats
Historically, automation has been used sparingly in cybersecurity response due to the number of false positives reported by older technologies like SIEM and the risk of stopping legitimate users from doing their jobs. Due to the increasing velocity of cyberattacks automation will need to be trusted and utilized to stop threats before damage is done.
Automated attack tools lead to massive increases in the volume of data that must be processed by cybersecurity teams. Humans can’t possibly keep up with such large amounts of data. The only effective way for organizations to fight back is with their own automated security technology. Automation can do much of the heavy lifting for IT. That allows cybersecurity teams to spend less time on fruitlessly attempting to counter attacks via manual means. We should expect an increase in the effectiveness (and demand) of machine learning technologies to automatically identify and intervene when abnormal behaviors and actions indicate a cyberattack in progress.
4. Cybersecurity Budgets Will Increase Drastically, Not That You’ll Be Able to Tell
Organizations will significantly increase spending on cybersecurity. The big challenge is ensuring that the spending focuses on the right areas. For the most part, it won’t be, and we can expect an uptick in data breaches in 2020 despite the record amount of money spent on cyber defense worldwide. Part of the problem will be an inability of many organizations to keep up with basic cybersecurity hygiene tactics such as patching, frequently changing privileged credentials and utilizing multi-factor authentication. Expect the bad guys to continue penetrating environments due to these basic oversights.
Another part of the problem is that many organizations continue to use yesterday’s security technology to fight tomorrow’s security battles. Rules-based security solutions like SIEMs are great for detecting known vulnerabilities. But they are ineffective against new, unknown threats. So even as companies continue to invest ever larger sums of money in such products, we can expect data breaches to keep occurring on a regular basis.
5. Organizations Will Seriously Focus on Insider Threat
Insider threat attacks are much more lucrative than external attacks in terms of the data exploited due to employees already having the “keys to the kingdom.” Organizations have spent large amounts of money securing network perimeters and more recently cloud systems and services. 2020 will see a major focus on tackling the insider threat, which requires more than just technology.
Companies must stay one step ahead of the malicious insider. The best way to do that is to utilize machine learning algorithms tuned to detect behaviors indicative of malicious intent. It’s not rocket science, it’s data science. And it’s the only method available today that can derail employees and third-party contractors’ intent on damaging a company. Organizations just need to make insider threat detection and prevention a priority. The technology will do the rest.
According to our research, 40% of organizations can’t detect insider threats or can only detect them after the data has left the organization. More organizations are now recognizing the threat from within as well as the external threat. So 2020 should be the year in which proactive insider threat security programs become mainstream.
6. Healthcare Fraud Will Be A Major Issue
The amount of money to be made by defrauding health insurance companies, healthcare providers and individual consumers is astronomical. Criminals engage in false insurance claims, duplicate claims, inflated claims, fake healthcare provider websites, insurance scams, and more. The list of healthcare fraud is long and growing in an increasingly complex interconnected healthcare web of ambiguity.
Governments can’t possibly investigate every consumer complaint. And healthcare companies continue to struggle with so many other conflicting priorities that proactive, continuous cybersecurity protection seems a pipe dream. Healthcare should be about saving lives. So, it’s no surprise that cybersecurity takes a back seat to medical innovations even though data breaches can literally put lives at risk.
It’s hard for IT staff in healthcare organizations to get a share of wallet, let alone share of mind. Unfortunately, priorities will only shift when healthcare fraud detection and prevention tools become more critical than life support. Sadly, that time is not far off.
7. More Attacks Directed at the Cloud
As organizations increasingly migrate their data and workloads to the cloud, we can expect more attacks against cloud service providers to pilfer data from companies the cloud providers serve. As a result, companies will look for more ways to gain visibility and control over their data across both their on-premises and cloud environments. Organizations that work with sensitive data will start pressuring their cloud service providers to adopt the same level of data security measures that they apply internally.
We should also expect more controversy with the government stepping in to investigate cloud-based breaches (like the Capital One breach), and more finger-pointing between cloud hosting vendors and customers whose data has been breached.
8. An Increase in AI-based Cyberattacks
2020 will see an increase in cyberattacks that use Artificial Intelligence (AI)/Machine Learning. Attackers will weaponize AI to find and exploit weaknesses, and to take information gleaned from successful hacks to develop even more powerful attacks.
As machine learning development tools become simpler to use, criminals will be able to more easily leverage them in new attacks. While some AI attacks will be rudimentary in nature, they will grow more sophisticated with malware capable of adapting to obstacles. Techniques like AI-enabled spear phishing will let attackers launch phishing attacks at scale, increasing their chance for success.
Attackers are already leveraging AI to evade detection and build more effective attacks. But 2020 will see the most AI-backed cyberattacks to date. Given the immense volume of data available online, criminals will AI to build even more targeted attacks.
9. Continued Ransomware Attacks Against Small, Municipal Governments
Local government networks are low-hanging fruit for cyber criminals. Smaller government agencies tend to lack the budgets necessary to build efficient information security programs. And the IT departments at these agencies are frequently understaffed.
In 2019, we saw an increase in well-coordinated ransomware attacks such as the ones that impacted 22 communities in the state of Texas. Nearly two-thirds of all ransomware attacks in the United States in 2019 targeted state or local governments, according to Barracuda Networks. According to research from Coveware, governments paid almost 10 times as much ransomware money on average as their private-sector counterparts over the second quarter of 2019. So the overall rate of ransomware attacks may diminish. However, ransomware attacks against municipalities will only increase in 2020 as criminals go where the money is.
10. Malware Attacks Against Medical Devices Will Increasingly Threaten Healthcare
There is an emerging trend of ransomware attacks on medical devices, creating some serious vulnerabilities in healthcare security. While these attacks have mostly been under the radar, and are few and far between to date, we can expect an uptick in these highly targeted attacks in 2020.
In the past, manufacturers built medical devices with proprietary firmware or other exclusive features. That meant the ROI for compromising medical devices wasn’t lucrative. But now manufacturers are building cheaper and more scalable medical devices running Windows. That development greatly expands the attack surface of these specialized devices. This has moved medical devices into the crosshairs of mass scale, automated ransomware attacks against a still mostly unsuspecting industry. And due to the truly mission-critical nature of medical devices, cybercriminals will bet that their victims will pay up.
Within the next five years, 44% of medical technology companies surveyed by Deloitte predict that all of their devices will connect through IoT. This shift is creating a dangerous new attack surface. Despite the growing threat to medical devices, most US healthcare providers still lack a documented strategy for protecting them. Such a lack of planning ensures that this will be a trending cyber threat in 2020.
11. Business Email Compromise (BEC) Will Become One of the Top Threat Vectors
Bad actors have used BEC for a considerable amount of time. Based on what we have seen in 2019 this has taken a step up in terms of complexity and profitability. According to Forrester, estimated exposed losses due to business email compromise between 2016 and 2019 totaled $26 billion. We should expect that BEC will become even more profitable than ransomware.
Historically, BEC has been about getting users to unknowingly install malware to allow bad actors to gain access to networks to gather data. More recently it has been about creating plausible changes to payments, sometimes millions of dollars, to redirect funds to their own accounts. This short circuits the need to go digging in a customer network for usable data. They simply compromise email accounts, watch the email conversations for some time until they have sufficient information to find an opportunity to interject, and make changes to routing funds.
BEC impacts finance teams more than IT. So there are few, if any, controls in place to identify and stop this fraudulent activity. BEC traverses boundaries and becomes part of the fraud team’s work (if there even is a fraud team in the organization). For these reasons, BEC attacks will be on the rise in 2020.
A year from now we’ll look back at our cybersecurity predictions for 2020 and see how our prognosticators performed. In the meantime, stay secure in the new year. We encourage you to take a look at our security analytics technology. Learn more here.