2019 saw cybersecurity as a massive issue, both for the technology industry and the general public.
Between ransomware attacks, credit card fraud, and a tsunami wave of new app releases (some of them with little to no security measure in place), cybersecurity has never been more important for organizations. This is set to continue in 2020 and well into the future.
In 2020, cyberattacks will be on the increase, and not just from the isolated hackers we have usually characterized in our minds, but by Nation-State actors who run these attacks to exfiltrate data from governments and corporations. While organizations are now more aware than ever before as to the importance of cybersecurity, many (if not most) are struggling to define and implement the required appropriate security measures.
From data breaches to IT security staff shortages, to cloud technology and the future of AI and 5G, let’s take a look at the trends and threats that are bound to shape the cybersecurity industry in 2020.
2020 cybersecurity trends
- 5G implementation
With the bandwidth that 5G technology enables, data volumes and the number of connected devices and sensors is set to explode. Electronic health applications will collect data about a user’s wellbeing, new car technology will monitor a user’s movements, and smart applications will collect information about how users live and work. With so many personal data being collected from us, 5G technology will mean high levels of security against breaches and data theft will be required.
- The continued rise of AI
Advances in artificial intelligence (AI) are bringing machine learning technologies into products across all market segments – including cybersecurity. Deep learning algorithms are being used for face detection, natural language processing, threat detection, and many more concepts.
Most cybersecurity solutions are built on detection engines that have been based on human logic, however keeping them up-to-date and across the latest threats, technologies and devices can be close to impossible to do manually. Artificial intelligence (AI) accelerates the identification of new threats and responses to them and can help to block cyberattacks before they spread throughout organizations.
However, as the future of AI progresses, it’s also being weaponized by cybercriminals to develop increasingly sophisticated malware attack methods. This means organizations are having to deploy advanced heuristic solutions, rather than relying on already-known vulnerabilities and attack signatures.
- Cybersecurity skills gaps
Into 2020, the demand for cybersecurity professionals will continue to exceed supply, as security teams have to deal with more online threats than ever before. According to a DDLS survey, more than two-thirds of respondents said that ensuring their skills and the skills of their team were up to date was the biggest challenge, suggesting not enough is being invested to improve in-house cybersecurity expertise.
- A continually growing awareness of the importance of cybersecurity
With so many organizations undergoing huge digital transformations, awareness of the ongoing looming presence of cyberattacks continues to grow – not only for large organizations but also for small businesses. It’s starting to dawn on companies that having a highly effective cybersecurity strategy and cyber incident response plan is not just a luxury for the well-informed; it’s absolutely necessary. Security is developing a permanent place in the software development lifecycle, with SecDevOps (the process of integrating secure development best practices and methodologies into development and deployment processes) now being integrated at all stages of development.
Threats facing the cybersecurity industry in 2020
- Ransomware and malware
The major form of attack in 2020 will be ransomware. According to Mobliciti, The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018, and this trend is likely to continue to skyrocket in 2020.
The most nefarious ransomware attacks are against hospitals, whose patients can suffer through their medical data being made unavailable by the ransomware attack. Security personnel will need to have a hard look at the possibility of what a ransomware attack on their business would entail and take appropriate precautions to minimize the effect that such an attack would have.
Ransomware is most often distributed in the form of a phishing email, in which the user is enticed to click a link within an email that will give the user some benefit. This is a form of social engineering, but with disastrous consequences when the ransomware encrypts files on the target system or network, requiring either payment to get the files back (never recommended) or restoring the files from a recent off-line backup.
2019 saw ransomware exploits getting highly targeted against specific businesses, as well as government and healthcare organizations. Attackers are spending time intelligence-gathering on their victims to ensure they can inflict maximum disruption, and ransoms are scaled up accordingly.
- Cloud computing
The dangers of cloud computing are also set to increase in 2020. According to Forbes, 83% of organizational workload will be shifted to the cloud in 2020. Cloud providers are usually on-hand to protect cloud data, but it’s still the user’s responsibility to keep their cloud data secure ultimately. Thorough knowledge regarding cloud security will be required for organizations to protect their resources better. The level of understanding about cloud security remains low, and security is often an afterthought when it comes to cloud deployments. Cybersecurity solutions need to involve new, flexible, and scalable cloud-based architectures.
- Mobile apps
Mobile phones will be a big target in 2020, with a multitude of apps now being ‘must-installs’ for a large percentage of the population. These apps are often downloaded with no concern for security at all. One such app is the Chinese-developed TikTok – an app that allows the user to create short videos and is immensely popular with young people. TikTok has been found to have many vulnerabilities, some of which have been closed. Regardless, TikTok is, in the United States of America, being considered as a threat to national security, particularly so with the likelihood of the Chinese government’s access to the application’s data and user profiles.
How can we improve cybersecurity?
The first defense against cyberattacks remains to be education. Educating all users in every business is a requirement for security not only in the workplace but also at home and when a user is traveling. Posting our whereabouts for all the world to see on social media might seem like harmless fun, but can be downright dangerous, particularly so for most vulnerable children. Courses such as Resilia Frontline can help here.
Training again is very important for IT administrators, security personnel, and management when it comes to defending an organization’s security network. Having staff trained in security is another giant step towards maintaining security in any organization.
Once the staff is trained, they need to be vigilant, and this should include everyone; from the CEO, through to the office and floor workers who should be concerned about security in everything they do and see. In 2020, security should be on the same wavelength as Workplace Health and Safety, and be everyone’s responsibility.
Everyone benefits when you can share this knowledge with the wider community.
About the Author
Terry Griffin is one of DDLS’ Principal Technologists specialising in security, & is an EC-Council Certified Ethical Hacker. DDLS is Australia’s largest provider of corporate IT and process training, with the largest portfolio of strategic partners and courses in Australia.