As the first month of the year draws to a close, what's on the agenda for the rest of 2020? Sivan Nir, Senior Analyst, Skybox Security, offers her predictions.
While it’s true that most organisations have more sophisticated cyber protections in place than ever, this doesn’t mean that there’s any reason to pause for breath in 2020. As cyber security tools have improved, so have cybercriminals’ capabilities.
The need to contend with increasingly sophisticated criminal activity is just one of the issues facing today’s cyber security teams. But which emerging trends are going to define the industry’s evolution this year?
Both the good and bad guys will leverage AI and automation tools
The next year will turn into a continuous cyber arms race between cyber security teams and cyber-attackers – as cybercrime becomes increasingly industrialised, it is not just the ‘good guys’ that will be leveraging technologies such as AI and automation.
Some of the same tools used by security professionals are in the hands of so-called black hat hackers aiming to devise new attack vectors and criminal social engineering methods.
Malicious groups will stop at nothing throughout the year to design more sophisticated attacks and finetune their processes. Those intending to use tools for good need to ensure they are regularly and consistently improving their understanding of the threat landscape as well as the technologies they are using to protect themselves.
If they don’t, they’ll risk falling victim to the threats. CISOs and security leaders will experience mounting pressure to make adequate investments in AI and automation and assure the rest of the C-Suite and executive board that they are doing everything in their power to prevent a breach.
Attack surfaces will expand with rise of 5G and IoT
5G will make IoT a true reality. Its faster speeds, strengthened connectivity and reduced latency will lead to individuals and companies alike making more investments in internet-connected devices.
However, this also means that organisations’ attack surfaces will be expanded and, more than that, they will be exposed to an increasing number of notoriously poorly-secured IoT devices. The security surrounding these devices needs to be watertight. If not, businesses will risk leaving their data and assets – as well as that of their customers – unprotected and vulnerable to attack.
Cyber hygiene will become a key priority
While it is clear among IT teams is that cyber security is the responsibility of all staff members, there remains a large subset of the workforce that either is not aware of this or doesn’t fully consider how their lax security affects others.
In 2020 this will change, with business leaders rolling out company-wide initiatives and making cyber hygiene and cyber security a top priority. We will see companies working to proactively change their security culture, enforcing ‘a security mindset’ and embedding security into the organisation as a whole.
This will be especially true within functions where security is critical, such as DevOps, to help drive improvements in innovation and efficiency.
In addition, there will be proper implementation of ‘bring your own device’ (BYOD) policies in order to protect the wider network perimeter. Employee training programs will also be of the utmost importance to educate them on ways they can be more secure and ensure that they are informed about the important role that they play in securing their organisation.
Vendors will also identify ways to reduce time to value by improving the simplicity of their products, making them easier to learn and use so the security personnel that implements them can stay up to speed.
This shouldn’t be seen as a one-off activity. Security needs to be embedded within all processes and across all practices – it should underscore everything that happens within an organisation. Done right, security will empower the delivery of more innovation.
Resurgence in phishing attacks
Just as we saw a rise in the popularity of ransomware and botnets in 2019, this year we are likely to see a resurgence in phishing attacks. We are already seeing growth in various forms of social engineering attacks, for example via SMS, social media and even on gaming platforms, indicating how adversaries are attempting cybercrime on an ever-diverse set of channels.
Threat of cloud misconfiguration will grow
Moving to the cloud and deploying infrastructure as a service (IaaS) continues to be high on the agenda for organisations, and rightfully so given the huge benefits it brings – from reduced costs to greater efficiency.
However, in the rush to digitally transform, security has sometimes taken a back seat or, even worse, has been forgotten about altogether. As cloud technology improves over the next 12 months, and as vendors promise greater efficiency and advancements, companies will need to ensure they are able to manage the security which surrounds their new cloud services.
If they do not, they are likely to inadvertently misconfigure the cloud, leaving their critical assets vulnerable to attack.
Out of all the security risks to be aware of when it comes to IaaS cloud services, cloud misconfiguration poses the greatest risk. To avoid this, enterprises need to create robust security processes that are able to be rapidly deployed. And they need to ensure that these processes are adhered to.
Doing this is the only way they will know for sure that access points and policies remain completely within their control, default usernames and passwords are not being used and confidential information is not being stored directly in deployment scripts.
As long as organisations embed security into every part of their business, devise a comprehensive plan and continually revisit the tools and protections they have in place to ensure they are still working, they can be confident that they are doing everything they can to prevent cyber-attacks in 2020.
This level of vigilance is more important than it ever has been. Organisations cannot rest on their laurels – the malicious threat actors on the hunt for access to their network and data certainly won’t be.