Ok, it is that time of the year now. We are now officially three days away from the start of 2020, so what does that mean? Well, it means that I now write about what the expected threats will be for 2020. Of course, I have my own set of views on this, but first I thought I would start out with what some of the top C-Level Execs in the industry are saying, so here we go:
*Curtis Simpson, CISO of Armis:
Artificial Intelligence is of course the huge buzzword not just in Cybersecurity, but in other industries as well. There is both the good and bad to it, and it is expected that both sides of it will make the news headlines in 2020. But the huge concern here is that of Deepfakes. This is where the powerful algorithms of Artificial Intelligence can be used to mimic (in a video format) other famous people, both in their voice and the way they look. This was a huge concern in the 2016 Presidential Election and is going to be of even graver concern in the 2020 run. But the real fear is that Deepfakes will be used to launch voice related Phishing campaigns, which is more technically known as “VPhishing”.
*PJ Kirner, CTO & founder of Illumio:
If you have kept track of all of the Cyberattacks that have been happening in 2019, pretty much all of them have been digital in nature. A few have started to pan out as attacks on physical structures. This is best exemplified by some of the recent Cyberattacks in Texas, where aspects of Critical Infrastructure were impacted, but fortunately, not on a large scale, which could very well happen. In these cases, watch for the Cyberattacker to now shift their target packages from digital assets to physical based assets, and wreaking great amounts of havoc that way.
*Matt Ulery, Chief Product Officer of SecureAuth:
Yes, the Smartphone has become a part of our families, both on a professional and personal level. We simply can’t live without it. In fact, we probably give this device much more attention than we do our own spouses. Sad, but true. Because of the rise of voice-based telephone scams, there is an increase of people not using their Smartphones to talk as much. Rather, everything is now done through Social Media, Email, or even just plain ‘ole text messaging. The Cyberattacker is now starting to leverage themselves on this trend, and now are sending spoofed text messages, which look like that they are coming form an authentic sender. It’s really hard to tell what is fake and what is not. So, what do you do when you are in doubt? Just delete, and don’t respond to it.
*Michael Morrison, CEO of CoreView:
Microsoft has always been and will continue to be the 800-pound gorilla in the software industry, especially when it comes to the home and SMB markets. Unfortunately, pretty much all of the products that this juggernaut has created has been a prime source of prey for the Cyberattacker. In fact, it has even gotten worse as Microsoft has transitioned all of their products to the Cloud, especially that of Office 365 (aka O365). Watch 2020 to the year where O365 really gets hammered by the Cyberattacker. Not much we can do here, as over 90% of individuals and businesses use O365 to some degree or another.
*Mark Sangster, Vice President & Industry Security Strategist, eSentire:
When Cyberattacks first started out, they were known as the “Smash and Grab” type of campaigns. Meaning, the Cyberattacker would launch everything they had against their victims, in a concerted effort to steal as much as possible in one go, and quickly vanish. But today, we are seeing the Cyberattacker take their own sweet time to study their prey, and from there, make their covert entrance in. Rather than launching threat vectors in just short spurts, it is highly anticipated that in 2020, the Cyberattacker will stay inside their victims for a much longer period of time and take away the proverbial crown jewels a bit at a time, rather than all at once. But once they are done and finally leave, it will be too late for the victim to do anything about it. Also, in this regard, it is expected that the Cyberattacker will be much more specific about the kinds of industries and businesses they plan to hit, thus making it even more difficult to track them down.
*Josh Lemos, VP of Research & Intelligence, BlackBerry Cylance:
Ever since about 2007 or so, the term “nation state threat actor” had become a commonly used one in Cybersecurity. In this instance, it simply means that other nations that are hostile to the United States (primarily that of North Korea, China, and Russia) will continue to launch their Cyberattacks on our shores. But in 2020, it just won’t be these three anymore. As the tools that are used in launching Cyberattacks are becoming much more affordable and easily available on the Internet, it is expected that there will be many more nation state threat actors come into the foray, and target assets in the United States. Also, Cyber Espionage will proliferate, and escalate to levels never seen before.
*Gaurav Banga, CEO & Founder of Balbix:
Like nation state threat actors, the term “Vulnerability” is also a very commonly used one in the Cybersecurity Industry. At the present moment, it refers to those gaps and weaknesses in anything that is related to an IT or Network Infrastructure, but in 2020, it is expected that this will broaden out to include anything that is a potential target for the Cyberattacker, whether it is physical or digital based.
*John Summers, VP & CTO of Akamai:
As mentioned, given how much we are addicted and cannot live without our Smartphone, advertisers will now use this particular medium in which to flash their fancy new ads and coupons, whether we like it or not. But believe it or not, when click on or even seen these ads, there is a lot of information about us that gets transmitted back to the advertisers. They have a ton of this data, enough to even warrant building exclusive databases to house all of them. This will become a prime target for the Cyberattacker in 2020. Forget about hacking into the Point of Sale terminals at retail outfits, these kinds of databases hold much more valuable and grander records of Personal Identifiable Information (PII).
*Gerry Beuchelt, CISO of LogMeIn:
When I first started out in the world of Security, I specialized in Biometrics. This is where an identity of an individual is based upon their unique behavioral or biological characteristics. The use of this tool has started increase dramatically with the use of Two Factor Authentication (2FA), but even this is become hackable. As a result, many businesses in Corporate America are now starting to use Multi Factor Authentication (MFA) where more than one layer of authentication is used to confirm the identity of an individual. Watch for Biometrics making an even bigger splash in 2020 when it comes to MFA, especially when it comes to using Iris and/or Facial Recognition technologies.
My Thoughts On This
Well, there you have it, the top predictions for 2020 as it relates to Cybersecurity, straight from the C-Suite. So, what do I predict? Here are some of my takes:
*Phishing will continue in even more violent Cyberattacks than ever before. This is because the variants have become so sophisticated, especially when it comes to using Deepfakes. But don’t expect Phishing to occur just by the usual Email methods. It will happen by VPhishing, and Social Engineering.
*All of our defenses are up against protecting our digital assets, and the Cyberattacker is well aware of this. So rather than keep making this a target, they will now hit our physical assets, which is primarily our Critical Infrastructure. Typically, these are very much legacy systems, with very little security added onto them. My biggest fear is that the Cyberattacker will hit multiple US cities at once, thus rendering our food supply lines, oil and gas channels, water supply lines, and even the electrical grid completely inoperable for long periods of time.
*Artificial Intelligence (AI) will continue to be a boon to the Cybersecurity Industry, and its adoption rate and usage will pick up tremendously. But on an equal or even greater level, watch for AI to be used for nefarious as well by the Cyberattacker, with Deepfakes being just one example.
*On Premises security solutions will completely eradicate, given how everything is now outsourced and based in the Cloud Infrastructure. Because of this also, this will become yet another prime target for the Cyberattacker as well in 2020. Thus, there will be just that much more intense pressure put onto the Cloud Providers worldwide to stay ahead of their game when it comes to fortifying their own lines of defenses.
I could go on even further, but these are just a few of my thoughts. If you have any predictions about what 2020 will hold for Cybersecurity, feel free to post them on my Cyber forum which is at:
Have a Happy New Year, and one year from today’s date, I will be writing about what the predictions will be for 2021. Starting to feel old already.