Digital transformation has happened so quickly, and it is still accelerating. Cybersecurity practitioners and managers are racing to keep up with emerging technologies, new threats, and evolving cybercriminals. Add to this the number of breaches that are simply due to human error and 2020 is set to challenge cybersecurity strategies, systems, and cybersecurity awareness, once again.
CyberArk, in a recent blog post, questions whether cyber attackers will use new technologies like artificial intelligence (AI) and biometrics or whether they will they attack “conventional” systems in innovative ways. CyberArk predicts four trends will “impact” businesses and consumers next year.
Drones as a vulnerability and an attack vector
Attackers, says author Lavi Lazarovitz, could begin to focus more on “what drones know and how that information can be exploited,” he adds:
“The longer-term opportunity for attackers is to use drones as another pathway to steal – and manipulate – sensitive information.”
Drones should be treated like other internet of things (IoT) devices and considering the volume of investment into drone technology, organisations should also look to better security frameworks to protect them.
Goldman Sachs expects drone investment to exceed $17 billion over the next five years.
The ever-growing threat of ransomware
Lazarovitz refers to the “constant bombardment” of ransomware attacks in 2019 and how attackers may shift their focus to the cloud and to operating systems other than Windows.
He also says that a fast-growing market for cyber insurance “will drive even greater waves of attacks” as insured companies may be more willing to pay ransoms. Insurers may also be more willing to pay out over ransoms as opposed to the potentially greater costs of rebuilding an entire lost network.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
The threat of cyber attacks on election processes and the ability of individuals to vote may impact “the voting system’s ability to operate consistently with trust and reliability,” says the CyberArk author.
With US 2020 presidential elections and an upcoming general election in the UK, cybersecurity in politics is a growing theme. Not only can cybercriminals attack candidates and parties and their digital platforms, they could also target voting systems and disrupt polling days.
That’s not to mention the potential for malicious actors to influence voter’s viewpoints using cyber-mechanisms.
Biometrics may breed complacency
Biometric authentication is becoming more and more popular, whether systems use fingerprint, facial, or even retinal scans. But, Lazarovitz writes, though more secure they can create a “false sense of security,” and biometric data and assets must be kept secure. He adds:
“The network authentication token that’s generated must be protected. That token, if compromised by attackers, can allow them to blaze a trail across the network, potentially gaining administrative access and privileged credentials to accomplish their goals – all while masquerading as a legitimate, authenticated employee.”
Better cybersecurity planning, united cybersecurity systems, knowledge and awareness is needed
Panaseer CEO Nik Whitfield is also looking to 2020, penning an article for TechRadar, he says businesses need to “implement better cybersecurity planning,” and that:
“2019 will go down in the cyber hall of fame for the year the regulators showed their teeth.”
He’s referring of course to fines that have hit Google and Facebook, and the first wave of major fines for GDPR breaches and says the total is nearly $1.45 billion in fines, adding:
“These record-breaking penalties across the US and Europe have been in clear response to security programmes that have been deemed to be insufficient.”
As a result, corporate executives are questioning their security teams more deeply. Whitfield says enterprise security teams are often “manually producing reports” from over 75 different security tools utilised in their businesses.
2020 will also see “enhanced scrutiny” from regulators, shortages in security resources, and great attack surfaces “from data in cloud storage and IoT assets.”
Whitfield says there will be greater use of cybersecurity management and measurement platforms to aid reporting and a move towards security tools that more “proactively identify and protect.” He concludes:
“No company can be 100% secure but they can get clarity on acceptable levels of risks and confidence that they are addressing fundamentals of cyber hygiene, which starts with knowing, on any day, what assets they are protecting, how they’re controlled, and how they’re vulnerable.”
Whitfields company, Panaseer, is a continuous controls monitoring platform for enterprise security. Whilst, here at The Defence Works, we’d agree that an often disparate and multiple software-based approach to cybersecurity needs pulling together into a comprehensive and collected strategy for many business, we’d also add that security awareness and a culture of cybersecurity is vital too. In this way companies can ensure that departments and employees are as focused on preventing cyber attacks and breaches as they are on generating bottom-line profits. After all, cyberattacks and data breaches can be a business killer.
Need to get your hands on security awareness trying your employees will love? Sign up for a free demo of the world’s most interactive security awareness training.