The Top Six Cybersecurity Trends for 2020

The Top Six Cybersecurity Trends for 2020

Anthony Diaz, Optiv’s Division Vice President for Emerging Services, understands the cybersecurity challenges contemporary organizations are dealing with: “As we look beyond 2019 and into 2020, we have a solid idea of what threats the industry is facing, and not just ransomware and phishing attacks, but new, hard-to-combat threats.

 

“The truth is,” he says, “there’s a lot IT and business leaders must be aware of when it comes to cybersecurity, as the pace of change is quite high.”

 

It may not be possible for CISOs to anticipate every new threat on the horizon, but our experts have a clear sense of the trends. Here are the six issues we believe will top the cybersecurity agenda in 2020.

 

  • Hybrid threat actors may become more commonplace - Our 2019 Cyber Threat Intelligence Estimate (CTIE) highlights the growing number of “hybrid threat actors” – attackers who impersonate one type of adversary to disguise their true intentions. (For example, a nation state might imitate a generic hacker targeting a customer database when its true aim is to steal intellectual property.) We expect more adversaries to adopt this technique and launch “imposter” attacks to obfuscate their true intentions, adding another layer of complexity to an organization’s already difficult threat hunting and incident response mission.
  • Apple’s much-talked-about “privacy as a human right” campaign should cause others to follow. The world’s foremost marketing organization going all-in on privacy could shift the competitive landscape, with security and privacy becoming competitive differentiators for companies seeking to seize “first mover” status in their markets. Laggards risk meeting the unseemly fate of past organizations that failed to embrace important technology paradigms such as internet, cloud and mobile computing.
  • We may see the first cases of deepfakes being used to manipulate stock prices. There has already been a good deal of publicity around the potential for using deepfakes (frighteningly realistic videos generated or altered by AI-based technology that present something that didn't, in fact, occur) to impact elections. So far, not nearly enough attention has been paid to how cybercriminals can make money using deepfakes against businesses. This could change in 2020 with the first attacks designed to impact stock prices as we see “deepfaked” CEOs, financial analysts, Federal Reserve leaders or other powerful economic figures make phony statements causing stock market movements. Savvy cybercriminals using this form of deception could make a quick killing in the market.

 

(This viral video of Jim Carrey replacing Jack Nicholson in The Shining illustrates how advanced the technology is.)

 

 

  • Election misinformation campaigns are expected to proliferate. The effectiveness of the Russian misinformation campaign of 2016 is expected to cause increased copycat attacks for the 2020 election. These attacks would likely originate with nation states as well as domestic groups supporting rival U.S. politicians. This activity could trigger a major public/private response to the burgeoning online misinformation problem.
  • Anticipate widespread realignment of IT and security organizations. As boards increasingly understand cybersecurity as being on a par with traditional enterprise risks, such as lawsuits and product recalls, more CISOs could become peers of CIOs and other executives, rather than reports. This would cause a realignment of the IT and security organizations to eliminate conflicts and encourage collaboration. The most critical of these should be the continued expansion of DevSecOps, in which security is fully integrated into the application development process, and patch management, which would evolve from distinct functions (security finds vulnerabilities, IT patches them) to a unified process with a single point of accountability.
  • The basics are expected to continue vexing consumers as well as enterprise organizations. Whether insufficient passwords, lack of phishing education/training or simple upkeep and compliance, the tiny details of cybersecurity will likely continue to cause a vast majority of compromises. Simple passwords (those without special characters or are extremely obvious, such as “password123”) only take minutes to crack by professional hackers and can be done inexpensively.

 

As is always the case, says Diaz, “us ‘good guys’ have to play catch-up with bad actors, who constantly remain a step ahead.” But close analysis of trends and technologies make it possible for organizations to better anticipate and prepare for the likeliest threats.

 

2020 promises to be interesting, he concludes, but “we’re confident in the collective intelligence of our people, our clients and our partners.”