VM Blog | By Saryu Nayyar, CEO of Gurucul
From the advent of 5G to the proliferation of AI and Smart Devices, 2020 will usher in a host of new challenges for those of us on the cyber security front lines. But technology advances won’t just force changes in security next year, some will also help us detect threats more quickly, easily and reliably than before.
1. 5G is coming. Are you ready?
Major 5G network deployments are expected in 2020, and the technology will create opportunities across many industries with its next-gen mobile Internet technology and lightning fast speeds. Analysts expect triple digit market growth over the next five years in the EU (ResearchAndMarkets.com) and double digits in the U.S. However, 5G has a cyber dark side.
Enterprises looking at 5G may experience security challenges with disparate network configurations and differing solutions and approaches from vendors. Some of the biggest 5G issues we expect to see in 2020 involve the supply chain and deployment. The vast 5G supply chain is susceptible to the introduction of vulnerabilities including malicious hardware/software and poor designs. Many of the companies providing hardware and software for 5G networks have their own security vulnerabilities, so we are expecting an increase in network asset compromise and a negative impact on the confidentiality and availability of data. As for the deployment of 5G networks, security issues will include an increased attack surface, due to more information and communication technology (ICT) components used compared with previous generations of wireless networks.
“5G is the connectivity technology of the future.” said Nilesh Dherange, CTO of Gurucul. “Expect to see a significant spike in 5G handsets this year, making the attack surface exponentially higher.”
2. Expect an increase in supply chain attacks.
Cyber criminals look for the easiest path to achieve their goals, and that path can run straight from third party vendors into your organization. Both the Target data breach of 2013 and the 2010 Stuxnet attack were initiated through vulnerable third-party providers.
While attacks via the supply chain are already prevalent, we expect to see an uptick in 2020. Suppliers, external developers, service contractors and other third parties that have access to your critical systems can have weak cybersecurity programs and processes, providing a rich target for cyber criminals that leads straight into your organization.
According to Craig Cooper, COO of Gurucul, “Threat actors are looking for the easy path in. Supply chain attacks allow attackers to gain access to multiple enterprises while staying under the radar of IT security.”
3. Hackers with automated tools will increase the velocity of attacks.
Automation has been used sparingly in the enterprise due to the number of false positives generated by older technologies and the risk of impeding employees in their work. However, this will have to change in 2020.
Hackers will increase their use of automated tools, and this will lead to massive increases in the volume of data that cyber security teams will have to manage. This quickly becomes impossible for humans to analyze and manage. We expect to see an increase in the use of machine learning technologies that will help security teams intervene when the data indicates an actual cyberattack in progress.
Enterprises will need to improve their use of automation in cyber security, and this will help IT security focus their efforts on high-risk threats. Increased use of machine learning technologies will be key in 2020.
4. Cyber security budgets will increase drastically.
In 2020, we expect organizations to significantly increase spending on cyber security but we also expect to see an uptick in data breaches. The big challenge will be to focus spending in the right areas.
Many organizations struggle with basic cybersecurity hygiene, including patching, frequently changing privileged credentials and utilizing multi factor authentication. Additionally, organizations continue to use yesterday’s security technologies to fight tomorrow’s security battles. For instance, rules based security solutions like SIEMs are great for detecting known vulnerabilities, but they are ineffective against new, unknown threats. So even as companies invest large sums of money, data breaches will continue.
As Craig Cooper says, “Organizations will continue to increase spending on security but will also continue to struggle with preventing breaches. Regardless of whether it is an employee mistake, lack of resources, or operational priorities, we are sure to see this trend continue in 2020.”
5. Organizations will seriously focus on the Insider Threat.
Insider threat attacks are much more lucrative due to insiders having the keys to the kingdom and knowing where the valuable data resides. While organizations have recently been spending large amounts of money securing network perimeters, cloud systems and services, in 2020 they will focus on tackling the insider threat element, which to be successful requires more than technology. They will need to address processes and policies, and they will need to coordinate efforts across multiple departments.
According to our research, 40% of organizations can’t detect insider threats or can only detect them after the data has left the organization. And according to the Verizon Insider Threat Report, 57% of database breaches involve insider threats. More organizations are now recognizing the threat from within as well as the external threat, so 2020 should be the year in which proactive insider threat security programs become more mainstream.
To tackle the challenge of the malicious insider, companies will need to utilize machine learning algorithms that are specifically tuned to detect behaviors indicative of malicious intent. Data science has successfully derailed employees and third-party contractors intent on theft and fraud. Insider threat detection and prevention will be a priority in 2020.
6. Healthcare fraud will be in the spotlight.
Defrauding health insurance companies, healthcare providers and individual consumers is big business. With false insurance claims, duplicate claims, inflated claims, fake healthcare provider websites, insurance scams, the list of healthcare fraud is long and growing, in no small part due to increasingly complex, interconnected healthcare systems.
As the population ages, hackers are increasingly targeting the elderly and frail. Governments can’t investigate every consumer complaint, and healthcare companies continue to struggle with conflicting priorities. It’s a systemic weakness and hackers will up the ante in 2020, placing organizations and patient lives at risk.
According to Craig Cooper, “Healthcare should be about saving lives. So, it’s no surprise that cybersecurity takes a back seat to medical innovations even though data breaches can literally put lives at risk if patient treatment, data or medical operations are compromised. It’s hard for IT staff in healthcare organizations to get share of wallet, let alone share of mind. Unfortunately, priorities will only shift when healthcare fraud detection and prevention tools become more critical than life support. Sadly, that time is not far off.”
7. More attacks will be directed at the cloud.
As organizations continue to migrate their data and workloads to the cloud in 2020, we expect more attacks to target cloud service providers as a way to pilfer data from companies the cloud providers serve. As a result, companies will look for more ways to gain visibility and control over data across their cloud environments. Organizations that work with sensitive data will start pressuring their cloud service providers to adopt the same level of data security measures that they apply internally.
We also expect to see more controversy from governments stepping in to investigate cloud-based breaches (like the Capital One breach), and more finger pointing between cloud hosting vendors and customers whose data has been breached.
Nilesh Dherange says, “In 2020 companies will invest even more heavily in cloud security as they increasingly migrate to the cloud. Supporting DevOps use cases and enforcing secure cloud configurations are the initiatives that will spur the increase.”
8. AI-based cyber attacks will increase.
In 2020 we will see an increase in cyberattacks that use Artificial Intelligence (AI) and Machine Learning. Weaponized AI will be used by attackers to find and exploit weaknesses, and to take information gleaned from successful hacks to develop even more powerful attacks.
As machine learning development tools become simpler to use, criminals will increasingly easily leverage them in new attacks. While some of their initial AI attacks will be rudimentary, hackers will grow more sophisticated using AI to create malware capable of adapting to obstacles. Techniques like AI-enabled spear phishing will let attackers launch phishing attacks at scale, significantly increasing their chances for success.
Nilesh Dherange warns, “Attackers are already leveraging AI to evade detection and build more effective attacks. But 2020 will see the most AI-backed cyberattacks to date. Given the immense volume of data available online, AI will be utilized to build even more narrowly targeted attacks by learning about potential victims.”
9. Small, municipal governments will be targeted with ransomware.
Local government networks are often seen as low hanging fruit by cyber criminals. Smaller government agencies lack the budgets for efficient information security programs, and the IT departments are frequently understaffed with experienced workers.
In 2019, we saw an increase in well-coordinated ransomware attacks, including the ones that impacted 22 communities in Texas. Nearly two-thirds of all ransomware attacks in the United States in 2019 targeted state or local governments, according to IT security firm Barracuda Networks. According to research from Coveware, governments paid almost 10 times as much ransomware money on average as their private-sector counterparts over the second quarter of 2019. While the overall rate of ransomware attacks may diminish, ransomware attacks against municipalities will increase in 2020 as criminals go where the money is.
Craig Cooper explains, “Ransomware attacks are common because they’re profitable for the attackers. Ransomware usually relies on human errors or known, unpatched vulnerabilities to succeed. When it does succeed, and the victim doesn’t have backups, the attacker’s extortion tactics often work. Many government agencies have overburdened IT departments, sometimes without the resources or experience to handle today’s cyberattacks. For that reason, we can expect to see more successful ransomware attacks against government agencies in 2020.”
10. Malware attacks against medical devices will threaten healthcare.
Ransomware attacks on medical devices is continuing to increase. While these attacks have mostly been under the radar, we can expect more of these highly targeted attacks in 2020.
In the past, medical devices were built with proprietary firmware or other exclusive features. That meant the ROI for compromising medical devices wasn’t lucrative. But now manufacturers are building cheaper and more scalable medical devices running Windows, and this approach greatly expands the opportunity to adapt and scale attacks across a wide range of devices.
Consequently, medical devices are increasingly in the crosshairs of automated ransomware attacks, and the healthcare industry is unprepared. Due to the mission critical, live or die nature of medical devices, cyber criminals are placing a safe bet that their victims will pay up.
Within the next five years, 44% of medical technology companies surveyed by Deloitte predict that all of their devices will be connected through IoT. This shift is creating a dangerous new attack surface. Despite the growing threat to medical devices, most U.S. healthcare providers still lack a documented strategy for protecting them, thus ensuring that this will be a trending cyber threat in 2020.
11. Business Email Compromise (BEC) will become a top threat.
BEC has been used by bad actors for a considerable amount of time. Based on what we have seen in 2019 this threat has not only increased in complexity, but also in profitability. According to Forrester, the estimated exposed losses due to BEC between 2016 and 2019 totaled $26 billion. We expect that BEC will become even more profitable than ransomware in 2020.
Historically BEC attacks got users to unknowingly install malware that allowed bad actors to gain access to networks and resources to gather data. More recently, BEC has been used to create plausible changes to payments, sometimes to the tune of millions of dollars, to redirect funds to the attackers’ own accounts. This short circuits the need for hackers to waste time digging in a customer network for usable data. They simply compromise email accounts and watch conversations until they have sufficient information to interject and make changes to routing funds.
BEC impacts finance teams more than IT, so there are few, if any, controls in place to identify and stop this fraudulent activity. It’s not like you can configure your security solution (firewalls, IPS, DLP etc) to block these transactions. BEC traverses boundaries and becomes part of the fraud team’s work (if there even is a fraud team in the organization). For these reasons, BEC attacks will be on the rise in 2020.
We’ve laid a stake in the ground with these predictions for 2020, but being right isn’t really as important as helping others prepare for the challenges on the horizon. We hope this information helps you navigate the year ahead and that you will be successful in defending your organization against the year’s cyberthreats.
About the Author