As we gear up for a new work year, here are 10 cybersecurity trends and predictions for 2020 and beyond.
With 2019’s headlines of ransomware attacks and data breaches almost behind us, cybersecurity experts have shifted their focus on the cybercrime threats ahead.
Says Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research: “Cybercriminals are increasing the complexity and volume of their attacks and campaigns, always looking for ways to stay one step ahead of cybersecurity practices—and more often using the world’s evolving technology against us.”
Meanwhile, with emerging technologies such as AI, 5G and quantum computing converging with current developments in cloud computing, new attack vectors and new cybersecurity strategies will also emerge, such as IoT and DevOps.
Technology trends impacting cybersecurity
So, as the year draws to a close, CybersecAsia has compiled some scenarios from the experts for the threat landscape of 2020 and beyond. They promise to be interesting, scary and full of action from perpetrators and protectors alike, but take it with the right mindset and we’ll be alright …
Scenario #1: Watch out for threats in Deepfakes, DevOps containers, RPA and APIs
Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research: Continuing advancements in AI and machine learning (ML) have led to invaluable technological gains, but threat actors are also learning to leverage AI and ML in increasingly sinister ways. AI has extended the capabilities of producing convincing deepfake video to a less-skilled class of threat actor attempting to manipulate individual and public opinion. AI-driven facial recognition, a growing security asset, is also being used to produce deepfake media capable of fooling humans and machines.
With ever-increasing numbers of enterprises adopting cloud services to accelerate their business and promote collaboration, the need for cloud security is greater than ever. As a result, the number of organizations prioritizing the adoption of container technologies will likely continue to increase in 2020. Which products will they rely on to help reduce container-related risk and accelerate DevSecOps?
The increased adoption of robotic process automation and the growing importance to secure system accounts used for automation raises security concerns tied to Application Programming Interface (API) and their wealth of personal data.
Scenario #2: Rise of AI, post-quantum computing
Marten Mickos, CEO, HackerOne: AI is revolutionizing cybersecurity, but it does so slowly, starting with gathering and analysis of information. We will continue to see more use of the various types of AI in threat intelligence, threat detection, and analysis of log and alert data.
Tim Hollebeek, Industry and Standards Technical Strategist, DigiCert: Quantum computers will be able to solve economically important problems. This will kick off a new era of investment in accelerating quantum computing development, for its practical use and benefits. Predicting and exploring risk optimization, and using it to price things such as options contracts are just some of the use-cases of quantum computing in the financial and economic world. It’s crucial for enterprises to prepare and adopt post-quantum cryptography (PQC), in order to keep up, as seen from a recent DigiCert survey.
Development of a standardized PQC algorithm will be underway. The National Institute of Standards and Technology (NIST) are working towards having a standardized PQC algorithm by 2022-2024, and will kick off a global effort to deploy it. Companies that have already prepared for PQC and have better cryptographic agility will be able to deploy this relatively easily; others, not so much. As with other crypto transitions, PQC is likely to take time and not be as simple as a simple drop-in replacement for compromised algorithms when we discover the need. The effort needs to begin much sooner. Sadly, it is likely that vulnerable algorithms will still be in use by the time quantum computers arrive. It is important for companies to be aware, and begin preparing for this imminent development, as quantum computing can bring about security risks to data and privacy issues.
Scenario #3: Brace up for whole new genres of attack modalities for 5G and IoT
Patrick Hubbard, Head Geek, SolarWinds: 5G is coming, and although it may seem like the next generation of wireless tech will bring nothing but speed, responsiveness, and the reach needed to unlock the full capabilities of emerging tech trends, in actuality it will introduce unprecedented pain points—and those without a current solution.
Monitoring applications running on increasingly fragmented networks will become even more important, pushing developers to optimize applications for all connectivity speeds. Being able to measure network performance will also be key to ensure further 5G infrastructure rollouts are meeting latency expectations.
Kimm Yeo, Senior Product Marketing Manager, Synopsys Software Integrity Group:
Although the adoption of LTE has been broad-based, with over 600 carriers in 200 countries deployed, and over 3.2 billion subscribers worldwide (as of 2018), the enhanced user experience and convenience hasn’t come without a price. Several dozen new security flaws related to LTE have been identified through fuzz testing.
As both cellular and wireless technologies continue to advance to 5G, 6G and beyond, this will not only greatly reduce latency and improve the user experience, it will also open the door to new attack surfaces and attack strategies. It is extremely difficult to anticipate and prevent such malicious advances in the increasingly connected ecosystems and lifestyles in which we all live. However, this is something we should strive to improve upon in the not-so-distant future.
Mike Nelson, Vice President of IoT Security, DigiCert: We will see more IoT security efforts across the board. With public exploits on IoT devices, such as the HIV patient-data leak, more regulators will strengthen their position on IoT security.
As these security concerns are increasingly pushing themselves to the surface, more global governments will begin introducing IoT security regulation in addition to the enterprises’ efforts. Industries will also start coming together in an effort to create standards for securing IoT devices in their industry, such as device manufacturers who can include cyber-security measures together with their general safety protocols.
For many of them, this is an attempt to avoid regulation as their premiums will be built into their pricing, and their customers will have to pay a lot more for everyday connected household items.