An Informed Skeptic's Guide to Security in 2020
Security predictions need to factor in technology trends, because security doesn't exist in a vacuum: security is applied to technology and if technology evolves, so must security
Security predictions aren’t just headline fodder. Successful enterprise security leaders do look into the future—as they must. They view predictions as rudders to move their organizations forward.
Security predictions need to factor in technology trends, because security doesn’t exist in a vacuum: security is applied to technology and if technology evolves, so must security. Remote workforces, new payment methods, cloud adoption, open banking standards and new regulations are examples of how business changes drove security in new directions.
The year 2020 marks the transition to a new decade. As I look to the year ahead, there will be five defining scenarios of the possible future, in which a fortress mentality of firewalling the perimeter to seal borders from external threats simply isn’t enough to stop malefactors in their tracks.
More Attacks and Production Downtimes
Utilities and other critical infrastructures (CIs)—assets essential for the society and economy—will still be viable targets for extortionists in 2020. Extortion through ransomware will still be cybercriminals’ weapon of choice as the risk for companies is high. As its name suggests, ransomware is a malicious piece of software that takes its victim's most important files and holds them hostage in exchange for a ransom. Prolonged production downtime translates to hefty monetary losses. Production lines can be debilitated for weeks, depending on how long system restoration takes.
Manufacturing companies that employ cloud service providers will be at risk of supply chain attacks; unsecure providers could serve as jumping-off points for threat actors to attack and immobilize production. Supply chain threats are particularly pressing, as they have the potential to impact not only one, but multiple businesses and their customers.
Compounding Risks in Cloud Platforms
We foresee more incidents of compromised networks due to cloud services’ weak points. Data leakage from misconfigured cloud storage will still be a common security issue for organizations in 2020.
Insufficient access restrictions, mismanaged permission controls, negligence in logging activities, and publicly exposed assets are only a few of the missteps which companies will take as they set up their cloud networks. Mistakes and failures involving cloud services will expose a significant number of company records and even lead to fines and penalties.
Persistent and File-less Threats
Threats that “live off the land”—or, in other words, abuse legitimate system administration to cover their malicious tracks—will continue to evade traditional blacklisting techniques.
Given that these threats are planted in the registry, reside in a system’s memory, or abuse normally whitelisted tools such as PowerShell and Windows Management Instrumentation, tracking non-file-based indicators such as specific execution events or behaviors will be important for detection.
To identify those threats and protect themselves, businesses will have to consider security solutions with behavioral indicators such as sandboxing. Like providing a safe and closed environment to build castles in the sand, sandboxes, in the security world, are a controlled, virtualized environment where security professionals can research and analyze the behavior of malware or suspicious files (read: execute their routines). Sandboxes typically use patterns of existing behaviors and routines to determine if the files are malicious or not.
Deepfakes will be the Next Frontier
Artificial intelligence technology is being used to create highly believable counterfeits (in image, video, or audio format) that depict individuals saying or doing things that did not occur—commonly referred to as deepfakes. The rise of deepfakes raises concern: We inevitably move from creating fake celebrity pornographic videos to manipulating company employees and procedures.
For instance, a perpetrator can alter photos and videos—complete with voice or audio—to generate a convincing deepfake, then blackmail a victim by threatening to send the Deepfake link to email or phonebook contacts unless he or she sends payment to a Bitcoin account. It’s a chilling but very real new type of fraud that will advance well into 2020 and beyond.
5G Adopters will Grapple with Vulnerable Software Operations
As 5G rollout gains momentum in 2020, we expect a variety of vulnerabilities simply on account of the newness of this technology.
The 5G repository simply hasn’t amassed enough records to facilitate the investigation of security vulnerabilities. The current measure of success for countries and vendors appears to be who gets to build and roll out 5G first, potentially sacrificing security for speed.
Putting 5G security as an afterthought, due to hasty migration or poor configurations, will pose challenges especially as more services become dependent on the technology.
We anticipate attacks in 2020 and beyond to be more thoroughly planned, spread out and varied in terms of tactics. However, proactive threat hunting can help businesses defend their environments identify security gaps, eliminate weak links and understand attacker strategies.
Security predictions can be very powerful in demonstrating to management and the business why security plans are structured in a certain way, and to justify either the investments or the absence of investment.
They say hindsight is 20/20, but foresight for 2020 should be held in the same regard. It’s the difference between proactive versus reactive strategies and having an approach that enables versus stifles innovative ideas. Make it a point to have security predictions handy in your back pocket and be an informed consumer of technologies you plan to adopt. Who knows what you might uncover.