Get All Access for $5/mo

An Informed Skeptic's Guide to Security in 2020 Security predictions need to factor in technology trends, because security doesn't exist in a vacuum: security is applied to technology and if technology evolves, so must security

By Nilesh Jain

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur Asia Pacific, an international franchise of Entrepreneur Media.


Security predictions aren't just headline fodder. Successful enterprise security leaders do look into the future—as they must. They view predictions as rudders to move their organizations forward.

Security predictions need to factor in technology trends, because security doesn't exist in a vacuum: security is applied to technology and if technology evolves, so must security. Remote workforces, new payment methods, cloud adoption, open banking standards and new regulations are examples of how business changes drove security in new directions.

The year 2020 marks the transition to a new decade. As I look to the year ahead, there will be five defining scenarios of the possible future, in which a fortress mentality of firewalling the perimeter to seal borders from external threats simply isn't enough to stop malefactors in their tracks.

More Attacks and Production Downtimes

Utilities and other critical infrastructures (CIs)—assets essential for the society and economy—will still be viable targets for extortionists in 2020. Extortion through ransomware will still be cybercriminals' weapon of choice as the risk for companies is high. As its name suggests, ransomware is a malicious piece of software that takes its victim's most important files and holds them hostage in exchange for a ransom. Prolonged production downtime translates to hefty monetary losses. Production lines can be debilitated for weeks, depending on how long system restoration takes.

Manufacturing companies that employ cloud service providers will be at risk of supply chain attacks; unsecure providers could serve as jumping-off points for threat actors to attack and immobilize production. Supply chain threats are particularly pressing, as they have the potential to impact not only one, but multiple businesses and their customers.

Compounding Risks in Cloud Platforms

We foresee more incidents of compromised networks due to cloud services' weak points. Data leakage from misconfigured cloud storage will still be a common security issue for organizations in 2020.

Insufficient access restrictions, mismanaged permission controls, negligence in logging activities, and publicly exposed assets are only a few of the missteps which companies will take as they set up their cloud networks. Mistakes and failures involving cloud services will expose a significant number of company records and even lead to fines and penalties.

Persistent and File-less Threats

Threats that "live off the land"—or, in other words, abuse legitimate system administration to cover their malicious tracks—will continue to evade traditional blacklisting techniques.

Given that these threats are planted in the registry, reside in a system's memory, or abuse normally whitelisted tools such as PowerShell and Windows Management Instrumentation, tracking non-file-based indicators such as specific execution events or behaviors will be important for detection.

To identify those threats and protect themselves, businesses will have to consider security solutions with behavioral indicators such as sandboxing. Like providing a safe and closed environment to build castles in the sand, sandboxes, in the security world, are a controlled, virtualized environment where security professionals can research and analyze the behavior of malware or suspicious files (read: execute their routines). Sandboxes typically use patterns of existing behaviors and routines to determine if the files are malicious or not.

Deepfakes will be the Next Frontier

Artificial intelligence technology is being used to create highly believable counterfeits (in image, video, or audio format) that depict individuals saying or doing things that did not occur—commonly referred to as deepfakes. The rise of deepfakes raises concern: We inevitably move from creating fake celebrity pornographic videos to manipulating company employees and procedures.

For instance, a perpetrator can alter photos and videos—complete with voice or audio—to generate a convincing deepfake, then blackmail a victim by threatening to send the Deepfake link to email or phonebook contacts unless he or she sends payment to a Bitcoin account. It's a chilling but very real new type of fraud that will advance well into 2020 and beyond.

5G Adopters will Grapple with Vulnerable Software Operations

As 5G rollout gains momentum in 2020, we expect a variety of vulnerabilities simply on account of the newness of this technology.

The 5G repository simply hasn't amassed enough records to facilitate the investigation of security vulnerabilities. The current measure of success for countries and vendors appears to be who gets to build and roll out 5G first, potentially sacrificing security for speed.

Putting 5G security as an afterthought, due to hasty migration or poor configurations, will pose challenges especially as more services become dependent on the technology.

We anticipate attacks in 2020 and beyond to be more thoroughly planned, spread out and varied in terms of tactics. However, proactive threat hunting can help businesses defend their environments identify security gaps, eliminate weak links and understand attacker strategies.

Security predictions can be very powerful in demonstrating to management and the business why security plans are structured in a certain way, and to justify either the investments or the absence of investment.

They say hindsight is 20/20, but foresight for 2020 should be held in the same regard. It's the difference between proactive versus reactive strategies and having an approach that enables versus stifles innovative ideas. Make it a point to have security predictions handy in your back pocket and be an informed consumer of technologies you plan to adopt. Who knows what you might uncover.

Nilesh Jain

Vice-president, Southeast Asia and India, Trend Micro


7 Steps to Building a Personal Brand to Support Your Business

Your company's personal brands may have the potential to multiply the reach of your content -- not to mention the trust of your customers..


How Much Did That New Customer Cost You?

Determine your marketing plan's effectiveness by analyzing how much you're spending to gain just one client.

Business Solutions

Increase Productivity with This Microsoft 365 Subscription, Now $25 Off

It can make the entrepreneur life a lot easier.

Business News

Apple Pay Later Is Ending. Here's What's Taking Its Place.

The program was available for less than a year.

Business News

He Changed His Lottery Strategy After Taking Advice From His Father. Then He Won $7 Million.

The anonymous 38-year-old man broke the record for the most money won in the Michigan online lottery.


Travel Better for Business and Beyond with OneAir Elite for $80

Sometimes you need to take things into your own hands and leave the office to develop business. This subscription can help.