Security experts have recently shared their predictions, warnings and best practices for the new year.
2020 promises a wave of technology development that will transform the industry and the lives of many people in IT in ways you won't believe.
In 2019, there certainly wasn't a lack of damaging, publicised security breaches. And given the ever-increasing sophistication of cybercriminals - and the complexity facing the defenders - the threat landscape in 2020 promises all-new challenges.
So how can tech and business owners have an advantage in the coming months? And grasp the benefits of transformative technologies like 5G, AI, and the Internet of Things?
1. Ransomware targets the cloud
Ransomware has become a multi-billion industry for hackers, and over the last decade we've seen the challenges of this malware cause havoc across multiple organisations. As with any big-money industry, ransomware will continue to evolve in order to maximise profits. In 2020, it is believed that ransomware will focus on the cloud.
Recently, untargeted ransomware has heightened with attackers mainly targetting industries whose businesses cannot function with any downtime. These include healthcare, state and local governments, and industrial control systems.
Despite its excessive damages and maximum revenues, ransomware has largely left the cloud untouched. As businesses of every size move both their servers and data to the cloud, it has become a one-stop shop for all of our most important data. In 2020, we expect to see this safe haven crumble as ransomware begins targeting cloud-based assets including file stores, S3 buckets, and virtual environments.
2. Cyber security skills gap to widen
The lack of cyber security has gone mainstream. A day doesn’t go by where we don't hear of a new data breach, ransomware attack or company network compromise. Meanwhile, consumers have also become aware of how their own personal data privacy contributes to their own security. As a result, it’s no surprise that the demand for cyber security expertise is higher than it's ever been.
The problem is, we don’t have the skilled professionals to fill this demand. According to the latest studies, almost three million cyber security jobs remained unfilled during 2018.
Universities and cyber security trade organisations are not graduating qualified candidates fast enough to fill the demand for new information security employees. 3/4 of companies claim this shortage in cyber security skills has affected them and lessened their security.
Unfortunately, we don’t see this cyber security skills gap lessening in 2020. Demand for skilled cyber security professionals keeps growing, yet we haven’t seen any recruiting and educational changes that will increase the supply. Let’s hope this scarcity of expertise doesn’t result in an increase in successful attacks.
3. 25% of all breaches will happen OUTSIDE the perimeter
The number of remote employees have been on the rise for many years as it comes with convenience as well as other advantages. A recent study found 90% of mid-market businesses have employees working half their week outside the office. While remote working can increase productivity and reduce burnout, it comes with its own set of security risks.
Remote employees work without any network perimeter security, missing out on an important part of a layered security defense. Additionally, mobile devices can often disguise warning signs of phishing attacks and other security threats. We predict that in 2020, 1/4 of all data breaches will involve telecommuters, mobile devices, and off-premise assets.
4. Attackers seeking new vulnerabilities in the 5G/Wi-Fi handover
The newest cellular standard, 5G, is rolling out across the world and promises big improvements in speed and reliability.
Your devices have intelligence built into them to automatically and silently switch between cellular and Wi-Fi. Security researches have exposed some flaws in this cellular-to-Wi-Fi handover process and it’s very likely that we will see a large 5G-to-Wi-Fi security vulnerability be exposed in 2020 that could allow attackers to access the voice and/or data of 5G mobile phones.
5. Multi-Factor Authentication to become a standard for mid-sized companies
MFA will become a standard security control for mid-market companies in 2020. This could be because of billions of emails and passwords having leaked on the dark web or the multiple database compromises online businesses suffer each year. The industry has finally realised that we are terrible at validating online identities.
Previously, MFA solutions were too complicated for mid-market organisations, but recently three things have made it easier to adopt MFA.
- First, MFA solutions have become much simpler with cloud-only options.
- Second, mobile phones have removed the expensive requirement of hardware tokens, which were cost-prohibitive for mid-market companies.
- Finally, the deluge of password problems has proven the absolute requirement for a better authentication solution.
The ease of use both for the end user and the IT administrator, managing these MFA tools will finally enable organisations of all sizes to recognise the security benefits of additional authentication factors.
Tips to prepare you for 2020
- Get every member of the board up to speed
- Prepare for the inevitable and then prepare some more
- Make compliance an advantage, not a headache
Expand your perspective, and enable the future
- Know your network but look beyond it
What is a cyber security improvement programme?
To combat cyber threats, you need the right people, processes and tools to secure your systems and data. All three need to work together for this to work.
Just like a burglar, a hacker looks for an easy way in. Setting up a high-tech home security system is a great step. But if nobody locks the door, you just threw left yourself vulnerable.
Weak passwords are the unlocked window. Phishing is your aunt letting in the gas man who turns out to be a con man. You can reduce risk with a cyber security improvement programme that supports and protects your business - and ensures you are not a soft target for criminals.
- How to create strong passwords you can remember
- Risk Identification - A crucial first step to improved cyber security
- 8 Most common cyber attacks explained
- Zscaler - Introduction to secure cloud transformation
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.