10 Areas of Change in Cybersecurity for 2020

10 Areas of Change in Cybersecurity for 2020

10 Areas of Change in Cybersecurity for 2020

Cybersecurity in 2020 will be evolutionary but not revolutionary. 

Although there is always change and churn, much of the foundational drivers remain relatively stable. Attacks in the next 12 months are likely to persist in ways already known but taking it up-a-notch and that will lead to a steady escalation between attackers and defenders. The growth of devices, users, and data continue to expand the playing field while the weaknesses of people's behaviors continue to contribute to the greatest risk factors for compromises.

Here are some of the key areas to keep an eye on. 

2020 Cybersecurity Predictions

  1. Internet-of-Things (IoT): IoT continues to expand with insecure devices, services, and interfaces. Another 4 billion IoT devices will come online in 2020. Devices being hacked and insecure data being compromised are the two primary threats. Some progress will be made with the retirement of default or no passwords, but IoT devices will still be far from secure. At the same time, such devices will be called upon to handle even more sensitive data. Overall, the risks increase as devices become more autonomous and are employed in sensitive industries like healthcare, critical infrastructure, transportation, security, and remote-work applications.

  2. Cybersecurity Workforce: The demand for cybersecurity professionals continues to rise and outpace the available talent pool. By the end of 2020, there will likely be over 3 million unfilled positions. Such a global shortage leaves a dangerous range of organizations under-resourced to protect assets, services, data, and people. Leadership and technical roles will be in the highest demand. Ironically, entry-level placement will be difficult for those without experience. Frustration will fester for many entering into the field. The training gap remains for 2020 and beyond, but academic institutions will continue to move, albeit slowly, to close the deficiencies in preparing the next generation of cybersecurity professionals.

  3. Critical Infrastructure (CI): The war targeting critical infrastructure will heat up while remaining largely stealthy. Nation-States will jockey for access in the systems of potential adversaries. Defenders will actively pursue detection and eviction, but never achieve a high level of confidence. It is a chess game where the winner retains a foothold that could be used in the future as part of a devastating attack, to send political messages, or fuel disruption. On a positive note, no major critical infrastructure attacks will occur in 2020, at least on purpose. Accidents do sometimes happen at this level of gamesmanship. Vital sectors including government, communications, transportation, logistics, energy, national industries, and even healthcare are all potential targets for compromise. This is part of the long-game that countries play against one another.

  4. Cybercrime: The number of cybercriminals and attacks grows significantly, victimizing more people and incurring losses that may approach $6 trillion by the end of the year. At the top, the organized and funded crews will continue to expand and orchestrate top-tier attacks as well as massive fraud at an ever-growing scale. At the bottom of the cybercrime hierarchy pyramid, swells of novice criminals will join the ranks to help with basic labor-intensive duties. Financial hardship, desperation, and a lack of other options will draw new internet users from economically struggling geographies to venture into cybercrime.  They are lured into activities such as botnet/malware distribution, money and reshipping mule duties, ransomware-as-a-service (RaaS) victim on-boarding, social engineering data harvesting, human authentication verification, amplification of investment scams, and propagation of retail fraud to make money. As a result, the global online community will suffer from an increase of ransomware, denial-of-service, online-harassment, data breaches, financial fraud schemes, and cryptojacking. The severity will drive up the overall losses due to cybercrime. The elite digital syndicates will target specific organizations for big scores with Business Email Compromises (BEC), financial transaction tampering, and data accessibility ransoms in the millions. The largest single attacks of 2020 will likely reach into the hundreds of millions in losses.

  5. Passwords/Authentication: Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) will remain largely ignored, regardless of the massive fleecing of accounts.  Throughout the year, consumers will feel much more pain from highly automated credential-stuffing capabilities that are coupled with exploitation features for account hacking, extortion demands, and theft. Small and medium businesses (SMB) will feel the greatest pain and will struggle to find a balance between the risks, costs, and usability friction.

  6. Privacy: Privacy compliance will be expensive, convoluted, and political. Expectations of customers will increase for companies to keep their data private. Credit monitoring will not be enough to appease the masses. Regulatory authorities around the globe will begin greater prosecution of offenders. The news will highlight more lawsuits, massive regulatory penalties, greater customer abandonment, and executives losing their jobs because of poor choices in protecting private data or not satisfying regulations.

  7. Artificial Intelligence (AI): AI attacks and defenses will rise to a new level. Attacks will be more customized and scale to target large pools of potential victims. Defenses will lag, but also begin finding optimal ways to detect and block these types of attacks. Implementation of AI tools by the attackers and defenders is still in the early phases of what will be a very long and drawn out arms race.

  8. Malware:  Vulnerability discovery, exploit creation, and development of malicious software will accelerate. It will also expand from the server, PC, and smartphone domains to include many more types of devices and services. Technical exploitation techniques get more sophisticated, but social engineering does not. It simply doesn't need to. Humans continue to be the weakest link in the ecosystem and remain the primary means for practical compromises. 

  9. Zero-Trust: “Zero-Trust” will remain a marketing buzzword for most of the year. Basic standards and more narrow accepted concepts begin to emerge around Zero-Trust security. By the end of 2020, there will still not be a complete consensus, standards, or frameworks. As leaders emerge, customers will begin to fall into certain camps. Results will continue to vary for this premium capability. Expect various re-branding and renaming to ensue as the term begins to become stale and loses favor with marketing types because of a lack of competitive differentiation.

  10. 5G cybersecurity risks: The security fears of 5G reached its pinnacle in 2019. A lot of hype but real risks won't actually manifest in 2020. Yes, 5G allows for greater speed, lower latency, and more connection density but that plays for both sides. Risk organizations realize it is just the natural evolution of the battlefield, not a super-weapon. People will briefly wonder what all the fuss was about, as they enjoy a better experience. Security pundits will shift gears to focus on the next sexy potential emerging threat that could boost their budgets. Pity they aren't focusing on the human behavioral weaknesses that represent a much greater problem.

The aggregation of these factors will contribute to a thriving cybercrime industry that will show no mercy in 2020. Tools for both attackers and defenders get better. The size and complexity of our digital world will increase significantly, creating scalability issues for security while opening new opportunities for threats. 

The biggest overall concern for 2020 will be that significantly more data will be in peril. Vast amounts of data will be created and potentially exposed from significantly increasing numbers of devices, services, and users. Nearly 400 thousand new internet citizens will join the connected digital world, with the largest percentage from economically struggling countries. Businesses and governments will continue to gather more information than needed and aggregate it in ways that consumers did not expect. Security will remain weak, with protections lacking for data in-use, in-transit, and at rest.

Although 2020 predictions may sound extreme, this is the normal progression for cybersecurity. It should draw a mild yawn from security professionals who are familiar with maneuvering these troubled waters every day. The best of them will remain vigilant and keep continued pressure on intersecting the tactics, techniques, and processes of attackers to drive increasing demand for better and more coordinated cybersecurity throughout the year. 

Interested in more? Follow me on LinkedInMedium, and Twitter (@Matt_Rosenquist) to hear insights, rants, and what is going on in cybersecurity.

Share this article

Leave your comments

Post comment as a guest

0
terms and condition.
  • Chris Ross

    The number of cyberattacks have increased during these past few months

  • Tom Scowcroft

    We are no longer safe.....

  • Mike Daniels

    Very interesting

  • Charlie Hamnett

    Around the world, cyber crime is on the rise.

  • Mary Shaw

    Good stuff

  • Jean Dowell

    Fantastic

  • ETech 7

    In todays day and age, cybersecurity has never been more important than now. Most businesses rely so heavily on technology to help them grow and expand their business. Thats why securing and protecting your business data should be one of the top priorities in your business plan. An IT support company can help with all your data security issues.

Share this article

Matthew Rosenquist 

Cybersecurity Expert

Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services. 

   
Save
Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline