Six Cybersecurity Predictions For 2020
By Tim Steinkopf
In the first half of 2019, data breaches increased by 54% compared to the first six months of 2018, according to a study by Risk Based Security. The amount of data breaches in the headlines has only increased in recent months, and as we look ahead to 2020, I expect to see more of the same.
The question is, are hackers really getting that much better at cyberattacks, or is it that organizations still aren’t taking the steps needed to reduce their risk and exposure to the threats they are facing? I think it’s a mixture of both. But certainly, the fact that three out of four organizations aren’t providing basic cybersecurity training to their employees, according to a survey my company did with Censuswide, isn’t helping things. The easier people make it for cyberattackers to exploit weak cyberpractices, the more we’re going to see hackers take the easiest way into an enterprise.
Because of this, I predict data breaches will continue to increase not only in terms of volume, but also in terms of severity in the coming year. Remember, it only takes one compromised credential to impact millions — millions of dollars, millions of customers, millions of lost opportunities, etc.
That said, here are five more cybersecurity predictions I have for 2020:
1. Successful ransomware attacks will double. A 2019 report showed a steep rise in business ransomware attacks in the first quarter of the year. This trend will continue in 2020, and as the FBI softens its stance on businesses paying ransoms, the number of “successful” ransomware attacks (i.e., those in which the ransom is paid) will double, with total losses of all reported attacks increasing significantly.
2. Misplaced understanding of cloud security will increase risk. Another recent survey of ours found that 60% of organizations don’t understand the shared responsibility model when it comes to who secures workloads in the cloud. This will create a false sense of security in cloud security providers by their customers, as the latter are responsible for securing privileged access to their cloud administration accounts and workloads. Therefore, I see cloud environments becoming a top target of cyberattacks in 2020 as bad actors exploit this false sense of confidence.
3. More U.S. state election boards will be hacked. I believe federal aid to help states bolster their election security will come up short in 2020. As a result, every state election board will again be targeted by hackers in 2020 (as we saw in 2016), and I predict more will be successfully breached this election. Election boards frequently hold names, addresses, partial Social Security numbers, dates of birth, driver’s license numbers and a variety of other personal information about voters that can be leveraged by hackers for financial gain. This sensitive information can also be used to impersonate voters.
4. 2020 will bring the rise of securing machine identities. With an estimated 20 billion-plus internet of things-connected devices and an evolving enterprise threatscape that includes automation and DevOps, machine identities will become the largest cybersecurity exposure point in 2020, overtaking humans. However, automation, if done correctly by humans, could mitigate much of the risk, and employees will remain the biggest weakness for organizations.
5. Phishing will continue to evolve beyond email to SMS and video. Most people think of phishing (and the more targeted variety, known as spearphishing) as being limited to suspicious emails. Hackers have proven to be very capable of evolving to get around increased cybersecurity awareness, and phishing will continue to move away from using email as the preferred medium and focus more on Short Message Service (i.e., text messaging). I expect phishing attacks by SMS will increase by more than 100% in 2020, and we’ll see the first successful spearphishing by video, as hackers leverage new tools such as “deep fake” technology to look and sound like a trusted person (e.g., a FaceTime with an attacker posing as the CEO).
While the amount of cyberattacks will undoubtedly increase in 2020, we can reduce their success. Conduct cybertraining with employees, lock down machine identities, institute a common security model across hybrid- and multi-cloud environments, and take an identity-centric approach to access management that keeps the bad guys out. If we do that, 2020 could be the year we start to make data breach numbers go down.