Research – HG Insights reports on cybersecurity industry predictions for 2020 and beyond – According to Optiv Security, privacy, evolving threat actors, pervasive deep fake videos and increased election interference are among the issues taking on greater importance this year.
“We have a solid idea of what threats the industry is facing, and not just ransomware and phishing attacks, but new, hard-to-combat threats,” said Anthony Diaz, Division Vice President, Emerging Services, at Optiv, a security solutions integrator delivering end-to-end cybersecurity solutions.
“As is always the case, us ‘good guys’ are forced play catch up with bad actors, who constantly remain a step ahead. There is much IT and business leaders must be aware of when it comes to cybersecurity, as the pace of change is quite high. That is why we recommend cybersecurity programs focus on proactive risk mitigation and build out from there. This ensures your organization is actively looking for, combating, and identifying threats before they can cause damage.”
Experts at Optiv Security believe the most common issues in 2020 may include:
Hybrid threat actors
Optiv’s 2019 Cyber Threat Intelligence Estimate (CTIE) found a growing number of “hybrid threat actors.” These are attackers who impersonate one type of adversary to disguise their true intentions (for example, a nation state imitating a generic hacker targeting a customer database, when its true aim is to steal intellectual property). Optiv believes a possible increase in the number of adversaries to adopt this technique and launch “imposter” attacks to obfuscate their true intentions, adding yet another layer of complexity to threat hunting and incident response.
Privacy as a human right
Apple, the world’s foremost technology organization going all-in on privacy will shift the competitive landscape. Security and privacy could become a competitive differentiator for companies that follow Apple’s lead and grab “first mover” status in their markets. Laggards may risk meeting the unseemly fate of past organizations that failed to embrace important technology paradigms such as internet, cloud, and mobile computing.
The effectiveness of the Russian misinformation campaign of 2016 increases the possibility of increased copycat attacks for the 2020 election. These attacks could come from nation states as well as domestic groups supporting rival U.S. politicians. This activity threatens to trigger a major public/private response to the online misinformation problem.
Deep fake videos
There has been much publicity around the potential to impact elections using deep fakes (AI-doctored videos that enable individuals to make it appear people said things they never said). However, not enough attention has been paid to how cybercriminals can make money using deep fakes against businesses. This might change in 2020, as it’s possible we will see the first deep fake attacks designed to impact stock prices, by having CEOs, financial analysts, Federal Reserve leaders or other powerful economic figures make phony statements that will cause stock market movements. Cybercriminals would use these videos to make quick fortunes in the market.
Widespread realignment of IT and security organizations
As boards view cybersecurity as a peer-level risk to traditional enterprise risks, such as lawsuits and product recalls, more CISOs should become peers of CIOs and other executives, rather than direct or indirect reports. This would cause a realignment of the IT and security organizations to eliminate conflicts and encourage collaboration. The most critical of these will be the continued expansion of DevSecOps, in which security is fully integrated into the application development process; and patch management, which will move from being divided between security and IT (security finds vulnerabilities, IT patches them), to becoming a unified process with a single point of accountability.
Whether insufficient passwords, lack of education and training around phishing attacks, or simple upkeep and compliance, the tiny details of cybersecurity will continue to be the cause of a vast portion of compromises if left unaccounted for. Simple passwords (those without special characters or are extremely obvious, such as ‘password123’) only take minutes to crack by professional hackers and can be done inexpensively.
- The HG Insights platform provides an unprecedented view into the global cybersecurity sector, allowing you to identify the most valuable opportunities and build strategies to maximize your revenue and accelerate growth. Click here for more information.