International. This year's cybersecurity predictions looked at the major cyberattacks that may occur in 2020 and provided tips to simplify your approach to stopping them. This study was conducted by the WatchGuard Threat Lab.
The company assures that 2020 will be the year of simplified security.
Prediction #1: Ransomware targets the cloud
Ransomware is a multi-billion dollar industry for hackers, and over the past decade we've seen extremely virulent strains of this malware wreak havoc across industries. As with any big-money industry, ransomware will continue to evolve to maximize profits. In 2020, WatchGuard Threat Lab believes ransomware will focus on the cloud.
Recently, untargeted "shotgun" ransomware has stalled with attackers showing a preference for targeted attacks against industries whose businesses can't function with any downtime. These include health care, state and local governments, and industrial control systems.
Despite its far-reaching damage and growing revenue, ransomware has left the cloud largely intact. As businesses of all sizes move their servers and data to the cloud, it has become a one-stop shop for all of our most important data. In 2020, it is expected to see this safe haven collapse as ransomware begins to target assets based on ?? in the cloud, including file stores, S3 buckets, and virtual environments.
Prediction #2: GDPR comes to the United States
Two years ago the General Data Protection Regulation (GDPR) came into force, which protects the data and privacy rights of citizens of the European Union. So far, few places outside the EU have similar laws, but WatchGuard expects to see more states come closer to matching it in 2020.
The GDPR boils down to imposing restrictions on how organizations can process personal data, and what rights individuals have to limit who can access that data, and it has already shown its teeth. To date, the companies have been fined millions of euros for GDPR breaches, including mass trials of €50 million and £99 million in 2019 against Google and Marriott, respectively. While the burden on businesses can be intense, the protections provided to people are very popular.
Meanwhile, the U.S. has suffered a plague on social media privacy in recent years, with no real GDPR equivalent to protect local consumers. As organizations like Facebook leak more and more of our personal data, which bad actors have used in everything from selective election manipulation to seeking unethical rewards, American citizens are beginning to clamor for privacy protections like those enjoyed by European citizens. So far, only one state, California, has responded by passing its California Consumer Privacy Act (CCPA), which went into effect in early 2020.
Although the same senator who passed the CCPA in California proposed a Federal Consumer Data Privacy Act (CDPA) bill, we don't think it will garner enough support to pass it nationwide in 2020. However, we expect more and more states to demand protection of their own acts of consumer privacy at the state level. In 2020, we anticipate that 10 or more states will enact laws similar to the California CCPA.
Prediction #3: Voter registration systems will be targeted during elections in 2020
Election hacking has been a hot topic since the 2016 U.S. election. Over the past four years, news cycles have covered everything from misinformation spread on social media to alleged breaches of state voting systems. During the 2020 U.S. presidential election, we forecast that external threat actors will target state and local voter databases with the goal of creating electoral chaos and triggering voter fraud alerts during the 2020 election.
Security experts have already shown that many of the systems we rely on for voter registration and voting on Election Day suffer from significant digital vulnerabilities. In fact, the attackers even tested some of these weaknesses during the 2016 election, stealing voter registration data from several states. While these state-sponsored attackers appeared to draw the line by avoiding altering the voting results, we suspect that their previous success will encourage them during the 2020 election, and target and manipulate our voter registration systems to make it harder for legitimate voters to cast their votes, and to question the validity of vote counts.
Prediction #4: Multi-Factor Authentication (MFA) Will Become Standard for Midsize Businesses
We predict that multi-factor authentication (MFA) will become a standard security control for midsize businesses in 2020. Whether it's because of billions of emails and passwords that have been leaked on the dark web, or the many databases and passwords that are compromised due to the attacks that online businesses suffer every year, or the fact that users still use dumb and insecure passwords, the industry has finally realized that we are terrible at validating identities online.
Previously, MFA solutions were too cumbersome for medium-sized businesses, but recently three things have paved the way for widespread MFA, both sms one-time password (OTP) and application-based models, even among small and medium-sized businesses. First, MFA solutions have become much simpler with cloud-only options. Second, mobile phones have eliminated the costly requirement for hardware tokens, which were prohibitive for small and medium-sized businesses. And finally, the deluge of password issues has proven to be the absolute requirement for a better authentication solution. While SMS OTP is now falling into disuse over legitimate security concerns, the app-based MFA option is here to stay.
The ease of use for both the end user and the IT administrator who manages these MFA tools will ultimately allow organizations of all sizes to recognize the security benefits of additional authentication factors. That's why we believe enterprise-wide MFA will become a de facto standard among all midsize businesses next year.
Prediction #5: During 2020, 25% of all breaches will occur outside the perimeter.
The use of mobile devices and remote employees have increased telecommuting for several years now. A recent survey by WatchGuard and CITE Research found that 90% of mid-market companies have employees who work half their week away from the office. While remote work can increase productivity and reduce wear and tear, it comes with its own set of security risks. Mobile employees often work without any network perimeter security, missing out on an important part of a layered security defense. In addition, mobile devices can often mask telltale signs of phishing attacks and other security threats. We predict that by 2020, a quarter of all data breaches will involve telecommuters, mobile devices, and off-premises assets.
Prediction #6: The cybersecurity skills gap widens.
Cybersecurity, or lack thereof, has become widespread. It seems like not a day goes by when the general public doesn't learn of some new data breach, ransomware attack, company network compromise, or state-sponsored cyberattack. Meanwhile, consumers have also realized how their personal data privacy contributes to their own security (thank you, Facebook). As a result, it's no surprise that the demand for cybersecurity expertise is at an all-time high.
The problem is that there are no qualified professionals to meet this demand. According to the latest studies, almost three million Cybersecurity jobs remained uncovered during 2018. Universities and cybersecurity organizations are not graduating qualified candidates fast enough to meet the demand for new information security employees. Three-quarters of companies say this shortage in cybersecurity skills has affected them and diminished their security.
Unfortunately, we don't see this gap in cybersecurity skills diminishing in 2020. The demand for qualified professionals in this discipline continues to grow, however, we have not seen any changes in recruitment and education that increase the supply. Whether it's the lack of proper formal education courses on cybersecurity or the often thankless job aversion of working on the front line, we predict that the gap in cybersecurity skills will increase by an additional 15% next year. Let's hope this dearth of experience doesn't result in an increase in successful attacks.
Prediction #7: Attackers will encounter new vulnerabilities in the transfer of 5G/Wi-Fi to access voice and/or data from 5G mobile phones.
The newest cellular standard, 5G, is being rolled out worldwide and promises big improvements in speed and reliability. Unknown to most people, in large public areas such as hotels, shopping malls, and airports, your voice and data information from your cellular-enabled device communicates to both cell towers and Wi-Fi hotspots located in these public areas.
Large mobile operators do this to save network bandwidth in high-density areas. Their devices have built-in intelligence to automatically and silently switch between cellular and Wi-Fi. Security research has exposed some flaws in this cellular-to-Wi-Fi transfer process and it is highly likely that we will see a major 5G to Wi-Fi security vulnerability in 2020 that could allow attackers to access the voice and/or data of 5G mobile phones.
Leave your comment