kromkrathog - stock.adobe.com
When I look into my crystal ball at cybersecurity predictions for 2020, I see good news and bad. First, the bad news: Existing threats will worsen, and entirely new threats will arise.
The good news? Job security for cybersecurity professionals will remain for the foreseeable future. Despite the evolution in AI, machine learning and automation technology, humans will continue to be the front line of defense for enterprise cybersecurity. The tools will help, but they cannot replace human intuition and insight.
Here are my cybersecurity predictions for 2020, along with some recommended plans of action.
Prediction #1: Nation-state threats
Nation-state activity will become a more significant threat to enterprise organizations. Consider how Iran's immediate response to the U.S. drone attack on General Soleimani in January was to threaten a cyberattack. Equally noteworthy, but perhaps not as obvious, is that the hypothetical attack may not target government infrastructure specifically. Enterprise organizations are also at risk, particularly those with highly visible brands that are closely associated with target countries. For example, visibly American companies, such as American Airlines, McDonald's, Coca-Cola and Starbucks, could be targeted. The 2014 attack on Sony -- widely attributed to the North Korean government -- is a bellwether.
Recommended action: Enterprises should develop and execute a cybersecurity strategy that explicitly focuses on nation-state actors.
Prediction: #2: DoS attacks continue to prevail
Denial-of-service (DoS) attacks of all varieties will increase. Some enterprise cybersecurity professionals may assume DoS attacks specifically affecting infrastructure elements, such as the network or a corporate website, for example, will occur. But more than half of all workloads are now on the cloud, according to Nemertes' 2020 cloud research study. This means DoS attacks aimed at locking employees out of the cloud will be increasingly effective.
Think of attacks on cloud-based identity and access management or single sign-on. If users cannot log in to their apps, they're dead in the water. More broadly, as infrastructure of all varieties is increasingly instrumented, DoS attacks can have devastating impact.
Recommended action: Enterprises should assess their vulnerability to DoS attacks and revise or enhance their incident response policies to beef up their resilience.
Prediction #3: IoT moves up the ranks
IoT infrastructure attacks will go mainstream. There has been buzz about the gaps in IoT cybersecurity. However, most enterprise organizations are still woefully underprepared, particularly when it comes to IoT infrastructure -- the networks, computing and storage platforms across which IoT traffic travels. Standards bodies and industry consortia work to define IoT infrastructure cybersecurity frameworks, but these efforts are largely immature. For the foreseeable future, enterprise organizations will need to take proactive stances toward protecting their IoT infrastructure.
Recommended action: Enterprises deploying IoT should have an IoT cybersecurity architecture, strategy and deployment roadmap that includes infrastructure.
Prediction #4: Spotlight on collaboration
Collaboration suites and tools will become increasingly attractive targets for attackers. Tools such as Slack, Zoom and Microsoft Teams create entirely new vectors for attack. As enterprises increasingly rely on such tools, they must beef up their cybersecurity teams to address security flaws in these tools. More than 75% of enterprises will have cybersecurity specialists focusing on collaboration suites and tools by the end of 2020.
Recommended action: Enterprise cybersecurity professionals should ensure they have a strategy, architecture and roadmap to protect collaboration tools.
Prediction #5: Supply chain security
Third-party and supply chain attacks will intensify. It has been more than a year since the Super Micro bug was discovered in video hardware used in a company purchased by Amazon. Most enterprise cybersecurity specialists might have written the incident off as an outlier, something not likely to affect them. That is a mistake. As noted in the first cybersecurity prediction for 2020, nation-state attacks are increasing. One of the major distinguishers of a nation-state attack is that nation-states can afford to invest years into a single attack. Many of these attacks come from countries in which the government exerts iron-fisted control over all manufacturing processes -- for example China.
Adding an undetectable hardware bug to a key component of a target's supply chain is squarely within the wheelhouse of such nation-states. Cybersecurity professionals should anticipate more such attacks, not fewer.
Recommended action: Enterprise cybersecurity specialists need to team up with risk managers and procurement specialists to revisit global supply chains as cybersecurity attack vectors.
Prediction #6: Technology to augment security pros
Automation and machine learning will turbocharge cybersecurity team capabilities. The most significant cybersecurity operational metric -- mean total time to contain -- has decreased dramatically over the past four years. Nemertes measured that top-performing enterprises are now able to detect an incursion, determine that it is in fact an attack and contain the attack in an average of 2 minutes -- down from 8 minutes in 2018.
How do these enterprises do it? They selectively deploy AI and machine learning, which assist with detection and determination, and automation, which assists with containment. Tools such as behavioral threat analytics and security orchestration, automation and response (SOAR) are examples of how automation can benefit security programs.
Recommended action: Cybersecurity technologists should assess their technology portfolios and ensure they are deploying the right AI, machine learning and automation tools.
Prediction #7: More automation
Automation eases the compliance and auditing burden. AI, machine learning and automation protect enterprises against security incidents. Additionally, automation yields an unforeseen benefit when it comes to compliance: The technology automates the process of logging and documenting the responses to attacks. Some SOAR tools, for instance, will capture and timestamp every action taken in response to an attack. This not only assists with post-mortems, but also makes it easier to provide authorities with required documentation.
Recommended action: Cybersecurity professionals should collaborate with auditing and compliance teams to ensure that the deployed tools automate the capture of necessary compliance and audit data.
Prediction #8: Security pros evolve
Cybersecurity professionals will get more tech-savvy. It sounds strange to say, but many cybersecurity professionals have limited technical capabilities outside a narrow area of core expertise. CISOs have trended toward requiring technical skills -- such as coding expertise -- for a few years now. In 2020, expect these efforts to begin to bear noticeable fruit.
Recommended action: For cybersecurity professionals looking to burnish their appeal to the marketplace, 2020 is the year to add technical expertise, likely in the form of coding skills, to their resumes.
Prediction #9: Bring on zero trust
2020 will be the year of zero trust. According to Nemertes Research, by the end of 2020, 69% of enterprise organizations will have moved to a zero-trust security model. Despite the name, zero trust refers to a framework based on highly distributed, highly granular and highly dynamic trust. Specifically, the framework permits or denies actions and interactions not just at the user or device level, but also at the container, microcontainer or microservice level. Enterprises are moving in this direction already. More than half launched a zero-trust initiative by the end of 2019. Most are actively adopting precursor technologies, such as deep network segmentation, data classification and microservices authentication.
Recommended action: If zero trust is not on a security leader's radar yet, it should be. Cybersecurity teams should assess the zero-trust model and make plans to adopt.
Prediction #10: Cloud grows up
Cloud security will come into its own in 2020. As noted above, more than half of all workloads are now outside the corporate data center. Companies are responding to the increased reliance on cloud by adding cloud security teams, budgets and architectures to their initiatives.
Recommended action: If an organization does not yet have a team, budget and architecture specific to cloud cybersecurity, 2020 is the year to develop all the above.
There you have it. The takeaway from these cybersecurity predictions for 2020 is that the threats and threat vectors will multiply. But, with the appropriate focus, technology and training, cybersecurity teams should be able to keep them at bay.