Forcepoint has unveiled its predictions about the cybersecurity landscape for 2020. These predictions span across topics such as attacker techniques, communication platforms, infrastructure adoption, data protection legislation and cybersecurity strategies.
Deepfakes-As-A-Service increases ransomware effectiveness and election interference
With the growing complexity and realism being brought in to Deepfakes, it is predicted that the media will move to the forefront in 2020 as it becomes widely adopted for both fun and malicious reasons. It is anticipated that deepfakes will be deployed to impersonate high-level targets at enterprises in order to scam employees to transfer money into fraudulent accounts. Additionally, we will observe Ransomware authors target recipients with realistic videos of themselves in compromising situations, using Deepfake technology. In the arena of politics, we expect deepfakes to be leveraged as a tool to discredit candidates and push inaccurate political messages to voters via social media.
5G offers unprecedented data theft speeds
Fifth generation cellular network technology (5G) allows data transfer at a 10 times faster rate than 4G. While this appears to be a promising service for organisations, the more reliable connectivity and lower latency of 5G will also work in favour of determined employees wishing to transfer swathes of corporate data. With the roll-out of 5G continuing in 2020, cybersecurity stack needs to have visibility and control of such data movement else organizations risk being unable to identify data theft at the speed necessary.
Organizations will become “Cloud Smart” but remain “Cloud Dumb”
As organisations increase their adoption of cloud infrastructure, we should expect to see greater and greater breaches of Public Cloud systems. Even as enterprises move to a Cloud Smart or even Cloud First agenda to streamline their digital transformation journey, when it comes to securing these cloud infrastructures, they continue to remain “Cloud Dumb” due to the prevalent misconception that cloud providers will also secure the infrastructure.
Attackers will have a renewed focus on Public Cloud accessible systems and data in 2020 and beyond due to the richness of the prize and ease of accessing it. While cloud service vendors are responsible for protecting the infrastructure, the onus of protecting business critical data lies on the enterprise by monitoring access, managing configurations, and analysing risky user behaviours. We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous.
Businesses will mature in their approach to data/privacy protection legislation
There is greater awareness on the need for data privacy amidst organizations and individuals, due to regulatory implementations following the European Union’s General Data Protection Regulation (GDPR) and the upcoming Indian cybersecurity policy. Organizations around the globe have observed that maintaining an individual’s (customer’s) privacy and protecting their data can be a differentiator of the business’s service. We expect this trend to continue into 2020 and beyond. Furthermore, in 2020 organizations will explore the non-breach non-compliance implications of data privacy and protection regulations. This will invoke a move from a breach prevention approach to a more holistic principles-based approach. Currently, many businesses are manually compliant to the regulations, in that, should they receive a high volume of Subject Access Requests under GDPR. Moreover, compared to the fines levied in 2019 we can expect 2020 to observe an exponential increase with regard to the size and quantity of fines that Supervisory Authorities will bring to bear on offenders.
Cybersecurity strategies will incorporate a move from Indicators of Compromise (IoC) to Indicators of Behaviour (IoB)
In 2020, there will be a marked increase in the number of organizations recognising the need to enhance their IoC-based threat intelligence with the contextual insights of behavioural indicators. A shift to Indicators of Behaviour will better protect their data in the modern network environments that support anytime, anywhere working. As such business’s cybersecurity strategies will shift from an outside-in approach (looking at how external attackers are seeking to penetrate a perimeter) to one of an inside-out approach (understanding the risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application).
“There is an urgency among businesses to safeguard their data and people, as attackers are increasingly harnessing new technologies and techniques to launch attacks on intellectual property and critical data. said Surendra Singh, senior director and country manager, India & SAARC, Forcepoint. “By shifting from the outside-in approach to inside-out approach and keeping users and data at the centre of their cybersecurity design thinking, it will help organizations mitigate threats in near-real time in today’s sophisticated threat landscape.”