Are you digitally secure? That question's likely to send a shiver down the spine of anyone with an internet connection. But, it can be a little misleading. In reality, it's virtually impossible to be one hundred percent secure online.
When it comes to online security, the real chore is mitigating risk in a never-ending virtual arms race against hackers, phishers, and bad actors everywhere. To stay on top of security and privacy issues, it's necessary to check out the latest trends on a regular basis. So, at the dawn of a new decade, we decided to do just that.
Tech.co reached out to dozens of security experts and analysts to see what growing concerns or soon-to-manifest shakeups the security industry might be weathering in 2020. We learned about the risks inherent to popular tech innovations like smart homes and cryptocurrency, as well as the impact of outside factors like nation-state hackers and increasing automation.
Here, we've broken down the biggest security concerns of 2020 into seven different predictions.
- Managed service providers will be targeted
- We'll see more security automation
- Cryptocurrency will wind up in the crosshairs
- Smart homes will remain easy targets
- Governments will upgrade their security systems
- Security will be key for decentralized architectures
- Businesses should reexamine third-party assessors
Managed service providers offer a way for small and midsize businesses to offload their IT needs to a third party. But in 2019, the number of attacks on managed service providers started to increase. A worrying 74% were cyber-attacked, and 83% reported that their customers had seen a cyber attack as well.
Brian Downey, Vice President Product Management at Continuum, believes these trend will only get worse in the near future.
“While this pattern will not be new in 2020,” Downey predicts, “the exponential growth in this method of attack, as well as the accountability of the service provider, is something we expect will continue in the next year. As cybercrime continues to evolve and become more complex, it will be more important than ever in 2020 for both sides to work together to take a proactive, collaborative approach in the upcoming years to protect themselves from cyberattacks.”
What actionable steps can managed service providers take to prep for attacks? Stronger education, paired with an “increased investment in cybersecurity training programs,” according to Downey. Increased automation might help, too…
IT professionals know the score. Opting for automation over manual labor is always a faster choice. And, given the fast-growing onslaught of hack attempts and security risks, automation might be the only choice.
“Security teams are exhausted by the copious amounts of alerts (namely, false positives) they receive daily. 2020 will see a rise of integrating automation into the workflow of security teams,” comments Anuj Goel, cofounder and CEO at Cyware Labs.
“Utilizing automation will not displace analysts from their jobs but empower them to conduct other types of work, eliminating the extensive manual tasks that currently take them away from thwarting the threats that really matter.”
The benefits of automation, Goel explains, include better collaboration between security teams and administrators, letting them effectively limit risk, identify and respond proactively to the biggest issues, and explain priorities to the C-suite.
Gary E. Barnett, CEO of Semafone, puts it more simply: automation saves money.
“This rise [of automation] will be partly due to the shortage of human cybersecurity professionals and the need for automation to fill the gaps,” Barnett says. “Growth in Robotic Process Automation (RPA) technology adoption will continue to be steady – as the technology provides huge cost savings for organizations and a mass reduction in repetitive administrative tasks for staff.”
Ultimately, automation makes sense in particular for cybersecurity, since the threats themselves are largely automated in the first place.
Aaron Higbee, the cofounder & CTO at Cofense, has probably the most concise summary of how we all think about crypto. “The cryptocurrency industry,” he notes, “is not widely understood.”
However, it is on the receiving end of tech's most sophisticated security attacks, Higbee goes on to add.
“Whether it’s a high-profile crypto holder or an entire cryptocurrency exchange, we’ve seen first-hand at Cofense how this realm of cyberspace is impacted by elite phishing tactics.”
Hackers target cryptocurrencies from two angles, he explains. Firstly, they look at solo cryptocurrency holders, trying to determine if their line of defense is weak enough to breach, typically through determining the user's password, logging in, and transferring the currency to their own account. Second, they look at the employees of a larger cryptocurrency holder, often trying a phishing attempt that may allow the bad actor to “hack into your entire network and dig deep enough to access the cold storage vaults and pull off a heist,” Higbee says.
“The latter is far more likely, as organizations often neglect to train their employees to identify malicious emails. They mistakenly believe that more expensive, ‘we-promise-to-stop-it-all' technologies will thwart every attack. The reality is that the circle of trust at some organizations is so large that their employees are really the first and last line of defense against an attack.”
Ultimately, keeping your crypto vaults safe may be as simple as keeping your employees well-versed on common phishing practices, ensuring that the would-be hacker moves on to a more vulnerable target.
Cryptocurrency has a rival industry in the “incredibly vulnerable to attack” stakes – smart homes. Smart-device-filled homes must remain constantly connected to the internet in order to function. The Internet of Things (IoT) once hacked, can be accessible from any location with an internet connection.
Predicting more hacked smart homes in 2020 is almost too easy. We've already seen a host of frankly horrifying IoT hacks, including security researchers who uncovered a security flaw in one model of pacemaker. Only last month, when reports surfaced of Amazon Ring cameras getting hacked in four different states.
“Cyberattacks on IoT-enabled smart home devices will continue to grow,” says Igor Rabinovich, CEO and founder of Akita. “Hackers' favorite targets will continue to be low-hanging fruit, like security cameras and virtual assistants such as Alexa and Google Home.”
How will IoT-focused startups deal with the PR crisis that even the possibility of a hack will propel them into? It's an open question as we start a new year in which the general public's awareness of privacy-violating hacks is higher than ever.
Outside of the retail sector, it's easier to predict the response to increasing security dangers: Governments will start allocating more funds to fighting the hacker scourge.
And, with the 2020 Olympics on the horizon, alongside what's sure to be a down-and-dirty US presidential election, this year will present lots of opportunities for those security systems to kick into gear.
“Governments worldwide are targets of sophisticated attacks from nation-state actors and other nefarious users,” comments Shane Buckley, President and Chief Operating Officer at Gigamon. “As governments implement digital transformation to increase efficiency and effectiveness for their citizens, they will also need to upgrade their systems to support capabilities like the Continuous Mitigation & Diagnostics (CDM) program implemented by the US government to enhance their network security.”
Granted, not all governments are equal when it comes to online security. It's already too late for the US to improve its demonstrably shoddy voting systems, according to a few tech experts we consulted for our previous roundup of 2020 predictions. “We’ve run out of time to find and correct the bugs in these machines before the 2020 election,” notes Bitglass CTO and cofounder Anurag Kahol, rather troublingly.
Patrick Lastennet, Director of Enterprise at Interxion, calls attention to the shift away from centralized infrastructures and their on-premises data centers. But, more organizations are opting for decentralization, using third-party services to handle a range of chores.
This is the flipside of the increased risk to managed service providers we brought up earlier in this article: Not only will those third-party service providers need to boost security, but their clients will also deal with a distributed environment that is increasingly complex to secure.
“[Network architecture is] transitioning toward a decentralized model where enterprises can tap cloud providers, SaaS platforms and proprietary data centres, which makes for a far more distributed architecture,” says Lastennet. “And, as organizations think about their more decentralized architectures and the requirements for seamless connectivity across platforms and environments, rethinking their security strategy as part of that will be critical.
“To have a successful distributed architecture, enterprises need a security strategy that combines physical and network security with robust encryption key management to mitigate threats without inhibiting performance.”
Any decentalized operations that commit the cardinal sin of cutting pre-emptive security costs will likely pay the price in 2020.
Another third-party security risk to keep in mind? The companies that help organizations assess security risks and challenges.
If an organization doesn't occasionally overhaul the procedures that an assessor uses, it won't be keeping up to date with the latest security concerns.
Fred Kneip, CEO at CyberGRX, argues that the way in which third-party cyber risk assessments are carried out should be re-examined, with an eye towards boosting both efficacy and efficiency.
“We have some customers that were assessed nearly 5,000 times in 2019 and many others who were previously struggling to effectively assess their evolving population of third parties,” Kneip explains.
“Employing a dynamic approach to third-party risk assessments would not only significantly reduce the human-hours required to complete them but enable organizations to share and exchange standardized data – ultimately increasing each organizations’ security posture through better visibility and increased collaboration.”
The security challenges of 2020 are many and varied, ranging from nationwide attacks from state-sponsored hackers, to the individual dangers faced by anyone with an IoT-powered security camera.
Still, the best practices remain the same. Moving forwards, we all need to keep learning the new tricks used by the top hackers and phishers, and we need to use that knowledge to update our security, whether at home or in the office.