Predictions for IT security in 2020
How are the risks to IT evolving? Experts agree: IT security in 2020 will once again require a great deal of attention. One expert gives her initial forecasts.
Based on security developments over the past few years, conclusions can be drawn about what is likely to happen in cybersecurity over the next twelve months. Here are the most important trends for IT security in 2020, which are Check Point expected.
Technological predictions for 2020
- Targeted ransomware - In 2019, ransomware attacks were targeted against businesses, local governments, and healthcare facilities. Attackers spend a lot of time gathering information about their victims to make sure they can ensure maximum damage. The amount of ransom demanded is driven up accordingly. The attacks have become so effective that even the FBI has softened its stance on paying ransoms: The agency now recognizes that in some cases, affected companies must consider paying to protect shareholders, employees and customers.
- Phishing attacks go beyond email traffic - While email remains the number one attack vector, cybercriminals also use a variety of other methods to steal personal data, credentials, or even money from their victims. Phishing increasingly includes SMS attacks on cell phones or the use of messenger solutions on social media and gaming platforms.
- Mobile malware attacks intensify - In the first half of 2019, mobile banking malware attacks increased by 50 percent compared to 2018. Such malware can steal payment data, access information and funds from victims' bank accounts. New versions are even available on the dark net for distribution by anyone willing to pay the malware's developers - similar to a franchising process. Phishing attacks are also becoming more sophisticated, effective and lure mobile users to click on malicious web links.
- The rise of cyber insurance - More cyber insurance policies are being taken out by companies and public institutions. Insurance companies will continue to direct their policyholders to pay ransoms, as this can be cheaper than the cost of restoring systems after an attack. This will in turn lead to more attacks on the one hand and rapid growth of the cyber insurance industry on the other.
- More IoT devices bring more risks - With the rollout of 5G networks, the deployment of IoT devices will accelerate dramatically, but at the same time massively increase the vulnerability of networks to large-scale, multi-vector Gen V cyber attacks. IoT devices and their connections to data centers and clouds remain a weak point in security: it is difficult to get an overview of all connected devices. Furthermore, their security is designed to be very complex. All companies need to develop a more holistic approach to IoT security that combines traditional and modern controls. Only then can these ever-growing networks be protected across all industries and business sectors.
- More personal data because of 5G - The bandwidths enabled by 5G will trigger an explosion of connected devices and sensors. So-called eHealth applications collect data about users' well-being, connected car services monitor users' movements. Smart city programs also collect information about how citizens live. This ever-growing volume of personal data must be protected from breaches and theft.
- AI will accelerate security responses - Most security solutions are based on detection models, designed according to human logic. To make them ready for the latest threats and keep them on the cutting edge of technologies and devices, artificial intelligence (AI) is needed. AI dramatically speeds up the identification of new threats and how to respond to them. It also helps block attacks before they can spread. However, cybercriminals are also beginning to use the same techniques to effectively scan networks for vulnerabilities and develop appropriate malware.
- Security solutions with the speed of DevOps teams - Companies already run a large part of their workloads in the cloud, but the level of knowledge about securing the cloud remains low. The principle of shared responsibility has not yet fully penetrated the consciousness of those responsible. Security solutions must evolve to new, flexible cloud-based architectures that provide scalable protection at the speed of DevOps teams.
- Enterprises rethink their cloud approach - Due to the increasing reliance on public cloud infrastructures, enterprises are at risk of outages. As an example, Google Cloud's operational disruption in March 2019, enterprises will look at their existing data center and cloud concepts and consider hybrid environments of private and public clouds as well as data centers.
Conclusion for IT security in 2020
No one can really see into the future and actually predict which security threats will be important or which issues will become significant in 2020. But probabilities can be assessed and what is certain is that today's widely connected world creates more opportunities for cybercriminals and every IT environment becomes a potential target: local networks, cloud, mobile and IoT devices. Nothing is untouchable. Therefore, businesses and users need to arm themselves. One tool is to consider already known advanced threat intelligence to build unified security architectures. This allows companies of all sizes to protect themselves against the new attacks, automate defenses as much as possible, specialize, and look forward with more peace of mind to the threats the new year holds for them.
Author:
Sonja Meindl is Check Point Country Manager Switzerland and Austria.