1) More and bigger attacks – An increase in cyber attacks will certainly happen in 2020. The continued integration of applications and systems (often spanning multiple organisations, but with little end-to-end oversight) will lead to bigger, wider reaching attacks. Future cyber attacks will have the power to affect an entire business, especially those that are ‘born in the cloud’, whereas until recently, such attempts would likely be limited to taking down a firm’s website or one specific element of the business.
2) The cloud compromise – With the sharp increase in moving workloads to the public cloud, it is likely there will be more opportunity for hackers to use new technology to compromise a business. The convenience and ease of access of cloud increases the risk, such as the single-sign-on functionality for many applications. As a result, it’s likely we will see organisations fail to implement software security features sufficiently, thereby enabling hackers to gain access to accounts and the rest of the corporate network through lax folder permissions or phishing attacks.
3) The AI arms race heats up – Artificial intelligence (AI) will be used a lot more in cyber security solutions to stop threats and mitigate risk. Activities that used to be laborious manual tasks by human analysts will become automated. In the same vein, cyber criminals will also use AI and machine learning to develop malware with self-evolving code that will learn and try another approach if blocked from an organisation’s network. This will mark the beginning of a shift to an AI “arms race” between attackers and defenders of systems, with organisations that are slow, or lack the skills to effectively implement new AI-based controls, becoming increasingly vulnerable.
4) Attacks from inside social media – Social media is already a well-established avenue for social engineering, but moving into 2020 we will see more phishing attacks coming from social media posts themselves; cyber criminals setting up fake accounts (known as Sockpuppets), befriending individuals and interacting with them to foster trust. The end game could be getting them to divulge personal or company information or stealing their logon details. New technological developments, such as convincing AI-generated faces and “Deepfakes” make the identification of Sockpuppets considerably more challenging. We can also expect to see developments in the use of AI/automation to identify the type of Sockpuppet a given user will be most receptive to, in order to make these more tailored to their target and therefore more likely to be accepted.
5) Weaponising IoT and 5G – As the cost comes down and the adoption of 5G grows, so too will the number of connected devices, opening the doors to bigger attacks by cyber criminals. Many organisations still fail to adequately segregate insecure Internet of Things (IoT) and 5G-enabled devices from the rest of their network, making these a popular “stepping stone” allowing attackers to reach higher value targets. Cyber attackers will be rubbing their hands at the growing opportunity to compromise systems and networks, as more and more devices become connected to the internet.
“As we move into a new decade it is more important than ever that businesses keep abreast of the latest cyber security developments. There’s no room for complacency; organisations need a layered cyber security strategy to mitigate risk and stay ahead of attackers,” says Anthony Young, Director at Bridewell Consulting.
[…] of the trends we’ve seen throughout 2020 are likely to spill over into 2021. And if we’re being honest, it’s hard to know exactly how […]