The pace of change in cybersecurity is quickening as technologies like 5G and artificial intelligence enable new services, products and modes of communication. Though varied in their uses—from consumer goods and smart cities to the Industrial Internet of Things—and in their level of maturity, nearly all are defined by growing connectivity and the risks and opportunities inherent therein.
This interconnectivity is one trend from 2019 that will help define 2020. By analyzing it along with other macro trends spotted in the previous year, we can make the following 2020 cybersecurity predictions with at least some degree of confidence.
Uncommon Attack Techniques Will Emerge in Common Software
Cybersecurity is improving each day, and that means most organizations are aware of common cyberattacks. So, in 2020, malicious actors will turn to uncommon techniques instead. Steganography, the process of hiding files in a different format, is one of these uncommon attack vectors, and it will grow in popularity as online blogs make it possible for threat actors around the world to grasp the technique.
Recent BlackBerry research found malicious payloads residing in WAV audio files, which have been utilized for decades and are categorized as benign. As companies become wary of these normally safe files, they will look for ways to secure less commonly weaponized file formats, like JPEG, PNG, GIF, etc. without hindering users as they navigate the modern computing platforms. Businesses will also begin to recalibrate how legacy software is defined and treated, and effectively invest in operational security around them.
Changing Network Topologies Challenge Traditional Assumptions, Require New Security Models
5G deployment began in 2019 and will accelerate dramatically in 2020. Its implementation will force governments and enterprises to adopt cybersecurity strategies that address network-based threats that can compromise the availability and integrity of 5G networks. As cities, towns and government agencies overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities created by the expansion of bandwidth that 5G requires and that creates a larger attack surface.
Governments and enterprises will need to retool their network, device and application security, and many will lean toward a zero trust approach for identity and authorization on these 5G networks. To keep up with malicious actors, threat detection and threat intelligence must be driven by AI and machine learning.
Increased Cyber/Physical Convergence
The fourth industrial revolution heralds the convergence of the cyber and physical realms. And as all sectors increasingly rely on smart technology to operate and function, the gap between the two will officially disappear in 2020. This is evident given the recent software bug in an Ohio power plant that impacted hospitals, police departments, subway systems and more in both the U.S. and Canada. Attacks on IoT devices have a domino effect and will challenge leaders to think of unified cyber-physical security strategies to secure a hybrid threat landscape. As a result, cybersecurity will be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it.
State and State-Sponsored Cyber Groups Are the New Proxy for International Relations
Since the introduction of the internet, Russia, China, Iran and North Korea are widely considered the major players in cyber espionage. In 2020, a new set of countries will join these established actors by copying the Big Four’s tactics, techniques and procedures (TTPs) and directing them against rivals both inside and outside their national borders. Mobile cyber espionage will also rise as a common threat vector due to the growing number of organizations that allow employees to use personal devices on company networks.
Threat actors will use BYOD policies to perform cross-platform campaigns that leverage both mobile and traditional desktop malware. In fact, recent research discovered significant nation state-based mobile cyber espionage activity from the four mentioned above and state-sponsored groups in Vietnam. These types of attacks are likely to proliferate further in 2020. That will make it more difficult for governments and enterprises seeking to attribute these attacks as they face a growing number of actors and endpoints on a larger scale.
These predictions stem from a sober assessment of the cybersecurity landscape we currently inhabit. As we move into the next decade, it’s imperative that such predictions—which stem from known trends—are acted on as quickly and effectively as possible. Doing so will ensure that the promise of next-generation technology is not derailed, but rather the beginning of a transformative decade to come.