Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingIdentity ManagementCybersecurity News

Top Four Security Predictions for 2020

By Hal Lonas
SEC0419-leadership-feat-slide1_900px
January 24, 2020

The total cost of data breaches is expected to increase nearly 70 percent over the next five years, from $3 trillion in 2019 to more than $5 trillion in 2024, according to a recent Juniper Research report. Given the rising damages along with cybercriminals’ continually evolving tactics, it’s more critical than ever for organizations to not only protect against current threats but also understand and protect against evolving threats and tactics. Below are the top four security predictions that researchers and other executives at cybersecurity firm Webroot believe businesses should be aware of moving into 2020.

 

Phishing and Other Social Engineering Scams Will Become Even More Sophisticated, Targeted and Believable

The most surprising and concerning finding from Webroot’s annual 2019 Nastiest Malware Report released in October was a dramatic growth in the complexity and sophistication of phishing attacks and other social engineering scams.

For example, business email compromise (BEC) was one of the most prevalent campaigns of the year – increasing 100 percent over 2018. These types of attacks require cybercriminals to impersonate their victim’s boss or colleague over email and convince the victim into sending wire transfer payments or sharing credentials. The attacks need to be tailored to each individual victim, making them difficult to launch, but also more lucrative. According to the FBI, BEC scams have caused over $26 billion in losses in the past three years.

Unfortunately, we expect this trend of highly targeted social engineering scams to continue. As security intelligence director Grayson Milbourne pointed out, “Phishing will become more targeted as data collected from breaches is incorporated into the phishing email. Things like passwords and recent transactions can go a long way in convincing people the email is legit.”

In addition to becoming more targeted, complex and damaging, social engineering attacks are also becoming more common. In fact, Webroot’s Mid-Year Threat Report released in October found that phishing attempts increased by 400 percent from January to July 2019.

 

Emotet Will Remain the Nastiest Malware for the Third Year in a Row

Webroot found that the Emotet botnet was the most prevalent and persistent strain of malware in 2018 and 2019, despite being shut down from June to September 2019. It held onto this notorious title by continuing to evolve and wreak havoc in different ways, whether by delivering cryptomining payloads or ransomware infections via Trickbot/Ryuk or Dridex/Bitpaymer.

Given its variety of attack methods and ability to evolve, there’s no reason to believe this won’t continue in 2020. Jason Davison, advanced threat research analyst, believes the botnet won’t just be the largest but also most persistent: “Emotet will continue to be the front runner in terms of both botnet size and malspam distributed.”

 

As the AI Cat-and-Mouse Game Continues, Organizations Will Need Capable AI-Powered Solutions – Not Just AI Components and Claims

AI has reached an unprecedented level of hype in the security industry. Promises have been made and broken; untold marketing expenditure has been made on promoting AI's virtues and unverified claims. With adversarial attacks against AI-based security products growing in scope and complexity, it will eventually be evident which solutions are actually AI-powered and which are mostly hype. As described by Joe Jaroch, senior director of product strategy, “There will be a bifurcation in AI providers with attacks highlighting which systems are vulnerable to sophisticated attackers. It will become clear that there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature, and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.”

Additionally, we will see tangible gains by organizations that are using AI technology in pragmatic approaches to solving security problems. This includes humans and AI tools partnering to do what each is best at – humans to unravel unseen new threats and create defenses, and AI to automate real-time detection of threats at electronic speeds and volumes.

On the adversarial side, in addition to leveraging AI to launch larger and more complex attacks, there is no doubt we will see more AI experimentation by cybercriminals. One concerning likely scenario is the implementation of AI in the production of deepfakes, where it could be used to automatically edit out artifacts and "glitches" that can be used today to differentiate between real and fake. Eventually, we will see a world where we will not be certain that the entity on the other end of any conversation – phone call, email, text, tweet, article, or feed – is human or not.

 

Cyber Insurance Will Gain Adoption, Especially in Government and Eventually for the Automotive Sector

Cyber insurance is booming, with the U.S. market reaching $1.8 billion in 2018, three times what it was in 2015. But still, only 51 percent of organizations are leveraging cyber insurance. This number will rise substantially as the costs of cybercrime continue growing and organizations realize that the benefits of taking preventative measures far outweigh the cost of doing nothing – particularly for government institutions.

“Local governments and state offices remain easy targets for large, well-structured threat actors,” said Jason Davison, advanced threat research analyst. “Getting ransomed for $600,000 is only fun so many times. Why not get cyber insurance to help stop the bleeding?”

After bleeding to the tune of $18 million as the result of a ransomware attack in May, Baltimore recently approved a cyber insurance plan to help protect against future attacks.

However, it should be noted that despite better protecting themselves financially, organizations that leverage cyber insurance should be prepared to face more attacks because they tend to be lucrative targets for cybercriminals.

“We will continue to see the low-hanging fruit of smaller cities and municipalities being targeted, particularly where there is a high prevalence of cyber insurance in place, where insurers find the ransom cost lower than remediation costs,” said senior solutions architect Matt Aldridge. “Hopefully as this part of the insurance industry evolves it will work more closely with cybersecurity vendors and service providers to ensure that insured parties are properly protected from the majority of threats.”

While the government sector is already a common target among cybercriminals today, security analyst Tyler Moffitt anticipates attacks on the automotive sector – and in turn, the sector’s adoption of cyber insurance – also growing in 2020 and beyond.

“Having cybersecurity protection and insurance coverage for cyberattacks on cars will become the norm down the road. Cybercriminals will take advantage of new unique automotive vectors to exploit, including unmonitored charge points for electric cars, as well as advanced software platforms on today’s cars that manufacturers are incredibly slow to react to and patch. I anticipate that we will eventually see a proof of concept on ransomware for cars as well,” he says. 

Cybercrime cost businesses an average of $13 million each in 2018, a 12 percent increase over 2017, according to the Ponemon Institute – despite businesses spending an average of $1.45 million each on cybersecurity, according to Hiscox’s 2019 Cyber Readiness Report. Clearly, organizations need to adjust their approach, particularly by accounting for and protecting against emerging and future threats in addition to current threats.

KEYWORDS: artificial intelligence (AI) cyber insurance cyber security cybersecurity data breaches malware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Hal lonas

Hal Lonas is Chief Technology Officer at Carbonite. Lonas brings more than 25 years of experience to his role as Chief Technology Officer for Carbonite. Previously, he was the Chief Technology Officer at Webroot, where he led the creation of the first cloud native security platform. Lonas is a well-known innovator in the machine learning space and a champion of automation in technology. He also has co-authored several patents and holds a B.S. in Aeronautics and Astronautics from MIT. You can find him on Twitter @hlonas. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0819-Edu-Feat-slide1_900px

    2020 Cybersecurity Predictions: Four 2019 Trends That Will Solidify in the New Year

    See More
  • cyber6-900px.jpg

    Security Predictions for 2020

    See More
  • dataminr-connected tissue

    Predictions: Safety and Security Trends for 2020 and Beyond

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing