Cyber Predictions - Code and Keyboard

10 Cybersecurity Predictions for 2020

As organizations look to make well-informed business decisions to maximize business opportunities and minimize the negative impacts of cyber fraud and costly data breaches, it’s critical to stay current on the changing cybersecurity landscape.

As we begin a new digital decade, the following data and cybersecurity predictions may help organizations and their leaders focus their efforts.

1. Continued Global Shortage of Cybersecurity Talent

There continues to be an on-going underinvestment in cybersecurity education, training, and certification programs at the undergraduate, graduate, and continuing education levels. Combined with the incredible increase in cyberattacks globally, this has resulted in a significant shortage of cybersecurity professionals and related data scientists required to meet the increased cybersecurity demands worldwide.

2. Growth of Zero Trust Cyber Data Architecture

Increasingly, organizations are adopting the Zero Trust software architecture approach to thwart the damages of cyber-attacks. The Zero Trust Architecture method is designed to create micro-perimeters within information systems to increase data segmentation and establish micro-firewalls within the network to reduce the ease of lateral movements by cyber-attackers within an information system once an intrusion has occurred.

3. Rise of Insider Threat Cyber-Attacks

As organizations improve their overall integrated cyber defense via enhanced investments in: cybersecurity training, encryption, multifactor authentication, zero trust architecture, advanced data analytics, continuous diagnostics, monitoring, detection, and incident response; often using machine learning and/or leveraging new blockchain technologies; then cyber-attackers will seek to by-pass all of the security measures by bribing employees who have restricted-access to valuable intellectual property and key data assets in order to steal the data.

4. Expansion of IoT Cyber-Attacks

According to Symantec, the number of Internet of Things (IoT) connected devices is estimated to rapidly increase from 10 billion devices in 2017 to over 26 billion devices by the end of 2020. With the tremendous increase in the number of Internet-connected devices, it is anticipated that there will be a dramatic increase in the number of cyber-attacks on IoT connected devices, especially medical devices.

5. Growth of Distributed Denial of Service (DDoS) Cyber-Attacks

The significant success of Distributed Denial of Service (DDoS) cyber-attacks in the past few years suggests that these cyber-attacks will continue to increase worldwide, especially in the retail, consumer products, and critical infrastructure industries, where they have experienced the greatest impact.

6. Increase in Cyber-Impersonation Attacks and Business Email Compromise (BEC) Attacks

During the past 18 months, the use of socially engineered cyber impersonation attacks and Business Email Compromise (BEC) attacks have grown exponentially in both number and sophistication. Specifically targeting senior executives in both government agencies and the private sector to re-direct payments to cyber-attackers, usually intended for business partners or suppliers.

7. Explosion in the Use of Machine Learning or Artificial Intelligence to Combat Cyber-Attacks

Organizations worldwide are exploring numerous use cases to implement machine learning and/or artificial intelligence, to enhance proactive cyber defense tactics and optimize cyber-attack monitoring, intrusion detection, and incident response capabilities.

8. Exploitation of Cyber Weakest Link Attacks on Supply-Chains

With the success of cyber-attacks on global supply-chains across numerous industries, including: oil, gas, energy, defense, aerospace, healthcare, manufacturing, retail, and consumer products; expect an increase of cyber-attacks targeting the most vulnerable organizations in supply-chain networks, which are usually small business vendors/third-party suppliers, in order to gain access to the intellectual property of larger organizations.

9. Lack of Empowerment in CISO Role

Too many organizations have not adequately empowered and supported their Chief Information Security Officer (CISO) with the funding, resources, and senior executive commitment to ensure an appropriate level of cyber defense. Most organizations continue to care far more about the organization’s network data capacity, ease of data access, and software applications than the protection of the data assets and the resilience of the information system from damaging cyber-attacks.

10. Increasingly Complex Cybersecurity and Data Privacy Regulatory Landscape

As companies all strive to protect themselves and their personal identifiable information from the growing number of cyber fraud cases and cyber data breaches, the number and complexity of new cybersecurity and data privacy laws, regulations, standards, and contractual requirements, are rapidly increasing. This results in the rise of potential civil and criminal penalties for non-compliance, including: European Union (EU) General Data Privacy Regulation (GDPR), ISO 27001 Information Security Standard, National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (RMF), the Payment Card Industry (PCI) Data Security Standard (DSS), the New York Department of Financial Services (NYDFS) Cybersecurity requirements for financial institutions, and the California Consumer Privacy Act (CCPA), just to name a few.

Contact Us

More Cybersecurity Insights

Joseph Landry

Joseph Landry

CISA, CISM, CRISC
Partner

Connect with Joe

Related posts
Protect Against Tax Filing Scams

How to Protect Yourself Against Scams This Tax Filing Season

Tax filing season is underway, and unfortunately with that comes the influx of cybersecurity scams…

Read More
Best of MFA Insight Articles 2019

MFA Insight Articles: The Best of 2019

As 2019 comes to a close, we’re taking a look back at some of our…

Read More