10 Cybersecurity Predictions for 2020
As organizations look to make well-informed business decisions to maximize business opportunities and minimize the negative impacts of cyber fraud and costly data breaches, it’s critical to stay current on the changing cybersecurity landscape.
As we begin a new digital decade, the following data and cybersecurity predictions may help organizations and their leaders focus their efforts.
1. Continued Global Shortage of Cybersecurity Talent
There continues to be an on-going underinvestment in cybersecurity education, training, and certification programs at the undergraduate, graduate, and continuing education levels. Combined with the incredible increase in cyberattacks globally, this has resulted in a significant shortage of cybersecurity professionals and related data scientists required to meet the increased cybersecurity demands worldwide.
2. Growth of Zero Trust Cyber Data Architecture
Increasingly, organizations are adopting the Zero Trust software architecture approach to thwart the damages of cyber-attacks. The Zero Trust Architecture method is designed to create micro-perimeters within information systems to increase data segmentation and establish micro-firewalls within the network to reduce the ease of lateral movements by cyber-attackers within an information system once an intrusion has occurred.
3. Rise of Insider Threat Cyber-Attacks
As organizations improve their overall integrated cyber defense via enhanced investments in: cybersecurity training, encryption, multifactor authentication, zero trust architecture, advanced data analytics, continuous diagnostics, monitoring, detection, and incident response; often using machine learning and/or leveraging new blockchain technologies; then cyber-attackers will seek to by-pass all of the security measures by bribing employees who have restricted-access to valuable intellectual property and key data assets in order to steal the data.
4. Expansion of IoT Cyber-Attacks
According to Symantec, the number of Internet of Things (IoT) connected devices is estimated to rapidly increase from 10 billion devices in 2017 to over 26 billion devices by the end of 2020. With the tremendous increase in the number of Internet-connected devices, it is anticipated that there will be a dramatic increase in the number of cyber-attacks on IoT connected devices, especially medical devices.
5. Growth of Distributed Denial of Service (DDoS) Cyber-Attacks
The significant success of Distributed Denial of Service (DDoS) cyber-attacks in the past few years suggests that these cyber-attacks will continue to increase worldwide, especially in the retail, consumer products, and critical infrastructure industries, where they have experienced the greatest impact.
6. Increase in Cyber-Impersonation Attacks and Business Email Compromise (BEC) Attacks
During the past 18 months, the use of socially engineered cyber impersonation attacks and Business Email Compromise (BEC) attacks have grown exponentially in both number and sophistication. Specifically targeting senior executives in both government agencies and the private sector to re-direct payments to cyber-attackers, usually intended for business partners or suppliers.
7. Explosion in the Use of Machine Learning or Artificial Intelligence to Combat Cyber-Attacks
Organizations worldwide are exploring numerous use cases to implement machine learning and/or artificial intelligence, to enhance proactive cyber defense tactics and optimize cyber-attack monitoring, intrusion detection, and incident response capabilities.
8. Exploitation of Cyber Weakest Link Attacks on Supply-Chains
With the success of cyber-attacks on global supply-chains across numerous industries, including: oil, gas, energy, defense, aerospace, healthcare, manufacturing, retail, and consumer products; expect an increase of cyber-attacks targeting the most vulnerable organizations in supply-chain networks, which are usually small business vendors/third-party suppliers, in order to gain access to the intellectual property of larger organizations.
9. Lack of Empowerment in CISO Role
Too many organizations have not adequately empowered and supported their Chief Information Security Officer (CISO) with the funding, resources, and senior executive commitment to ensure an appropriate level of cyber defense. Most organizations continue to care far more about the organization’s network data capacity, ease of data access, and software applications than the protection of the data assets and the resilience of the information system from damaging cyber-attacks.
10. Increasingly Complex Cybersecurity and Data Privacy Regulatory Landscape
As companies all strive to protect themselves and their personal identifiable information from the growing number of cyber fraud cases and cyber data breaches, the number and complexity of new cybersecurity and data privacy laws, regulations, standards, and contractual requirements, are rapidly increasing. This results in the rise of potential civil and criminal penalties for non-compliance, including: European Union (EU) General Data Privacy Regulation (GDPR), ISO 27001 Information Security Standard, National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (RMF), the Payment Card Industry (PCI) Data Security Standard (DSS), the New York Department of Financial Services (NYDFS) Cybersecurity requirements for financial institutions, and the California Consumer Privacy Act (CCPA), just to name a few.
|More Cybersecurity Insights:|
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented was obtained from sources deemed qualified and reliable; however, MFA makes no representations as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.