New Year, New Threats?
Working in cybersecurity requires a little bit of a futurist mindset. A smart infosec manager won’t make any promises about what is to come, but doing a little crystal ball gazing (and, frankly, worst case scenario planning) comes with the territory of doing the job well.
2020 promises to be a doozy of a year in terms of planned national and international events. The American presidential election looms large, as do the summer Olympics in Tokyo. And Brexit appears to be on the brink of maybe actually happening in late January. Against the backdrop of all these major events, cyber threats continue. Let’s dive into the top trends predicted for this year.
Deepfake on the Rise
Deep Trace Labs’ 2019 report revealed that the majority of existing deepfake videos on the web are sexually explicit content featuring female celebrities. However, there has been a marked rise in deepfaked video that uses the likenesses of politicians and business leaders. Deep Trace notes that outside of politics, deepfakes are being used to “enhance social engineering against businesses and governments.”
Of note in 2019: an AI-generated voice was used to convince a UK energy firm CEO to wire $243,000 (USD) to a scammer. The voice mimicked the firm’s parent company’s director and was convincing enough to carry tones of his “subtle German accent.” Watch for more deepfakes of executives and other decision makers in 2020.
Expect deepfake to increasingly be a component of ransomware. People will be bullied into paying to keep (faked) video or audio of themselves in compromising situations out of the public eye. We will also see “deepfakes-as-a-service” arise for both “fun” and malicious purposes, with a few companies already on the scene offering (they promise) ethical uses of the technology.
Bottom line: Deepfake is just a new way to lie. As with every other form of deceit, people (employees, customers, end users) have to be taught to recognize it. Count deepfake recognition among your top education goals of 2020.
Geopolitics and Cyberthreats
As political tensions worldwide grow, the likelihood of state-sponsored cyber attacks increases. With unofficial support from nation-states, criminals will be working to manipulate public opinion, steal political secrets, influence events, and cause data breaches that benefit their preferred faction.
2019 was the year of ransomware targeting cities, counties, and other U.S. municipalities. At least 174 municipal entities suffered a ransomware attack in 2019–a 60% year-over-year increase. Hackers and nation-state attackers may be even more active during this U.S. election year, targeting the systems that run our day-to-day lives–such as utilities–with ransomware, DDOS, and other attacks.
State-Level GDPR Legislation
In 2020, the GDPR will celebrate its second birthday as the rule of law over data in the EU. More–and larger–judgements (against Google and Marriott in particular) have helped the regulation maintain its popularity among protected individuals.
Only one U.S. state has passed legislation on a par with the European law. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. A smattering of other states have enacted rules with varying degrees of control. As social media privacy violations mount and public trust in behemoths like Facebook continues to erode, watch for similar individual protections in more states.
Increased Usage of Managed Security Services
ESG recently surveyed 406 IT security professionals in North America across a variety of industries. A majority of respondents felt that security analytics and operations were more difficult now than they were two years ago. They lay blame on the rapidly evolving threat landscape, a growing attack surface, an increased volume of alerts, and a volume and complexity of tasks that is hard to keep up with. The same survey highlighted the ongoing and much-discussed staffing and skills shortages that continue to plague the security industry.
In a difficult position and can’t hire your way out? An increasing number of organizations are turning to managed security services providers (MSSPs). A whopping 90% of the surveyed group said they planned to increase their reliance on an outside vendor in the future!
File Under: Not Going Away Anytime Soon
The threats of ransomware and good old fashioned phishing remain high with no sign of declining. Stealing credentials, distributing malware, and holding data for ransom are still crimes that pay very well. As more CISOs are willing to migrate analytics and operations technologies to the cloud, ransomware targeting the cloud will follow.
What Does 2020 Hold for Your Business?
What are your predictions for 2020? Are your staff and vendors prepared for the threat landscape that lies before them? Is the cybersecurity skills gap causing your business pain? Asylas can help! Reach out to us at firstname.lastname@example.org or 615-622-4591. We’d love to work with you!