2019 saw a rise in ransomware attacks, growing concern about the security of mobile devices and ever-increasing numbers of phishing attacks. With organisations – especially SMEs – still playing catch-up with cyber criminals, we’ve devoured cyber security news and reflected on our own experience of customer needs and challenges to predict the six big cyber security trends in 2020.
1. Proliferation of off-the-shelf cyber attacks
Criminals follow the money. And right now, there is a lot of money to be made from cyber crime. Whereas in the past it may have been strictly the realm of the experts – the type who can code their way into Fort Knox – these days the market has opened up and anyone can download the necessary code to inflict mass damage. Anyone with a computer and the motivation could be a hacker, while the high-skill cyber attack coders maintain a safe distance from the crime. They’re still making money, but they’ve minimised the risk of being caught, and can continue to develop and sell their malware.
This easy access to malicious code is one of the reasons why cyber attacks are on the rise, and why we expect a substantial increase in data breaches and ransomware attacks in 2020.
Many low-skill level attacks could be prevented by good cyber hygiene. Invest in the education of your workforce to ensure they are employing proper security measures. Additionally, the best security installed in your system will be one which adapts to new threats and is kept up to date, like managed firewalls.
Learn more - our free infographic can help educate your staff on cyber hygiene
2. Increasing threat from state-sponsored hackers
2020 is likely to see both an increase in state-sponsored hacking and greater crossover between ‘regular’ cyber crime and nation state attacks. Whether it is criminals moving in and out of state employment, or simply stealing data to sell on to state players, the end result is the same: more attacks.
More concerning still: the remit of these attacks has changed in recent years. Where the target may once have been government or military, these days it is as likely to be healthcare, entertainment or financial services, to name a few. What are they after? It could be intellectual property. It could be data. It could be that they just want to cause disruption. Some governments have been accused of attacking foreign companies for no other reason than causing economic disruption, meaning businesses (including SMEs) that have nothing to do with the state may find themselves caught up in the crossfire of a cyber war.
Protect your IP by securing hardware and software against theft or infiltration. Meanwhile, shore up your cyber security strategy to ensure minimal disruption in the event of an attack. Think about what most needs defending (like people’s personal details and your most sensitive data) and start with that.
3. Triple threat: 5G, IoT and DDoS
The potential of 5G and the Internet of Things (IoT) is exciting – but, everything that the ‘good guys’ will be able to do faster, the ‘bad guys’ will also be able to do at high speed. The increased bandwidth of a 5G network in combination with the millions of unsecured IoT devices already out in the world means that 2020 will likely see greater numbers of more effective DDoS attacks.
What’s at stake here? DDoS attacks can bring down an entire enterprise network in minutes. And what can you do when your network is down?
Fortunately, the technology exists to defend against DDoS attacks. Get ahead of the cyber criminals by investing in the right DDoS protection solution for your organisation.
Learn more - Our DDoS page has infographics and videos explaining how to protect your business
4. The cloud goes hybrid
In November 2019, 86% of senior IT staff in the UK believed their business to be cloud-first today, with 40% expecting to be cloud-only by 2021.
However, what we’re also seeing as a trend is withdrawal from the public cloud, amid rising costs and concerns over who is responsible for data security. Instead, businesses are choosing a mix of public and private cloud as well as data centre/in-house storage, allowing them to control the cyber security solutions applied to their most valuable data.
Ultimately, we believe that this trend for hybrid cloud will win out this year and beyond, as companies get to grips with their specific needs. As organisations figure out how best to use public and private cloud and on-premise solutions, we will see more selective use of all three.
Cloud doesn’t have to be all or nothing. Explore multi-cloud and on-premises options and conduct a thorough audit of your IT systems before choosing the best and most secure solutions for your business.
Learn more - Explore the comprehensive range of cloud solutions 4D can offer you
5. Increased use of AI/Machine Learning by both vendors and cyber criminals
The use of algorithms to correlate vast amounts of data is a huge bonus to cyber security professionals. But, at present, that just about describes the limits of AI for the good guys. Be careful of vendors overpromising on AI; we've even seen Google go overboard with claims on what they can deliver. And while Google was discussing Quantum Computing, it's good insight into how vendors can exaggerate about their products.
Criminals, however, have more scope for progression thanks to the development of ‘deepfakes’ – fake videos or audio that look and sound just like the real thing. Criminals will use this technology to hack facial recognition software, and potentially for dangerously-deceptive phishing attacks. And of course, cyber criminals get the same data-trawling benefits of AI that the cyber security professionals have.
Don’t be swept up by the AI hype some vendors will push. The best solutions leverage the strengths of AI together with the experience of actual humans. The best way to defend against the AI cyber security threat is to understand how attackers are most likely to launch an attack against you. Start by identifying what data is most valuable, and where you are you weakest.
6. Embedding security into development – aka DevSecOps
This one is part trend-spotting, part wish-list. At present it can feel as though security is an afterthought of product development. We’re seeing a lot more talk about moving security to the early stages of product development and we’re hoping that in 2020 we’ll see more evidence of this in action.
The cyber security skills shortage is an issue in its own right, let alone in the context of DevOps, it will likely fall on cyber security vendors to create developer-friendly security testing tools. In 2020 we expect to see a progression in the scope of testing being offered as well as the development of a more tailored security pathway for developers.
DevSecOps is in its infancy and it may be a while before you see the benefits. Keep an eye out for new products that integrate cyber security during production and let your wallet do the talking. In the meantime you will continue to see software released with vulnerabilities that will need patching. Keep a lookout for these alerts and act fast – you know the hackers will.
Learn more - 4D's cyber security solutions integrate seamlessly into our other services
Dire warning: You could be next
No prediction of cyber security trends would be complete without a dire warning of your vulnerability. A breach could happen to anyone, and one cyber attack could be all it takes to end your business.
To learn more about what you need to do right at the start of the new year to prepare for an attack, please check out our articles below, or ask us about ways to minimise your vulnerability and protect the things that matter most to your business with our cyber security services.