When it comes to online security, the real chore is mitigating risk in a never-ending virtual arms race against hackers, phishers, and bad actors everywhere. To stay on top of security and privacy issues, it’s necessary to check out the latest trends on a regular basis. So, at the dawn of a new decade, we decided to do just that. Tech.co reached out to dozens of security experts and analysts to see what growing concerns or soon-to-manifest shakeups the security industry might be weathering in 2020. We learned about the risks inherent to popular tech innovations like smart homes and cryptocurrency, as well as the impact of outside factors like nation-state hackers and increasing automation. Here, we’ve broken down the biggest security concerns of 2020 into seven different predictions.
Managed service providers will be targetedWe’ll see more security automationCryptocurrency will wind up in the crosshairsSmart homes will remain easy targetsGovernments will upgrade their security systemsSecurity will be key for decentralized architecturesBusinesses should reexamine third-party assessors
Managed service providers will be targeted
Managed service providers offer a way for small and midsize businesses to offload their IT needs to a third party. But in 2019, the number of attacks on managed service providers started to increase. A worrying 74% were cyber-attacked, and 83% reported that their customers had seen a cyber attack as well. Brian Downey, Vice President Product Management at Continuum, believes these trend will only get worse in the near future. What actionable steps can managed service providers take to prep for attacks? Stronger education, paired with an “increased investment in cybersecurity training programs,” according to Downey. Increased automation might help, too…
We’ll see more security automation
IT professionals know the score. Opting for automation over manual labor is always a faster choice. And, given the fast-growing onslaught of hack attempts and security risks, automation might be the only choice. The benefits of automation, Goel explains, include better collaboration between security teams and administrators, letting them effectively limit risk, identify and respond proactively to the biggest issues, and explain priorities to the C-suite. “Utilizing automation will not displace analysts from their jobs but empower them to conduct other types of work, eliminating the extensive manual tasks that currently take them away from thwarting the threats that really matter.” Gary E. Barnett, CEO of Semafone, puts it more simply: automation saves money. Ultimately, automation makes sense in particular for cybersecurity, since the threats themselves are largely automated in the first place.
Cryptocurrency will wind up in the crosshairs
Aaron Higbee, the cofounder & CTO at Cofense, has probably the most concise summary of how we all think about crypto. “The cryptocurrency industry,” he notes, “is not widely understood.” However, it is on the receiving end of tech’s most sophisticated security attacks, Higbee goes on to add. Hackers target cryptocurrencies from two angles, he explains. Firstly, they look at solo cryptocurrency holders, trying to determine if their line of defense is weak enough to breach, typically through determining the user’s password, logging in, and transferring the currency to their own account. Second, they look at the employees of a larger cryptocurrency holder, often trying a phishing attempt that may allow the bad actor to “hack into your entire network and dig deep enough to access the cold storage vaults and pull off a heist,” Higbee says. Ultimately, keeping your crypto vaults safe may be as simple as keeping your employees well-versed on common phishing practices, ensuring that the would-be hacker moves on to a more vulnerable target.
Smart homes will remain easy targets
Cryptocurrency has a rival industry in the “incredibly vulnerable to attack” stakes – smart homes. Smart-device-filled homes must remain constantly connected to the internet in order to function. The Internet of Things (IoT) once hacked, can be accessible from any location with an internet connection. How will IoT-focused startups deal with the PR crisis that even the possibility of a hack will propel them into? It’s an open question as we start a new year in which the general public’s awareness of privacy-violating hacks is higher than ever.
Governments will upgrade security systems
Outside of the retail sector, it’s easier to predict the response to increasing security dangers: Governments will start allocating more funds to fighting the hacker scourge. And, with the 2020 Olympics on the horizon, alongside what’s sure to be a down-and-dirty US presidential election, this year will present lots of opportunities for those security systems to kick into gear. “Governments worldwide are targets of sophisticated attacks from nation-state actors and other nefarious users,” comments Shane Buckley, President and Chief Operating Officer at Gigamon. “As governments implement digital transformation to increase efficiency and effectiveness for their citizens, they will also need to upgrade their systems to support capabilities like the Continuous Mitigation & Diagnostics (CDM) program implemented by the US government to enhance their network security.” Granted, not all governments are equal when it comes to online security. It’s already too late for the US to improve its demonstrably shoddy voting systems, according to a few tech experts we consulted for our previous roundup of 2020 predictions. “We’ve run out of time to find and correct the bugs in these machines before the 2020 election,” notes Bitglass CTO and cofounder Anurag Kahol, rather troublingly.
Security will be key for decentralized architectures
Patrick Lastennet, Director of Enterprise at Interxion, calls attention to the shift away from centralized infrastructures and their on-premises data centers. But, more organizations are opting for decentralization, using third-party services to handle a range of chores. This is the flipside of the increased risk to managed service providers we brought up earlier in this article: Not only will those third-party service providers need to boost security, but their clients will also deal with a distributed environment that is increasingly complex to secure. Any decentalized operations that commit the cardinal sin of cutting pre-emptive security costs will likely pay the price in 2020. “To have a successful distributed architecture, enterprises need a security strategy that combines physical and network security with robust encryption key management to mitigate threats without inhibiting performance.”
Businesses should reexamine third-party assessors
Another third-party security risk to keep in mind? The companies that help organizations assess security risks and challenges. If an organization doesn’t occasionally overhaul the procedures that an assessor uses, it won’t be keeping up to date with the latest security concerns. Fred Kneip, CEO at CyberGRX, argues that the way in which third-party cyber risk assessments are carried out should be re-examined, with an eye towards boosting both efficacy and efficiency. The security challenges of 2020 are many and varied, ranging from nationwide attacks from state-sponsored hackers, to the individual dangers faced by anyone with an IoT-powered security camera. “Employing a dynamic approach to third-party risk assessments would not only significantly reduce the human-hours required to complete them but enable organizations to share and exchange standardized data – ultimately increasing each organizations’ security posture through better visibility and increased collaboration.” Still, the best practices remain the same. Moving forwards, we all need to keep learning the new tricks used by the top hackers and phishers, and we need to use that knowledge to update our security, whether at home or in the office.
