Top cybersecurity predictions for 2020

Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+Madison, WIAdmin Posts: 527 Admin
in Cybersecurity
Alright, it's about that time for some hot takes! We just published an article on the Infosec Blog that summarizes one security researcher's top cybersecurity predictions of the 2020 year. To summarize, here's what he put in his list:
  1. Targeted ransomware attacks on the rise
  2. Most nation-state attacks remain unattributed
  3. IoT devices under attack
  4. AI-based attacks, a nightmare for security experts
  5. Compromised credentials and data breaches will continue to be a problem for organizations
  6. ICS/SCADA systems are still too vulnerable
  7. Supply chain attacks will grow slightly in frequency
  8. Cybercrime-as-a-service — stronger than ever
Read the full article »

So what do you think? Are there any predictions you think should be mentioned? Do you think anything on this list isn't that big of a deal? Give me your best Nostradamus impressions!
Community Manager at Infosec!
Who we are | What we do
· Share on FacebookShare on Twitter

Comments

  • thomas_thomas_ Member Posts: 1,012 ■■■■■■■■□□
    There will be another data breach impacting hundreds of millions of people and the government is going to do jack **** to the company.
    · Share on FacebookShare on Twitter
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 527 Admin
    thomas_ said:
    There will be another data breach impacting hundreds of millions of people and the government is going to do jack **** to the company.
    I'll set the over/under on March 1st, 2020. Do you think we'll see a national-scale breach in the first two months of the year? My money's on yes!
    Community Manager at Infosec!
    Who we are | What we do
    · Share on FacebookShare on Twitter
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Sweet, this is where I get to be curmudgeonly!
    1. Targeted ransomware attacks on the rise
    Of course.
    2. Most nation-state attacks remain unattributed
    Of course.
    3. IoT devices under attack
    I think when people talk about IoT insecurity, they're not talking about most IoT devices. Most IoT devices are well behind a firewall or NAT of some sort and are not reachable from the Internet. So you can moreorless shelter most of these by sheer chance, despite them being unpatched or vulnerable to something. That said, these can be important targets of opportunity for insiders and targets for APTs (see ICS/SCADA prediction for that impact).
    It would be more ballsy to talk about IoT and eroding privacy, but with Ring and other things, that was a trend already steamrolling forward in 2019.
    4. AI-based attacks, a nightmare for security experts
    Using "AI" in this item is just a marketing grab, and means next to nothing. Not only from the attacker side, but the defender as well. Almost nothing I've seen that touts to be AI-powered is AI-powered. At least ML makes sense as a term, but even then it's just the same old code logic we've always had, just with larger sets of changing data.
    What the author really *should* have done is just stick to the last paragraph as the main point: campaigns of disinformation and deep fakes are going to be a problem.
    5. Compromised credentials and data breaches will continue to be a problem for organizations
    Status quo isn't a great prediction, in my books.
    6. ICS/SCADA systems are still too vulnerable
    Status quo isn't a great prediction, in my books.
    7. Supply chain attacks will grow slightly in frequency
    I suppose. I think I like this as one of the better predictions here, if I ignore the wishy-washy "slightly" word.
    8. Cybercrime-as-a-service — stronger than ever
    Status quo isn't a great prediction, in my books. Calling this CaaS makes me groan and then sigh.


    Despite me being overly nitpicky, this list of predictions is far better informed and written than most I will read on a year-to-year basis. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
    · Share on FacebookShare on Twitter
  • TechGromitTechGromit Ontario, NY Member Posts: 2,151 ■■■■■■■■■□
    edited December 2019
    1. Targeted ransomware attacks on the rise

    That's what pays the bills, statically 36% of business hit with ransomware pay. It's a great business model, with no inventory and very little overhead you can make millions. From an economic standpoint, it makes sense for businesses to pay the ransom, the average demands from ransomware is $13,000 per attack. The city of Baltimore spend 18 million dollars to recover after a ransomware attack to avoid paying a $76,000 ransom demand. While it's true paying the ransom only encourages more attacks. the logic holds true for people that file frivolous lawsuits, do you settle out of court for a nominal amount or do you spent 100k+ in legal bills to avoid settling for 20k?      

    Still searching for the corner in a round room.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.