Top cybersecurity predictions for 2020

Alright, it's about that time for some hot takes! We just published an article on the Infosec Blog that summarizes one security researcher's top cybersecurity predictions of the 2020 year. To summarize, here's what he put in his list:

Targeted ransomware attacks on the rise
Most nation-state attacks remain unattributed
IoT devices under attack
AI-based attacks, a nightmare for security experts
Compromised credentials and data breaches will continue to be a problem for organizations
ICS/SCADA systems are still too vulnerable
Supply chain attacks will grow slightly in frequency
Cybercrime-as-a-service — stronger than ever

Read the full article »

So what do you think? Are there any predictions you think should be mentioned? Do you think anything on this list isn't that big of a deal? Give me your best Nostradamus impressions!

Find more posts tagged with

Comments

thomas_

There will be another data breach impacting hundreds of millions of people and the government is going to do jack **** to the company.

Infosec_Sam

thomas_ said:

There will be another data breach impacting hundreds of millions of people and the government is going to do jack **** to the company.

I'll set the over/under on March 1st, 2020. Do you think we'll see a national-scale breach in the first two months of the year? My money's on yes!

LonerVamp

Sweet, this is where I get to be curmudgeonly!

1. Targeted ransomware attacks on the rise

Of course.

2. Most nation-state attacks remain unattributed

Of course.

3. IoT devices under attack

I think when people talk about IoT insecurity, they're not talking about most IoT devices. Most IoT devices are well behind a firewall or NAT of some sort and are not reachable from the Internet. So you can moreorless shelter most of these by sheer chance, despite them being unpatched or vulnerable to something. That said, these can be important targets of opportunity for insiders and targets for APTs (see ICS/SCADA prediction for that impact).

It would be more ballsy to talk about IoT and eroding privacy, but with Ring and other things, that was a trend already steamrolling forward in 2019.

4. AI-based attacks, a nightmare for security experts

Using "AI" in this item is just a marketing grab, and means next to nothing. Not only from the attacker side, but the defender as well. Almost nothing I've seen that touts to be AI-powered is AI-powered. At least ML makes sense as a term, but even then it's just the same old code logic we've always had, just with larger sets of changing data.

What the author really *should* have done is just stick to the last paragraph as the main point: campaigns of disinformation and deep fakes are going to be a problem.

5. Compromised credentials and data breaches will continue to be a problem for organizations

Status quo isn't a great prediction, in my books.

6. ICS/SCADA systems are still too vulnerable

Status quo isn't a great prediction, in my books.

7. Supply chain attacks will grow slightly in frequency

I suppose. I think I like this as one of the better predictions here, if I ignore the wishy-washy "slightly" word.

8. Cybercrime-as-a-service — stronger than ever

Status quo isn't a great prediction, in my books. Calling this CaaS makes me groan and then sigh.

Despite me being overly nitpicky, this list of predictions is far better informed and written than most I will read on a year-to-year basis.

TechGromit

1. Targeted ransomware attacks on the rise

That's what pays the bills, statically 36% of business hit with ransomware pay. It's a great business model, with no inventory and very little overhead you can make millions. From an economic standpoint, it makes sense for businesses to pay the ransom, the average demands from ransomware is $13,000 per attack. The city of Baltimore spend 18 million dollars to recover after a ransomware attack to avoid paying a $76,000 ransom demand. While it's true paying the ransom only encourages more attacks. the logic holds true for people that file frivolous lawsuits, do you settle out of court for a nominal amount or do you spent 100k+ in legal bills to avoid settling for 20k?