2020 cybersecurity predictions: Evolving vulnerabilities on the horizon
Cybersecurity threats are seemingly omnipresent in today’s hyper-connected, digital world. In fact — no surprise here — they will only continue to increase in sophistication, frequency, diversity, scale, and scope this year and in the near future.
New Internet-based technologies aimed at creating efficiencies and increasing connectivity between people and places also help proliferate cyber threats and risks.
As more internet-connected devices go online and the so-called “attack surface” increases, malicious actors will find new vulnerabilities to exploit, making everyone more susceptible to cyber attacks. This new reality requires businesses and people alike to understand the evolving cyber threat environment in order to keep pace.
With 2020 just beginning, an understanding of what future cyber threats could entail will help us better protect our systems, information, assets, and even reputation.
While predicting the future is an imperfect task, an assessment of current threats, risks, and trends can help determine what we are likely to see moving forward. Here are my predictions for what’s to come this year.
- 5G Technology will Make the Existing IoT Problem Worse – this was one of my 2019 predictions, but it’s worth repeating
- Background: 5G is the latest generation of cellular network technology that promises higher speeds and increased bandwidth. It has been launched by the four major U.S. carriers in a limited fashion, effectively impacting many of the 265 million mobile device users in America.
- Prediction: As U.S carriers continue to rollout the 5G network, new vulnerabilities will emerge from the new infrastructure required to support 5G — and malicious actors will exploit these vulnerabilities via IoT devices. This evolving threat was echoed by the European Union in a recent report, which warned that “security challenges” will become “more prominent in 5G networks, compared with the situation in existing networks.”
- Biometrics will be used more frequently to authenticate users
- Background: Biometric authentication is a form of security that uses biological characteristics that are unique to an individual, like an eyeball, or fingerprint, to verify their identity.
- Prediction: With passwords becoming less secure and some end-users failing to embrace multi-factor authentication, biometrics will become more commonplace. This creates additional risks for users, as we saw last summer, if the very companies and vendors that require and store this sensitive information do not secure it properly.
- Ready-to-use hacking toolkits will become widely available
- Background: No longer are cyber attacks only carried out by sophisticated criminals or nation states with vast resources. Cyber criminals who lack the expertise and skill to launch sophisticated attacks on their own can instead buy a hacking toolkit to execute a cyber attack. These toolkits, which require minimal technical knowledge, are becoming increasingly accessible.
- Prediction: Purchasing software and tools capable of exploiting vulnerabilities or stealing data and credentials has never been easier, making the barrier to entry as low as ever. Naturally, the increased volume of hackers with the means to attack will increase the likelihood of attacks.
- Local governments will continue to be hit by crippling ransomware attacks
- Background: Ransomware is a type of malicious software (malware) that locks out a legitimate user from accessing their own data. Ransomware attacks to the cities of Atlanta and Baltimore made national news, but smaller cities, often possessing a reduced budget and lacking security controls, have also been hit by malicious actors.
- Prediction: Given that local governments and municipalities often have limited resources to implement robust cybersecurity measures, cannot afford to cease operations when they are attacked, and the relative ease in which these ransomware attacks can be executed, we expect hackers to continue to target these entities in 2020.
- Cyber attacks on critical infrastructure will increase
- Background: Nation states have increasingly launched cyber operations to steal intellectual property and target critical infrastructure to gain leverage over another state. Critical infrastructure includes the following sectors, among others: transportation systems, nuclear reactors, healthcare, financial services, energy, and communications.
- Prediction: Infiltrating critical infrastructure networks will continue, as hackers seek to lay the groundwork for a future attack or a retaliatory measure against a target state. This is already happening, but more nations are likely to follow suit.
- Election meddling — Russia proved that it could be done, others will follow
- Background: Russia’s successful meddling in the 2016 U.S. presidential election has paved the way for others to do the same.
- Prediction: Leveraging social media and other sophisticated cyber operations to misinform citizens and influence elections will continue to be employed. We’ve already seen this with countries like China and Iran last year. In 2020, look for other nations to try and sway political elections and hearts and minds.
- Mobile devices will be increasingly targeted
- Background: Performing a bank transaction used to require having to physically go to the bank. These days, most transactions can be conducted online or through a smart phone.
- Prediction: Targeting mobile banking apps to steal credentials and funds is already on the rise, and this trend is expected to continue in 2020 as more people turn to the ease of mobile banking.
- Artificial Intelligence will continue to be leveraged for sophisticated attacks
- Background: Businesses are continuing to use artificial intelligence (AI), the use of machines to think and perform like humans, to streamline business functions and advance strategic objectives. Piggybacking on our 2019 prediction, this trend will continue in 2020.
- Prediction: As we’ve already seen, AI has been used to impersonate individuals by realistically mimicking their voice, which is useful when requesting the transfer of funds. This year, hackers will continue to use AI advancements to scan networks for vulnerabilities, automate phishing attacks, and conduct large-scale social engineering attacks to propagate the spread of “fake news,” among other things.
- More organizations will automate their cybersecurity defenses
- Background: According to the (ISC)² Cybersecurity Workforce Study, “59 percent say their organization is at extreme or moderate risk due to cybersecurity staff shortage.” This talent shortage, combined with an increased volume of attacks, and the significant financial investment required to protect internal systems, will impact organizations’ ability to properly secure networks and monitor cyber threats.
- Prediction: As a result of the cybersecurity skills shortage, organizations will increasingly turn to automated alternatives.
While these predictions are just that, calculated guesses at what’s to come, they hopefully inspire a proactive approach to addressing threats and mitigating cyber risks.
Maintaining the opposite mindset will leave organizations and people alike vulnerable not just to this list of predictions, but also to basic attacks aimed at exploiting known and emerging vulnerabilities.
Anthony J. Ferrante is the Global Head of Cybersecurity at FTI Consulting. He previously served as Director for Cyber Incident Response at the U.S. National Security Council at the White House. The views expressed here are his own and not necessarily those of FTI Consulting, it’s management, subsidiaries, affiliates or any of its other professionals.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.