Keepin’ It CyberFit in 2020
CyberFit Chip, your friendly cyber advice guru, is getting back in the list game – this time with his top 2020 cyber trend predictions.
So now that you’ve recovered from your New Year’s Eve celebrations, what better time to dive into the good, the bad, and the ugly for 2020?
A long overdue shake up of the defense supply chain will do just that – shake things up. We’re cautiously optimistic it’ll be for the better.
If you roll in national security circles, you’ve undoubtedly heard about the Department of Defense’s new(ish) effort to shore up its supply chain: the Cybersecurity Maturation Model Certification or CMMC. The CMMC, slated to go into effect this year, represents a long overdue reckoning with the flaws of today’s defense contracting status quo. Simply put, relying on the defense industrial base (DIB) to “self-attest” to its own cyber hygiene is no longer an acceptable way ahead, especially in a world where cybersecurity has become a core component of overall national security. It’s doubtful the CMMC will be perfect when implementation time rolls around, but it is a much-needed step in the right direction.
Choo choo… the CMMC train is rolling full steam ahead in 2020. If they want to stay in the game, defense contractors (both big and small) should get onboard sooner rather than later.
Growing scrutiny of open source software vulnerabilities will prompt mandates for secure software development lifecycles.
The existence of software vulnerabilities is nothing revelatory. What will be new in 2020, however, is the added attention the US government will devote to understanding these vulnerabilities – and the more secure and transparent software development practices they will demand from their software providers as a result. Take this draft NIST white paper as just one indicator.
Many companies producing software-based tools use a mix of open source packages/libraries and proprietary builds. Far fewer, however, practice a thorough secure software development lifecycle to ensure existing vulnerabilities are found and fixed before they become part of a final product. In 2020, that attitude will grow less and less acceptable – particularly to government customers.
The ransomware epidemic will get a whole lot uglier.
The rise of the ransomware epidemic caught many by surprise in 2019. Public sector targets, including state and local governments, educational outfits, and healthcare providers, were particularly hard hit. With ransomware-as-a-service lowering the barrier to entry for would-be hackers lacking technical know-how, we expect the number of attacks to increase in the new year. Even more harrowing than that prospect, however, will be the increase in more targeted attacks against especially vulnerable or lucrative marks, as well as a rise in ‘faux ransomware’ (i.e., attacks that walk and talk like ransomware, but are more intent on wreaking havoc than collecting money). In short, the 2020 ransomware game is no longer all about the dolla dolla bills; it’s about maximizing impact.
Despite this grim prediction, there are some silver linings. The first is that trusted tools already exist (like a reliable backup and recovery software with built-in AI-based anti-ransomware protection) to promote resiliency and shore up systems before attacks occur. Another is the better collaboration 2019’s spate of attacks has spurred across all levels of the government and private industry. We expect that collaboration to grow, now that push has come to shove.
And phishing will get even phishier.
In 2020, we’ll see phishing attacks using AI-based technologies – including sophisticated video, image, and voice deepfakes – hit the mainstream. We’ll also see a steady uptick in SMS-based infiltrations and other phishing methods that target mobile devices, where users are likelier to click on a malicious link or attachment than on their desktop. That spells trouble in 2020, especially as more and more organizations dabble with BYOD-friendly policies.
As we all grapple with this increasingly complex and sophisticated phishing landscape, the solution can’t rely on IT tools alone. Organizations will need to do a better job training and empowering their “human firewalls” to do their part to protect data as well.
The Downright Ugly
Facial recognition hacks will leave millions – perhaps billions – vulnerable.
Move over fingerprints, there’s a new biometric vulnerability in town… and its name is facial recognition. In 2020, more than a billion smartphones are expected to feature facial recognition technology. Combine that with the growing concentration of sensitive facial recognition data stored in centralized repositories, and we’ve got a problem on our hands.
That temptingly vulnerable attack surface has already attracted some unwanted attention from cyber criminals, including a breach of airport passenger photos from Customs and Border Protection last year. Brace yourself for more facial recognition hack headlines in 2020 as cyber criminals learn how to better exploit the technology, ensnaring private citizens and law enforcement agencies alike.
A cyberattack on America’s critical infrastructure will leave a major city down for the count.
Did you turn on the shower or faucet this morning? How about the light switch or heat? Chances are you did so without a second thought about the machines that keep America’s critical infrastructure up-and-running. Those machines, known as supervisory control and data acquisition (SCADA) and industrial control systems, have an enormous impact on our daily lives, as well as our national security – and many are unnecessarily vulnerable to cyber intrusion and disruption.
With that in mind, as well as a fair number of attackers at the ready (from nation states and rogue hackers to terrorist organizations), we predict a cyberattack will temporarily knock out a major American city’s water treatment system or power grid in 2020. The attack, which is most likely to come in the form of ransomware or DDoS, will devastate, spreading panic far beyond the geographic limitations of its impact. And it will serve as a wakeup call for stronger cybersecurity measures across all 16 critical infrastructure sectors.
And for Good Measure – One Where the Jury’s Still Out
Cyber insurance companies will continue to have their heyday.
In light of 2019’s sharp increase in ransomware attacks, private and public organizations alike have increasingly turned to insurance policies to protect against malicious cyber activity. On the face of it, this seems like a positive and proactive approach.
As it stands now though, overreliance on cyber insurance policies (and insurance companies that often advise clients to pay the ransom rather than incur high data and system recovery costs) is reinforcing a dangerous ransomware cycle. But if insurance companies and their clients can better gear their thinking to the long-view rather than the quick fix, cyber insurance may still prove a net positive.
With the proliferation of AI-based technologies, IoT and other edge devices, cloud adoptions, and zero trust architectures, the above list is by no means exhaustive – it’s just a taste of the innovations, collaboration, and cyber risks to come in 2020.
Now with these predictions in mind, it’s time to proactively prepare for the year ahead. A great place to start is with the tested and trusted cyber protection and edge data security solutions Acronis SCS has on offer, including a newly released hardened full disk image backup and disaster recovery software.
Armed with the right toolkit, knowledge, and #CyberFit mindset, your organization will be ready to enter this new decade with confidence – and avoid the nasty pitfalls we see fast approaching.