Ransomware, drones, biometrics and election integrity will top 2020 security trends
With each passing year, the threat landscape is becoming wider and more intense. It seems each new headline is worse than the last, from the number of records exposed reaching into the billions for a single attack to the increasing cost to recoup after a crippling ransomware attack. This past year was no exception.
As we turn our focus to this new year and a new decade, it’s important to remember that the best indication of the future is our past. While attackers will certainly try to use innovation against enterprises and consumers alike – working to exploit new and emerging technologies, like AI and biometrics – we’ll also see attackers go back to the methods and targets that have proved fruitful in the past.
So, what type of attacks are we most likely to see in the coming year? Here are the top security trends I believe will impact both businesses and consumers in 2020:
1. Drones Open up New Pathway for Intelligence Gathering
To date, the security concern around drones has mostly been focused on the physical damage nefarious actors, including nation states, could perpetrate. In 2020, we could start seeing attackers focus more on what drones know and how that information can be exploited for intelligence gathering, corporate espionage and more.
While it’s true that drones have the potential to do physical damage, the longer-term opportunity for attackers is to use drones as another pathway to steal – and manipulate – sensitive information.
Organizations need to consider who has the ability to control the drone’s activities, what information the drone is storing, how access to that information is being managed and monitored and, ultimately who owns responsibility for securing it.
2. The Butterfly Effect of Ransomware
In the first nine months of 2019, reports indicate there were between 600-700 ransomware attacks on government agencies, healthcare providers and schools in the U.S. alone. Cities and public sector organizations around the world have faced a steady barrage of ransomware attacks with momentum continuing to build heading into 2020.
The constant bombardment will have a butterfly effect that’s impact will reach far beyond what we’ve seen to date.
First, I anticipate that cloud and container environments will be the focus of new ransomware innovations. That’s because attackers are always looking for new ways to monetize their assaults, and they want access to a great diversity of systems. 2020 is when we’ll see ransomware and digital transformation trends converge.
Second, cyber insurance will be a double-edged sword for organizations facing ransomware attacks. Yes, more organizations are turning to cyber insurance to protect their assets and uptime, but attackers are smart. By targeting organizations with cyber insurance because they are more likely to pay, attackers will reap the ransomware gold rush.
3. Election Security: Cyber Attacks as a Disenfranchisement Mechanism
Election security is a hot topic for democracies everywhere. While much of the discussion tends to focus on disinformation campaigns, including the use of deepfake technology to influence opinion, attacks will evolve to disrupt more than just the media.
It’s important to consider the broader effect of disruption and disenfranchisement beyond ballot box tampering. Attackers have repeatedly demonstrated their ability to cause disruption. Their impact on democracies could come in many – even seemingly disconnected – forms.
Stalling major transportation systems – like buses and trains – in major metropolitan areas could keep citizens from safely getting to the polls. A sequence of such attacks targeting core infrastructure – halting transportation, shutting down the electrical grid or launching an attack on voter registration databases – could have a domino effect that negatively impacts the voting system’s ability to operate consistently with trust and reliability.
4. Biometrics Create a False Sense of Security in the Enterprise
With biometric authentication becoming increasingly popular, we’ll begin to see a level of unfounded complacency when it comes to security. While it’s true that biometric authentication is more secure than traditional, key-based authentication methods, attackers typically aren’t after fingerprints, facial data or retinal scans. Today, they want the access that lies behind secure authentication methods.
So, while biometric authentication is a very good way to authenticate a user to a device, organizations must be aware that every time that happens, that biometric data must be encrypted and the assets behind the authentication are kept secure.
While there’s no telling exactly what’s going to happen in the year and decade ahead when it comes to cybersecurity – attackers, and organizations for that matter, are innovating at lightning speed – one thing is for certain, there will be no slowing down. I anticipate 2020 will be another record year for the number and type of attacks we see.