December 31, 2019//Tony HowlettLast Updated: April 16, 2021
2019 was quite an eventful year in the InfoSec world, with large events like the Quest Diagnostics/LabCorp and Capital One data breaches dominating the headlines and attackers getting ever more sophisticated and profit-oriented. Ransomware saw a renaissance as cyberthieves found new fertile fields in which to sow their wares in. State actors such as Russia, China, Iran, and North Korea got bolder in making incursions into rival country’s infrastructure. And hacking was front and center as an element of the ongoing impeachment trial of the President.
While making prognostications in an article is risky business, I will venture forth with my guesses as to some of the things we will see in 2020 and beyond. So here are my predictions, take them for what they are worth, caveat emptor and all that, for cybersecurity, 2020 edition:
With the explosion in highly profitable ransomware attacks on public entities such as cities and other quasi-governmental entities like school districts and hospitals, hackers are on a roll. Hackers hit a high point with the triple hacks of 3 Florida cities over the summer netting over $1 million in ransom. The ransomware success didn’t stop there. Next, the mass ransomware attack on 22 Texas cities and subsequent infection of Louisiana state systems, causing a shutdown of systems state-wide, continued the successful run of large scale attacks.
Since the tap of money hasn’t shut off, I would expect these types of attacks to continue and intensify as long as there are vulnerable victims and willing payors in the form of insurance policies. As the word gets out and easy city and hospital targets dry up, we will probably see them pivot into other similarly situated entities that have the potent combination of lower-than-average security and cyber insurance. If I were a savvy security analyst, I’d be trying to figure out the ransomware crime wave’s next target and secure it before it strikes. My guess would be rural power generation and utility companies, small local telephone companies, and other mission-critical infrastructure that might not have the resources of their big-city brethren. More state offices and services will probably also be targeted in this manner. One thing is for sure, the hackers won’t stop until people stop paying.
The genesis of most attacks these days usually starts with a successful phishing attack. According to the 2018 Symantec Internet Security Threat Report, 71% of successful targeted attacks involved a spear-phishing attack. And due to that success, I would expect attackers to sharpen their blades and focus more refined, targeted attacks (spearphishing) versus the mass broadcast general attacks. The use of OSINT tools such as Maltego and the excess of personal information available on most people via LinkedIn, Facebook, and other sources means that a dedicated attacker can craft phishing emails so good that even the most seasoned cynic might click on them.
With attackers more likely than ever to be able to establish a foothold on your network via these methods, defenders will want to strengthen their endpoint defenses to knockdown the malware when it tries to infect off a click and also secure higher privilege credentials with technologies such as PAM and VPAM so that even if an admin account gets co-opted, the damage the hacker can do is blunted.
Another trend is that attackers are starting to leverage Artificial Intelligence (AI) and Machine Learning (ML) to scale their attacks beyond a human’s ability to recognize or respond. In response, security vendors are integrating the same technologies into their solutions to counter it. The number of vendors hawking AI-enhanced wares will increase until your product doesn’t seem complete without an AI feature on it, though often these new options are often more vaporware than reality. Still, the smart companies will use this tech as a “force multiplier” to handle the daily blocking and tackling of event analysis and prioritization so that their expensive human security analysts can spend more time on the incident correlation, detection, and response. Being able to see the forest through the AI trees is going to be the name of the game for InfoSec success going forward and we will need machine enhanced “eyes” to do this effectively.
Though there are a lot more areas in could opine on for the coming year, I will leave it at these three and hope that if they come true, your company has the foresight, resources, and technology to deal with them effectively. May you have a happy AND secure new year and 2020!