Even though the threats and vulnerabilities affecting the security sector will become increasingly sophisticated, 2020 will be the year of simplified security. So says the WatchGuard Threat Lab team in its predictions for the coming years in cyber security.
In addition, the company dedicated to providing network security solutions, Wi-Fi security, multi-factor authentication and network intelligence, offers a series of tips to companies and users with the aim of being able to stop potential conflicts.
Ransomware targets the cloud
Ransomware is now a multi-billion dollar industry for hackers, and in the last decade we have seen extremely virulent strains of this malware wreaking havoc on all types of businesses. As with any industry that generates big money, ransomware will continue to evolve to maximise profits. In 2020, we believe ransomware will be cloud-centric.
Some of the threats that could cause the most problems in 2020 will come from what has been described as a ‘cold ciberwar’, cyber-attacks directed or supported by some states against others. And along these lines, targeted ransomware, like the one that has affected companies such as Prisa, Everis, Sacyl or Prosegur in 2019, is expected to increase even more this year.
As businesses of all sizes move their servers and data to the cloud, it has become a one-stop shop for all our most important information. By 2020, this safe haven is expected to crumble as ransomware begins to target cloud assets, including file stores, S3 buckets and virtual environments.
GDPR arrives in the United States
Two years ago, the General Data Protection Regulation (GDPR) came into force, protecting the data and privacy rights of EU citizens. So far, few places outside the EU have similar laws in place, but we expect the US to be closer to catching up by 2020.
GDPR focuses on placing restrictions on how organisations can process personal data and what rights individuals have to limit who can access that data. It has already proven effective.
Meanwhile, the United States has been victim of a plague against social media privacy in recent years, with no real equivalent GDPR in place to protect local consumers. So far, only one state, California, has responded by passing its California Consumer Privacy Act (CCPA), which will go into effect in early 2020.
Multi-factor authentication (MFA) will become standard for medium-sized enterprises
Multi-factor authentication (MFA) is a security system that requires more than one form of authentication to verify the legitimacy of a transaction.
The goal of MFA is to create a layered defence and make it more difficult for an unauthorised person to gain access to a target, such as a physical location, a computing device, a network or a database. If one of the factors is compromised or broken, the attacker still has at least one more barrier to break before successfully entering the target.
Multi-factor authentication (MFA) is predicted to become a standard security control for mid-sized businesses by 2020. Whether it’s due to the billions of emails and passwords that have been leaked on the dark web, or the many database and password compromises that online businesses suffer every year.
The ease of use for both the end user and the IT administrator managing these MFA tools will eventually enable organisations of all sizes to recognise the security benefits of additional authentication factors. That’s why we believe that MFA across the organisation will become a factor standard among all mid-sized enterprises in the next year.
25% of all infringements will occur outside the perimeter
The use of mobile devices and remote employees is a trend that has been on the rise for several years. A recent survey by WatchGuard and CITE Research found that 90% of medium-sized businesses have employees who work half of their week away from the office. While remote work can increase productivity and reduce burnout, it also comes with its own set of security risks.
Mobile employees often work without any security at the network perimeter, missing an important part of a layered security defence. By 2020, a quarter of all data breaches are expected to involve remote workers, mobile devices and off-site assets.
The cyber security skills gap is widening
The cybersecurity skills gap is not likely to diminish in 2020. The demand for skilled and qualified cybersecurity professionals continues to grow, but there is no discernible change in education or recruitment to increase the supply.
Whether it is a lack of adequate formal cybersecurity education courses or an aversion to the often thankless job of working on the front line of defence, the cybersecurity skills gap is predicted to increase by a further 15% next year. Hopefully this shortage of expertise will not translate into an increase in successful attacks.
Attackers will find new vulnerabilities in 5G/Wi-Fi handover to access voice and/or data from 5G mobile phones
The new 5G mobile standard is spreading around the world and promises big improvements in speed and reliability. Security research has exposed some flaws in the mobile-to-Wi-Fi handover process and it is highly likely that it is seem as a major 5G-to-Wi-Fi security vulnerability exposed in 2020 that could allow attackers to access voice and/or data on 5G mobile phones.
Sources: Redacción Cuadernos de Seguridad, RGPD, MFA