Contributed by Nir Sivan Skybox Security
Skybox Security’s Vulnerability and Threat Trends 2019 Mid-Year Update report gave us an insight into thousands of newly developed exploits, new exploit-based malware and attacks, current threat tactics and more. But what can we expect in 2020? Sivan Nir, senior analyst, Skybox Security Research Lab, makes her predictions for the year ahead.
Go phish – social engineering attacks via social media, SMS and gaming platforms
In 2019, we saw a resurgence in the usage of ransomware and botnets. In 2020, we’re likely to see phishing attacks rise in popularity. Right now, we’re seeing an increase of these kinds of attacks on SMS, social media platforms and gaming sites as criminals attempt to widen the diversity of their phishing portfolio.
5G and IIoT set to widen the attack surface in Industry 4.0
With the rise of Industry 4.0, 5G will make IIoT a true reality in 2020. The improvements that 5G will bring, in terms of speed and connectivity, will lead to greater investments in internet-connected devices by consumers and businesses alike. But the growth of IIoT will also bring with it greater risk – these are devices that aren’t known for their strong levels of security. Plus, as time goes on, more OT machinery will become connected to IT and IoT systems and devices and, subsequently, will be left exposed to a widening number of internet–derived threats.
This is something that businesses need to be particularly aware of; they need to ensure that the security surrounding any new IIoT investment is watertight and they need to have visibility over their expanded, and increasingly fragmented, attack surface. If they don’t, they will be opening themselves up to a greater number of attacks.
Cyber arms race with AI and automation tools used by both ‘good guys’ and ‘bad guys’
Criminal use of AI, machine learning and automation tools will rise in 2020 as the industrialization of cybercrime continues to gain pace. Some of the same AI and automation tools used by cybersecurity teams to stave off attacks will also be used by black hat hackers as they attempt to create new attack vectors and tailor social engineering attacks.
The next twelve months will see a continuous arms race take place between OT cybersecurity teams and cybercriminals. As criminal intelligence increases, the protections used to combat attacks need to also improve. Faced with stretched resources, there will be mounting pressure in 2020 for the CISO to make smart investments in OT/IT security and automation that will help them to combat increasingly sophisticated criminal attacks.
Obsolete tech hits public sector security
The NCSC’s 2019 annual report outlined how to mitigate against public sector threats. Despite this good advice, it’s inevitable that attacks on public sector infrastructure are going to increase in number and severity over 2020.
There are two main reasons for this. First, these are very attractive targets for malicious actors, particularly those acting on behalf of a nation state. And second, they’re an easy target. The technology used within public sector networks is notorious for being outdated, outmoded and difficult if not impossible to patch. Another 2019 NCSC report, Active Cyber Defense found that over 318 public sector networks still use Windows XP despite the fact that Microsoft pulled almost all support for it in 2014. As Windows withdraws support for Windows 7 in January 2020, the number of unsupported devices within the public sector will no doubt soar.
As smart manufacturing becomes cloud-reliant, misconfiguration threats will have a greater impact
In 2019, moving to the cloud was a top priority for many industrial organisations. They wanted to take advantage of efficiency and cost improvements as quickly as possible. This focus on deploying IaaS cloud technology as quickly as possible has led to security being side-lined. As more cloud services that promise even greater efficiency improvements (including containers and Kubernetes) enter the fray, the likelihood that a rushed deployment will lead to a misconfigured and vulnerable cloud service will increase exponentially.
Misconfigurations already pose the greatest risk to the security of IaaS cloud services; this is a trend that is going to be cemented in 2020 as smart manufacturing becomes increasingly cloud-reliant. To buck this trend, businesses need to have the right processes and people in place to ensure the security of their cloud deployments. It’s the only what that they’ll know they’re not using default usernames and passwords, that all access points and policies are fully within their control and that they are able to prevent confidential information being directly stored in deployment scripts – a basic failing that led to several data breaches throughout 2019.
Industrial companies and critical infrastructure providers get serious about employee cyber hygiene
Business leaders will see that cybersecurity needs to be a company-wide initiative in 2020, not only something to think about for those directly responsible for the security of OT. We will see industrial companies proactively changing their organizations’ culture and adopting a security mindset across their businesses. Instead of being siloed, security will become more embedded within other departments such as DevOps and seen as a function that will help them to drive innovation and improve efficiency.
There will be proper enforcement of stricter BYOD policies, meaning the number and type of devices that can be connected to their networks will be limited. This will be in conjunction with employee programs to train good cyber hygiene and inform staff about the role that they all need to play to help secure critical networks. Due to the pace of change, we’ll also see security teams being trained on the latest technologies on an ongoing basis – not just once when they join. Tech vendors will also recognize that they need to reduce time to value by making their products simpler, quicker and easier to be trained on so that security personnel can stay up to speed.
Having a strong culture of cybersecurity will also drive staff retention, as security personnel will be able to stay informed of all security matters enabling them to stay on the ‘front foot’. This means they can carry out their roles more effectively, keeping them motivated and with a high level of job satisfaction.