Cyber threats like targeted ransomware, mobile malware and sophisticated phishing attacks will escalate in 2020, researchers warn.
However, defenses like artificial intelligence (AI), cyber insurance and faster security response will also increase, helping defend companies against imminent threats, according to new predictions by Check Point Software.
Check Point outlined “key security and related trends” it expects to see in 2020 in a blog post Wednesday, including a series of technology trends that can both be used to attack systems and mitigate against threats. Some of the predictions are for technologies that have already both surged in popularity and increased in sophistication this year, including targeted ransomware and phishing attacks that go beyond email.
Others are emerging technologies, particularly the rise of AI and a better understanding of how to secure assets in the cloud, according to researchers. Still other predictions involve technology inevitabilities that will further complicate the 2020 security landscape.
New Threats
5G in particular will create cyber-security complexities, as network roll-outs mean dramatic growth in both the use of connected IoT devices and data volumes. More IoT devices will boost networks’ vulnerability to large scale, multi-vector cyber-attacks and create visibility issues for security administrators, according to researchers. Meanwhile, a significant increase in data volumes will mean more people will use mobile apps as part of their daily lives, exposing more and more personal information to networks.
2019 already was a harbinger of some of Check Point’s key 2020 cyber-attack predictions. Ransomware attacks already became more targeted against specific businesses, local governments and healthcare organizations, with attackers taking the time to know their victims “to ensure they can inflict maximum disruption” and garner higher ransoms, according to Check Point.
This year already saw hackers stage numerous ransomware attacks on significant targets, including the city of New Bedford, Massachusetts, several dentist offices, and a number of U.S. hospitals–some that had to turn away patients and another that paid a ransom because of a rash of attacks.
Phishing attacks, too, began using more sophisticated tactics beyond the traditional email attack vector that long has been the modus operandi for cybercriminals, a trend that will continue. For example, bad actors already are using attack surfaces on which their targets are more often found—such as mobile devices and social media, as well as SMS and other messaging attacks.
This latter move was seen earlier this month when an attack linked to Iranian APT group Charming Kitten used a new tactic that sends an SMS message to a victim telling them a stranger has attempted to compromise his or her email, and asks for victim verification through an attached malicious link.
Indeed, given the increasingly ubiquitous use of smartphones, attackers also ramped up mobile malware attacks in 2019, and users can expect more of the same in 2020, according to researchers. For instance, a report released Thursday, which found that malicious mobile apps are trying to dupe consumers by mimicking reputable apps, showcases a key problem that’s on the rise, which will mean both consumers and app stores will have to vet apps more carefully in 2020.
New Defenses
With the cybersecurity landscape looking more dangerous than ever, companies can be expected to employ new methods to combat and protect against these threats in 2020, according to researchers.
Among these will be cyber insurance, which will be a boon for underwriters who will sell these policies to businesses and government agencies such as schools, hospitals and utilities next year, the company said.
The use of AI also should help companies speed their response to cyber attacks by using new technology to identify threats and respond to them, as well as block attacks before they can spread. On the flip side, however, cyber criminals also will take advantage of AI to develop new methods for probing networks to find vulnerabilities, as well as develop more evasive malware, according to Check Point.
2020 also will see the rise of some cloud-related efforts to improve security as more resources and data are run and stored on cloud-based infrastructure. For organizations already running most of their workloads in the cloud, administrators will have to begin deploying security solutions and services “at the speed of DevOps” in 2020 to keep up with agile business-security demands, according to researchers.
Finally, researchers said enterprises overall will have to rethink their cloud approach in the coming year to ensure continuity and always-on connectivity even if hit with a cyber attack.
Considering solutions like “hybrid environments comprising both private and public clouds” might help cloud infrastructure providers avoid the scenario Google faced in March, when the company experienced a global outage that left users unable to access email, attachments or files on Google Drive, the company said.