Consensus Cyber Projections for 2020

Companies, like individuals, have different priorities and insights so any question as to what is most important, most concerning or most pressing in the frothy cyber risk arena will vary depending on who you ask. In the first few weeks of each year we like to soak up the noise from around the market to arrive at a consensus projection; a survey of surveys if you like. Here is what we have surfaced from this exercise this year. Firstly what was trendiest in 2019 presents as obvious foundation for a look forwards so we'll tackle that first.

2019 Trend #1: Phishing landscape evolves.

Email still ranks as the biggest vulnerability so it should come as no surprise that phishing would make our list of the top cyber security trends. Phishing has been a staple of cyber security trends lists for a while, and it doesn’t appear to be going anywhere any time soon. Verizon’s 2019 Data Breach Investigations Report (DBIR) reports that:

• 32% of confirmed data breaches boiled down to phishing, and
• 78% of cyber-espionage incidents involved phishing. 

But phishing nowadays isn’t just about emails alone — though email is still an incredibly popular attack vector. Cybercriminals are also using a variety of attack vectors to reach and trick their intended victims into performing an action — such as giving up personal information, login credentials, or even sending money. Increasingly, phishing nowadays involves general SMS texting attacks (“smishing”) everything from communications on social media platforms such as LinkedIn to phishing sites to even phone calls with a live person (“vishing”). You know those fake IRS phone calls, Social Security scams, and people pretending to be Microsoft? Yeah, those are just a couple of examples of vishing. 

2019 Trend #2: Mobile rises up the order.

Considering that nearly everyone nowadays has a mobile device in their pocket, it really comes as no surprise that mobile made its way near the top of lists of cyber security trends for 2019. After all, being mobile makes life more convenient. You can use your mobile devices for handling everything from personal and business communications to banking or even booking a flight or hotel. There are apps for literally every aspect of your life. Bored? Play a game app. Want music? Turn on a music app. Need to lose weight? There’s an app you can download for that, too. But all of this convenience doesn’t come without risk for end users and companies alike — particularly as more people use their personal and work devices interchangeably for personal and businesses purposes.

This practice spells out concerns for businesses. Research from the RSA’s 2019 Current State of Cybercrime whitepaper shows that:

70% of fraudulent transactions originated in the mobile channel in 2018.

Furthermore:

fraud from mobile apps has increased 680 percent since 2015

making it a huge channel of opportunity for cybercrime. 

2019 Trend #3: Local governments and enterprises targeted via ransomware attacks

So long as you haven’t been living under a rock the past few years, then it’s likely you’ve seen that the rates of ransomware attacks against consumers are down this year. However, the same can’t be said for enterprises.

Ransomware are on the rise for enterprises with research from Malwarebytes reporting an increase of 195% from Q4 2018 to Q1 2019, as well as a year-over-year increase of 500% in ransomware detection's by businesses in Q1 2018 to Q1 2019.  

Even governments aren’t safe from ransomware. Research from Recorded Future, a threat intelligence firm that has catalogued nearly 170 ransomware attacks affecting state and local governments since 2013, shows that ransomware attacks against these government branches are on the rise.

Their data reports that there were 53 ransomware attacks against state and local governments in 2018, and that there were 21 reported attacks within the first four months of 2019.

Furthermore:

“the numbers for 2018 and 2019 may go up, as not all ransomware attacks against state and local governments are reported immediately.”

For example: 20 cities in Texas were hit by coordinated ransomware attacks. Three Florida cities were targeted by ransomware attacks, and at least two paid the demanded ransoms to unlock their data. The city of Baltimore, Maryland sustained two ransomware attacks in 14 months. The city of Atlanta, Georgia sustained a major ransomware attack in March 2018, which left the city crippled and facing upwards of $17 million in costs relating to the attack.

The same attackers, two Iranian hackers, also targeted the city of Newark, New Jersey, and others. The list goes on and on — and that’s just U.S. cities. This list doesn’t even contain information relating to other major cities or government offices across the world that have been the victims of ransomware attacks.

Research from Coveware, a security firm that specializes in ransomware incidents, indicates that while the public sector represents only 3% of ransomware attack victims in Q2 2019, the public-sector ransomware victims who chose to pay the ransoms paid nearly 10 times as much money, on average, as their private-sector counterparts.

This could be, in part, due to a lack of cyber security awareness. However, regardless of the cause, governments paying any ransom poses a significant concern because it reinforces the notion that performing ransomware attacks against governments is a profitable venture and will only serve to encourage them to conduct more attacks. 

2019 Trend #4: Increasing emphasis on data privacy, sovereignty, and compliance

Since the rollout of the European Union’s General Data Protection Regulation (GDPR) in May 2018, states, countries, and industries alike around the world have begun taking harder looks at their existing data privacy-related regulations. The goal? To develop, pass, and implement new regulations that will ensure higher data security and privacy standards to better protect consumers (or citizens, depending on the specific example) and to punish those who fail to abide by them.

Data sovereignty and compliance, of course, come in different forms. Depending on the specific legislation, it can involve: Informing individuals about how their information will be used; Providing individuals with a way to disallow their information from being shared; Developing and implementing policies and procedures to become compliant; and Increasing the security of data and personal information through the use of encryption and other mechanisms.

However, there are also proposed regulations that approach the topic of data privacy from a different angle. In some cases, the emphasis is placed on creating encryption “backdoors” to make it easier for governments to access encrypted information in the name of justice and thwarting terrorism activities.

2019 Trend #5: Increasing investments in cyber security automation

Automation is a very important advantage in cyber security that has been gaining a foothold in the industry. A recent Ponemon Institute survey of more than 1,400 IT and IT security practitioners shows that:

79% of respondents either currently use (29%) automation tools and platforms within their organization or plan to use them (50%) within the next six months to three years

Depending on the cyber security automation tools and platforms, they can help you perform many tasks, including: Collecting data about components of your information system that can be used for:

1. Monitoring and analysis.
2. Keeping track of all software and hardware assets within your organization.
3. Keeping all of those physical and virtual assets patched and up to date.
4. Performing vulnerability assessments to identify known or potential vulnerabilities.
5. Increasing visibility and decreasing downtime with X.509 digital certificate discovery, renewals, installations, revocations, etc.

This movement towards the use of automation aims to reduce the burden on understaffed cyber security teams (we have yet to encounter an over-staffed one) and increase efficiency.

However, it’s not a perfect solution on its own because automation tools require skilled and knowledgeable staff to operate them. This is a problem when you consider that the same Ponemon Institute survey results indicate that:

56% of organisations report a “lack of in-house expertise” to support the adoption of automation. 

So What Does This All Mean For 2020?

Here are the high momentum trends combined with emerging noises that make most sense.

Cyber security spending is on the rise. In fact, data from IDC shows that global spending on cyber security solutions such as hardware, software and services topped $103 billion in 2019. An estimated increase of 9.4% over 2018 — and they expect this rate of growth to continue for the next several years as industries and companies increasingly invest in security solutions.

According to IDC’s March 2019 report: “The three industries that will spend the most on security solutions in 2019:

• Banking
• Discrete manufacturing
• Local & central government

Will invest more than $30 billion combined.

Three other industries:

• Process manufacturing
• Professional services
• Telecommunications

Will each see spending greater than $6.0 billion this year. 

The industries that will experience the fastest spending growth over the forecast period will be state/local government (11.9% CAGR), telecommunications (11.8% CAGR), and the resource industries (11.3% CAGR).

This spending growth will make telecommunications the fourth largest industry for security spending in 2022 while state/local government will move into the sixth position ahead of professional services.”

The growing impact of AI and ML on cyber security goes exponential Artificial intelligence and machine learning in cyber security are the second on our list of the trends for 2020 — and for good reason. To an extent AI and ML have grown beyon being cool labels that VC's like to invest in to reinvent cyber security as a whole and are areas that are definitely worth exploring in the coming year albeit with a high level of cynicism as we have identified many solutions that boast AI or ML (or both) that really don't deliver measurable results - in other words its very fertile ground for BS.

That said data from a Capgemini Research Institute survey supports the idea that AI is vital to organisations’ cyber security defences.

Three-quarters of surveyed executives reported that AI helps their organisations respond more quickly to breaches, and 69% of the organisations reported that AI is necessary to respond to cyber attacks.

This could be in part because there are many advantages — as well as some disadvantages — to integrating artificial intelligence (AI) with your cyber security solutions:

AI-based cyber security solutions are designed to work around the clock.

• AI can respond in milliseconds to cyber attacks that would take minutes, hours, days, or even months for humans to identify.
• AI simplifies the process of data collection and analysis.
• AI systems can be integrated for enhanced threat and malicious activity detection through predictive analytics.

Greater access to valuable data helps cyber security professionals make better and more informed decisions. AI are helping create better and more accurate biometric-based login techniques.

However, AI isn’t perfect — there are some drawbacks to using the technology as well: AI technologies are being used by defenders and attackers alike — and they’re not one-size-fits-all solutions. AI-based solutions can be more expensive up front than traditional, non-AI cyber security solutions. AI-based solutions require more training for cyber security staff to effectively operate.

Regardless of the potential disadvantages, the market for artificial intelligence in cyber security is projected to reach 38.2 billion by 2026, according to data from a recent Research and Markets report.

That’s particularly significant considering that the industry reached $8.8 billion by the end of 2019.

Cyber attacks on utilities and public infrastructure will continue to increase Let’s face it: Utilities are essential to a modern economy and also make excellent targets for cyber attacks.

They provide critical infrastructure for millions of people and governments around the world, yet they often operate using old, outdated technology.

But trying to upgrade their cyber defenses and fix cyber security flaws can lead to service interruptions and downtime.

Add to that the fact that much of their infrastructure is controlled by private corporations — many of which are not prepared to deal with major cyber security threats — and you have a situation that is ripe for exploitation by hackers.

The headlines are written. Cyber attacks on utilities include the attacks on U.S. utility companies in July by suspected Chinese state hackers and the ransomware attack that rocked City Power in Johannesburg, South Africa.

Expect 2020's headlines to include major public sector victims that will hit us all either directly in service provision or privacy or in in-direct service costs as the security risk is priced in.

New State backed weaponry is due for release. A number of observers and blogs have been anticipating a new StuxNet like cyber weapon for some time. Can you believe it was 2010 that we first learned of StuxNet?

Ten years is a lot of time in cyber terms.

So our final consensus prediction is that a shiny new weapon is going to be deployed inter state between the worlds biggest guns, China, Russia, US and Israel. We need to tag India to this list as they must be tempted to have a pop at Pakistan?

These wonderful but also horrifically powerful precision tools usually use cyber for direct physical destruction as with StuxNet but less elaborate ordnance can also just take out data as in the Sony Pictures hack by North Korea.

Plausible deniability is too valuable a feature for any of the major players to ignore as they seek competitive edge, influence and control over competitors and more likely perceived ideological enemies of their respective national borders, systems and cultures.

Happy and secure cyber 2020

Welcome your comments / critique, your mail or LinkedIn connection:

[email protected]

Observer Solutions are a leading cyber security consultative reseller

We look forward to hearing from you and sharing your thoughts and critique.