Spoiler alert — the risks involve deepfakes, machine identities and the false sense of cloud security many businesses still have.

Over the year, high-profile data breaches in Asia included Singapore’s second data breach, as well as breaches in Toyota and Sephora. This momentum is showing no signs of slowing down. The cybersecurity threat landscape is still evolving, and if organizations do not know what to look out for; it will a huge challenge to protect against further attacks. 

To gear up for the evolving risks organizations will face in 2020, here are the top three factors to look out for—based on recommendations by privileged access management company Centrify. 

  1. Misplaced understanding of cloud security increases cyber risk 
    A 2019 Centrify study revealed that 60% of organizations do not understand the shared responsibility model when it comes to who secures workloads in the cloud. This is an even greater risk in Asia Pacific—where 70% of security decision-makers in large enterprises believe that security provided by cloud providers is enough to protect them from cloud-based threats.  This will create a false sense of security in cloud security providers by their customers, as the latter are responsible for securing privileged access to their cloud administration accounts and workloads. Therefore, cloud environments will become a top target of cyber-attacks in 2020 as this false sense of confidence placed by organizations is exploited by bad actors. 
  2. The challenge of securing machine identities 
    APAC is poised to become the global leader in IoT spending in 2019—accounting for 35.7% of worldwide spend. This increased support is not limited to the private sector, with governments such as Singapore and Malaysia quickly progressing their Smart City vision. Compounded with an ever-evolving enterprise threat-scape that includes automation, this means that machine identities will become the largest cybersecurity exposure point in 2020, overtaking humans. However, automation, if done correctly by humans, could mitigate much of the risk, and employees will remain the biggest weakness for organizations. “Alexa, can you stop me from being hacked…” 
  3. Phishing to evolve beyond email to SMS/video platforms 
    Over the past year, APAC has seen a dramatic increase in phishing attacks over SMS, WhatsApp or Facebook messenger—with the messages claiming to be from local banks, telcos and even supermarkets. Hackers have proven to be very capable of evolving to get around increased cybersecurity awareness, and phishing will continue to focus more on SMS and personal messaging services. Phishing attacks by SMS (“SMishing”) will increase by more than 100% in 2020, and as hackers leverage new tools like “deep fake” technology to look and sound like a trusted person, we will see the first successful spear-phishing by video (eg., Facetime with an attacker posing as the CEO).