Human beings being the weakest link in cybersecurity, better understanding of users’ interaction with critical data and systems must become part of the digital transformation journey.
Forcepoint has unveiled five predictions about the cybersecurity landscape for 2020. These predictions span across topics such as attacker techniques, communication platforms, infrastructure adoption, data protection legislation and cybersecurity strategies.
1. Deepfakes-as-a-Service increases ransomware effectiveness and election interference
Deepfakes are getting more popular as various machine learning algorithms are able to produce indistinguishable hyper-realistic photos and videos of people. In 2020, we can expect to see an increase in ransomware by cybercriminals threatening to leak photos and videos of individuals in compromising situations utilizing deepfake technology. At the organizational level, deepfakes will also be used to impersonate high-level targets at organizations to scam employees by transferring funds into fraudulent accounts. In the political arena, we can expect deepfakes to be leveraged as a tool to discredit electoral candidates and push inaccurate falsehoods to voters via social media. In 2020, we will see deepfakes-as-a-service move to the fore as it becomes widely adopted for entertainment such as the viral FaceApp, and we can also expect to see an increase in its use for malicious intent online.
2. 5G offers unprecedented data theft speeds
2020 will see a rise in the adoption of the fifth generation (5G) cellular network technology around the world. Data transfer rates on 5G is well-documented to be 10 times faster than 4G networks. While this will appear to be a promising service for organizations looking to be one step ahead of the competition, the more reliable connectivity and lower latency of 5G will essentially also work in favour of cyber criminals or even employees looking to transfer large amounts of data on the cloud. With the roll-out of 5G continuing in 2020, we can expect to see an increase in the volume and speed of data theft.
3. Organizations will become “Cloud Smart” but remain “Cloud Dumb”
With greater adoption of public cloud systems, organisations will become “Cloud Smart” in their digital transformation efforts. However, when it comes to securing these cloud systems, organizations will remain “Cloud Dumb” as they face challenges in cloud security. Cloud service vendors are responsible for protecting the infrastructure, while the onus is on organisations to protect their data by monitoring access, managing configurations, and analyzing risky user behaviors. Organizations need to understand that securing data on the cloud is a shared responsibility with their cloud service providers.
4. Organizations will mature in their approach to data/privacy protection legislation
There is greater organizational and individual awareness on the need for data privacy and protection due to regulations such as the European Union’s General Data Protection Regulation (GDPR). This trend will continue in 2020, where organizations will begin to recognise that customers value an organization’s commitment and compliance with data protection laws and will perceive this as a business differentiator. In 2020, we will see organisations move away from a breach prevention approach to a holistic principles-based approach when it comes to data security. We can also expect to see businesses prioritize automation in data discovery as the volume of Subject Access Requests under GDPR increases in tandem with greater customer awareness of their data privacy rights.
5. Cybersecurity strategies will incorporate a move from ‘Indicators of Compromise’ to ‘Indicators of Behavior’
Traditional cybersecurity methods focus on identifying threats based on Indicators of Compromise. This includes malicious activities based on URLs, email subjects, IP addresses, network traffic, suspicious registry changes or abnormal read/write volumes etc. An Indicator of Behavior approach on the other hand, focuses on the behaviour of users and how they interact with data. In 2020, we can expect to see a shift from an outside-in approach – by looking at how external attackers are seeking to gain access into systems, towards an inside-out approach – which can prevent data breaches by analysing abnormal user behaviors across any device, medium or cloud application.
“Fast-evolving cyberthreats are becoming more perilous by the day, and organizations need a proactive and business-aligned cybersecurity strategy to protect themselves,” said Alvin Rodrigues, Senior Director and Security Strategist, Forcepoint Asia Pacific. “Human beings remain the weakest link. IT and security leaders must take urgent measures to better understand the rhythm of their users’ interaction with critical data and systems as part of their digital transformation process.”