When looking for possible cyber security trends in 2020, it is clear to see that the previous year was interesting for all things cyber security.
It was the year that brought major breaches pretty much every week. Recently, it was found that charities reported over 100 data breaches to the ICO in the second quarter of 2019-20 alone.
Cyber security is still the issue on every business leaders mind.
This year, the need for organisations to keep GDPR in mind has remained prominent. The stakes for protecting your organisation from cyber threats have never been higher.
So, what cyber security trends can we expect to see in 2020 then? Here are some things to consider.
Cyber security regulations improvement
One of the cyber security trends to look out for is a continued need to see a continuing improvement in the relevant regulations as apply to cyber security.
See also: Cyber security best practice: Training and technology – Here, we look at cyber security best practice — everything from defining it to the importance of training.
The dynamic and fast-moving nature of cyber security outpaces regulation which is far too slow and clumsy to be of any benefit and might actually hinder security by building a culture of compliance with regulations and a false sense of security against enemies who are agile, motivated, and clever.
Some experts have predicted that a more worldwide regulation system in regards to data could come into effect in 2020.
Data theft turning into data manipulation
We can expect to see attackers changing their methodology from pure data theft and website hacking to attacking data integrity itself.
This type of attack, in comparison to a straightforward theft of data, will serve to cause long-term, reputational damage to individuals or groups by getting people to question the integrity of the data in question.
Some companies are already making use of AI to sort and check the integrity of data efficiently.
Demand will continue to rise for security skills
Another one of many possible cyber security trends could be a global shortage of cyber security skills in the workplace, which arguably makes organisations more desirable targets for hacking.
Demand for expertise will rise as companies realise that their current IS strategy is not sufficient.
Also, with companies increasingly insourcing their security needs, internal training and skills growth has to continue to accelerate. Tailored training programmes are crucial.
Related: Cyber security training – Is it lacking in the enterprise? – This article looks at the importance of cyber security training and education in the enterprise.
Cyber security and Internet of Things (IoT)
‘Secure by design’ will garner much copy, but probably will not deliver until 2020 or beyond. We’ll have to wait and see with this, as connected devices are increasing in circulation by the day, and perhaps it is only a matter of time before the security vulnerabilities are exposed — could there be a repeat of the Mirai Botnet in 2020?
Indeed, the next generation of AI-powered attacks will be crafty enough to emulate the behaviours of specific users to fool even skilled security personnel.
This might include the ability to craft complex and bespoke phishing campaigns that will successfully fool even the most threat-conscious among us.
Attackers will continue to target consumer devices
Ransomware is a recognised problem for companies of all shapes and sizes, epitomised by the large scale WannaCry attack that decimated the UK’s NHS and organisations around the world.
In 2020 and beyond, will we start to see consumers being targeted across a range of connected objects? This is a likely scenario, with examples coming out of child predators targeting IoT devices in toys (designed for children).
Attackers might even target the smart TV in your house via a ransomware attack that would require you to pay a fee to unlock it.
See also: A guide to cyber attacks – Malware Part 1 – As part of a three part guide on cyber attacks, we begin by exploring existing types of malware.
Attackers will become bolder, more commercial less traceable
Hackers will look to become more organised and more commercialised, perhaps even having their own call centres – something already seen with fraudulent dating sites.
They will look to base themselves in countries where cybercrime is barely regarded as a crime and thereby placing themselves outside their victims’ police jurisdictions.
Attackers will get smarter
Attackers capability to write bespoke targeted code will continue to improve faster than the defenders ability to counter or get ahead of it.
They will continue to exploit the Dark Web, a small portion of the Deep Web, in order to successfully hide and to communicate with other criminals.
Related: Who is responsible for cyber security in the enterprise? – Uncertainty is widespread across companies over who takes the lead on cyber security, according to Willis Towers Watson.
Breaches will get more complicated and harder to beat
Cybercriminals will look to grow their malicious activities using malicious code in ever more devious ways.
Such a ransomware variant has already been discovered using an innovative system to increase infections: the software turns victims into attackers by offering a pyramid scheme-style discount.
If the victim passes on a link to the malware and two or more people install this file and pay, the original victim has their files decrypted for free.
Cyber risk insurance will become more common
This type of insurance will increasingly become part of operational risk strategy however, the insurance industry needs to tailor products specific to client needs and not just provide blanket cover as extensions to existing risks.
See also: A comprehensive guide to cyber liability insurance – Due to the propensity of cyber attacks cyber insurance has emerged as the latest solution in this succession.
As the industry evolves we might see cyber insurance covering for loss of reputation and trust with their customers, loss of future revenue from negative media or other exposure, and improvement costs for security infrastructure or system upgrades.
New job titles appearing – CCO (chief cybercrime officer)
In the aftermath of the TalkTalk data breach, MPs recommended appointing an officer with day-to-day responsibility for protecting computer systems from attack.
It could be said that the CTO role is far too general a position to cover the vast and important issue of cyber security, and hence an officer that specifically deals with this area may be a step forward.
The Conservative party manifesto for the recent UK General Election announced plans to establish a national cyber security force, so could company C-suites follow suit?
Will 2020 see organisations looking to appoint a chief cybercrime officer?
The CCO would be responsible for ensuring that an organisation is cyber-ready, would bear the responsibility for preventing breaches, would take the lead if a breach did occur and provide a robust connection between the board and the rest of the company.
Sourced by Andy Taylor, former lead assessor at APMG International