Cybersecurity Predictions for 2020: What Our Experts Have to Say
As the year draws to an in-depth, the cybersecurity analysts at Webroot and Carbonite pull out their crystal balls to form their predictions for the year ahead.
Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and therefore the importance of user education—will continue into the New Year. But they’ll be suffering from new industry developments like impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations.
Unsurprisingly, our experts predict the strong trend toward highly targeted ransomware will bleed into 2020.
“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to get rid of and alter the backup data or the task itself,” Klonowski said.
High-effort, low-volume surveillance techniques are now favored by ransomware operators just like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets.
We should expect actors like these to still gain access to networks from where they will observe financial transactions and valuable information before determining the foremost profitable thanks to striking at their intended targets.
As noted by Tech Crunch, California’s new data privacy act, like GDPR, will reach all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations.
“U.S. citizens will intensify their demands for privacy in 2020,” he says. “Privacy legislation within the U.S., which has lagged behind other nations, is going to be a central issue.”
But instead of settling for a replacement set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or another alternative.
“I would expect alternate purchased services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will attempt to pivot, but ultimately lose out heavily. Legislation and technology are beginning to converge thanks to numerous abuses of privacy.”
In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”
According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate.
“We expect that SMBs will still be targeted for cybercriminals because, a bit like the general public, education, and healthcare sectors, they maintain an equivalent vulnerable environment. They’re low budget, understaffed, and sometimes under-educated on matters of cybersecurity.”
Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed therein study reported that that they had no full-time staff available dedicated to cybersecurity.
“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to prop up cybersecurity at the corporate,” Moffitt says. “Almost always it’s an individual who wears many hats and doesn’t have much of a budget or expertise.”
It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that the majority worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they're easy to repair.
Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and therefore the importance of user education—will continue into the New Year. But they’ll be suffering from new industry developments like impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations.
Highly Targeted Ransomware Will still Devastate Businesses
“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to get rid of and alter the backup data or the task itself,” Klonowski said.
High-effort, low-volume surveillance techniques are now favored by ransomware operators just like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets.
We should expect actors like these to still gain access to networks from where they will observe financial transactions and valuable information before determining the foremost profitable thanks to striking at their intended targets.
- Phishing will likely also become more targeted as data collected from breaches is incorporated into phishing emails. Things like passwords and up to date transactions can go an extended way in convincing people an email is legit.—Grayson Milbourne, counterintelligence Director, Webroot
Long-Awaited Privacy Legislation Will Finally Arrive within the U.S.
We expect that privacy and security will still jockey for the primacy of concern within the minds of U.S. citizens. California, which has long led the fight for more stringent data privacy for consumers, is about to enact a law in early 2020 that has often drawn comparisons to Europe’s GDPR.
As noted by Tech Crunch, California’s new data privacy act, like GDPR, will reach all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations.
“U.S. citizens will intensify their demands for privacy in 2020,” he says. “Privacy legislation within the U.S., which has lagged behind other nations, is going to be a central issue.”
But instead of settling for a replacement set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or another alternative.
“I would expect alternate purchased services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will attempt to pivot, but ultimately lose out heavily. Legislation and technology are beginning to converge thanks to numerous abuses of privacy.”
- “Adversarial attacks against AI-based security products will likely grow in scope and complexity, which might highlight the very fact that there are fundamentally two sorts of AI in cybersecurity: AI which acts sort of a smarter conventional signature and AI which is made into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.” —Joe Jaroch, Senior Director of Cybersecurity Strategy, Webroot
Small and Medium-Sized Businesses will Bear the Brunt of Cyberattacks
Findings regarding cybersecurity readiness among small and medium-sized businesses (SMBs) still be grim. Despite commonly falling victim to data breaches and other attacks, an attitude still pervades that they're either too small to catch the attention of cybercriminals or that their data isn’t valuable enough to warrant an attack.In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”
According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate.
“We expect that SMBs will still be targeted for cybercriminals because, a bit like the general public, education, and healthcare sectors, they maintain an equivalent vulnerable environment. They’re low budget, understaffed, and sometimes under-educated on matters of cybersecurity.”
Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed therein study reported that that they had no full-time staff available dedicated to cybersecurity.
“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to prop up cybersecurity at the corporate,” Moffitt says. “Almost always it’s an individual who wears many hats and doesn’t have much of a budget or expertise.”
It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that the majority worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they're easy to repair.
- “Expect to ascertain more attacks against less-developed nations. Attacks like this don’t generate revenue, rather they're meant to disrupt and destroy” —Grayson Milbourne, counterintelligence Director, Webroot
Excellent blog post! nice information... really thank you for the valuable information... thanks for sharing.....
ReplyDeletewebroot.com/safe
www.webroot.com/safe
ReplyDeletecancel mcafee antivirus
why my printer is showing offline
cannot start microsoft office outlook cannot open the outlook window
ReplyDelete