Forecpoint predicts that cybersecurity threats in 2020 will stem from Deepfakes, 5G and Adoption of Public Cloud Systems.
Forcepoint has unveiled its predictions about the cybersecurity landscape for 2020. These predictions span across topics such as attacker techniques, communication platforms, infrastructure adoption, data protection legislation and cybersecurity strategies.
Deepfakes-As-A-Service increases ransomware effectiveness and election interference
With the growing complexity and realism being brought in to Deepfakes, it is predicted that the media will move to the forefront in 2020 as it becomes widely adopted for both fun and malicious reasons. It is anticipated that deepfakes will be deployed to impersonate high-level targets at enterprises in order to scam employees to transfer money into fraudulent accounts. Additionally, we will observe Ransomware authors target recipients with realistic videos of themselves in compromising situations, using Deepfake technology. In the arena of politics, we expect deepfakes to be leveraged as a tool to discredit candidates and push inaccurate political messages to voters via social media.
Organizations will become “Cloud Smart” but remain “Cloud Dumb”
As organisations increase their adoption of cloud infrastructure, we should expect to see greater and greater breaches of Public Cloud systems. Even as enterprises move to a Cloud Smart or even Cloud First agenda to streamline their digital transformation journey, when it comes to securing these cloud infrastructures, they continue to remain “Cloud Dumb” due to the prevalent misconception that cloud providers will also secure the infrastructure. Attackers will have a renewed focus on Public Cloud accessible systems and data in 2020 and beyond due to the richness of the prize and ease of accessing it. While cloud service vendors are responsible for protecting the infrastructure, the onus of protecting business critical data lies on the enterprise by monitoring access, managing configurations, and analysing risky user behaviours. We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous.
Businesses will mature in their approach to data/privacy protection legislation
There is greater awareness on the need for data privacy amidst organizations and individuals, due to regulatory implementations following the European Union’s General Data Protection Regulation (GDPR) and the upcoming Indian cybersecurity policy. Organizations around the globe have observed that maintaining an individual’s (customer’s) privacy and protecting their data can be a differentiator of the business’s service. We expect this trend to continue into 2020 and beyond. Furthermore, in 2020 organizations will explore the non-breach non-compliance implications of data privacy and protection regulations. This will invoke a move from a breach prevention approach to a more holistic principles-based approach. Currently many businesses are manually compliant to the regulations, in that, should they receive a high volume of Subject Access Requests under GDPR. Moreover, compared to the fines levied in 2019 we can expect 2020 to observe an exponential increase with regard to the size and quantity of fines that Supervisory Authorities will bring to bear on offenders.
Cybersecurity strategies will incorporate a move from Indicators of Compromise (IoC) to Indicators of Behaviour (IoB)
In 2020, there will be a marked increase in the number of organizations recognising the need to enhance their IoC-based threat intelligence with the contextual insights of behavioural indicators. A shift to Indicators of Behaviour will better protect their data in the modern network environments that support anytime, anywhere working. As such business’s cybersecurity strategies will shift from an outside-in approach (looking at how external attackers are seeking to penetrate a perimeter) to one of an inside-out approach (understanding the risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application).
