Security Predictions for 2020 from the Advent IM Team
News and information from the Advent IM team.
News and information from the Advent IM team.
New Year, Same Problems …
Another year and another set of predictions from the Advent IM Team …
There will be more breaches, more successful attacks on infrastructure and IoT devices will enable a catastrophic failure in CNI
There will be an uptick in attempted CNI attacks and supply chain will feature heavily in the cause.
The general growth in the level of third party breach that we have observed steadily increasing will continue and frustrated users and consumers will start to take to legal recourse and class action style actions will start to become less rare. On the positive front, people and businesses may start to engage with their own data more; reconnecting with it and realise that we are ALL data subjects and that our information should be treated with respect.
I don’t feel ransomware has hit the headlines as much in 2019 and I think we could see it hit the headlines again big style during 2020 as digital currency and threat intelligence methods become more sophisticated, especially on an individual level. Watch out CEOs and corporate bigwigs!
I’m sticking with my 2019 prediction of IoT exploitation, as this didn’t necessarily hit as hard as anticipated (although I’ve no trust in Alexa the spy and I’m fairly certain she goes out of her way to encourage tourettes 😊). However, expect to hear or read of more sophisticated types of attack used to extort (either monetary or other commercial/personal advantages) from users.
Also, 5G must be in the crosshairs of miscreants worldwide. High speed data theft on a silver platter!
My prediction is that more people will be too busy concentrating on being fined by the ICO for breaches of confidential information that they wont see the ICO coming for them for delays in responding to SARs and FOI requests. Therefore organisations still wont know what information they have…….. or will be caused by Brexit and the uncertainty of rules applying to them,
Also there will be many breaches from phishing and Malware attacks for large companies as they continue to not focus on training their people around awareness… or they give 20 minutes of e-learning on phishing emails and expect the problem to go away.
I also anticipate there will be a story this year about an insider breach, similar to the Morrison’s case.
What I think will happen…
From a regulatory point of view: I think regulatory bodies such as the ICO are going to start feeling more comfortable with their new found powers and coupled together with the fact that we’re 18 months past GDPR Day, I think they will start to show less leniency and we can expect more businesses being fined greater amounts should negligence be found as the cause for a breach.
From a Cyber-attack point of view: I think we’ll continue to see the level of sophistication in attacks improve as cyber-criminals begin to get a better grip of common network defence measures used by organisations, such as harnessing AI to develop increasingly sophisticated malware and attack methods that will require organisations to deploy behaviour based network defences rather than relying on known vulnerabilities and attack signatures. That said I think we’ll continue to see the pink fleshy bit on the end of a device being used as the primary compromise vector through phishing and other social engineering methods, meaning an continued importance on securing the human element through raising standards of training and education.
From a Security point of view: I think 2020 might actually be the year that we see organisations take more responsibility for security at the senior management and operational levels and break the siloed approach of it belonging to the IT or Security functions. This should see greater advances in security being addressed in all aspects of the business from new infrastructure projects to the supply chain. However, I might have been saying this for the last 5 years.
What I’d like to happen…
I’d like to see more organisations start to invest in their security personnel in terms of providing them with formal security training and giving them the right skills to do their jobs. I’ve had experiences of going into organisations at either end of the spectrum over the last year and the difference in security posture and competence of personnel is huge. Organisations may be more willing to invest in existing personnel as we see the Cyber skills gap continue to grow with the demand for IT Security personnel far outstripping supply.
Brexit will continue to be a feature and will likely see a significant rise in scams – cyber or otherwise. Also UK/EU discussions over data protection standards will be interesting as while the data regulators will continue to cooperate, if/when the relationship between the UK and EU deteriorates politics may well become a factor when making adequacy decisions. Of course that assumes such discussions will be on the agenda in the first place. Other than that, I just see things continuing as they are – cyber attacks/data breaches will continue and organisations will continue to ignore them until they suffer one.
A comprehensive set of opinions and a lot to think about…2020 here we come…