5 Key #CyberSecurity Trends for 2020
5 Key Cyber Security trends of 2020 by Digijaks CEO Alan W. Silberberg
2020 is going to be lit, at least in the cyber world.
We are not talking about the fireworks from New Year’s Eve celebrations. Nor are we talking about the circus in Washington, DC, or any other world capitol.
So, what is coming in 2020? What do we need to be looking for?
- Polymorphic Malware + Artificial Intelligence. Continued at #1 from 2019 trends due to ever increasing use and now fully automated attacks as well. What the heck is polymorphic malware you may be asking? Basically, in the most simple terms, it is malware that changes upon detection, or “morphs” into a new form, or goes into hiding. This malware was already prevalent and growing. When combined with true artificial intelligence, it literally trains itself not just to avoid detection but in some cases can actually use your system resources to become something you are used to looking at. This is a huge problem and growing. As the cost of artificial intelligence services and technology continues to drop, the increased use of AI + polymorphic malware together becomes an ever bigger risk for enterprises, governments and private organizations alike. This problem is magnified by the increased use of fully automated cyber attacks using the above technologies.
- Continued Social Engineering Attacks. Social Engineered Attack presentations account for over 50% of all initial cyber intrusions. By now we have all heard about and maybe even experienced social engineering attacks. They can occur through email, voice, sms, social media, websites and even in person. This can also be extended to sim swapping, and even spoofing cell numbers to receive two factor authentication notifications. This is a relatively cheap and easy attack method from threat actors. They can target anyone with an email address or even a cellphone; and especially anyone using social media. It can be something simple like a lame email with a malware laden link. Or all the way through a live person using small data points about another person to impersonate them with a customer service agent in order to compromise one account, then others from it. Social engineering was used heavily during the Russian attacks on America in the 2016 and 2018, 2019 elections. It will continue to be a huge and growing problem globally in 2020.
- Mobile Device Malware. Most people assume malware and viruses really only target networks, computers and larger devices. However this is not correct. 2019 saw an explosion of mobile device malware, presented in apps, sms attacks and even voice attacks. Like polymophic malware above; the access for threat actors to this attack vectors continues to get easier and easier. This is due to the proliferation of mobile devices, ease of app downloads and continued dropping prices of technology needed to mount such attacks.
- Iot Device Attacks. The Iot (Internet of [Unsecured} Devices) is notorious for not having any cyber security, or barely any. This issue stems from multiple vectors, but increasingly it is due to speed to market trumping security being developed into the full stack. Most Iot Devices do not offer any real cyber security protections. There are no standards for #Iot industry to follow yet for cyber security. Additionally this problem is compounded by a central basket of chips, motherboards and circuitry that is used from device to device; and with multiple manufacturers using the same tech. The explosion of Iot devices for both home and industry is leaping far ahead of cyber security protections. This is creating a wild west of problems. The threat actors know this is a wide open opportunity. They can even use such websites as Shodan.io to find both industrial and residential Iot devices that are connected to the internet. Digijaks CEO Alan W. Silberberg has written about the lack of security in IoT.
- Continued Nation State Attacks. Nation State attacks using cyber war and or information war will continue to grow as a major problem. These attacks occur on other nations, companies and even individuals. As the cost of command and control servers drop, more nation-states become active players in using cyberwar. Additionally as the cost of other technology continues to drop, nation state cyber attacks become a cost effective parallel or even additional means of show of force. This could be in the form of electrical grid attacks, social engineering, denial of service attacks. Nation state attacks can also include fake social media, fake websites and exploitative surveillance technology attacks on websites, mobile phones, emails and infrastructure facilities. There is a huge and growing threat of nation state cyber espionage attacks against countries, companies, individuals, reporters, researchers, human rights activists and more.
So. Be careful out there in 2020. Lots to watch out for.
This list is by no means exhaustive. Be alert. Be pro-active. Don’t take cyber security for granted, whether at work, at home or even in your connected car.