Darrell Long, VP of Product Marketing at One Identity said, "In the next year, data will continue as a hot commodity that cybercriminals are after, and organisations will continue to drop the ball on protecting it. In today’s data-driven economy, data is more valuable than oil and hackers are more than aware of the profits they could garner from stolen privileged account credentials.
"In the new year, as organisations continue to fail at implementing privileged account management (PAM) and identity governance and administration (IGA) in order to properly secure and govern the data they hold, we’ll see companies no longer able to keep a competitive edge and fall to the wayside as other more security-centric organisations rise - customers know to trust those focused on protecting their data."
 |
| Source: Trend Micro. Jain. |
“Our threat experts predict that this fast growth and change will bring new risks of supply chain attacks. From the cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020.”
According to Trend Micro's 2020 predictions report, vulnerabilities for corporate networks are everywhere, from compromised container components and libraries used in serverless and microservices architectures to managed service providers being targeted as a way to compromise multiple organisations. Other supply chain risks will come from remote workers using weak Wi-Fi security, and security flaws in connected home devices, the company said.
David Allott, Head of Orange Cyber Defense, Asia Pacific at Orange Business Services said, “Realising the power of data has also created awareness around its vulnerabilities. Threat vectors are evolving every day with changes in the technology landscape and cybersecurity becoming increasingly complicated.”
Larry Lunetta, VP of Security and Wireless LAN Marketing at Aruba, a Hewlett Packard Enterprise company, also touched on the problem of complexity. “In the coming year, security breaches will continue to plague organisations of all sizes and attacks will become increasingly complex, widespread and persistent, often carried out by coordinated teams of sophisticated hackers.
“With enterprises using over 130+ security tools and technologies on average, in 2020, we will see a rise in the use of integration and orchestration tools to better leverage these technologies for better threat detection and accelerated response.”
Uncommon attack techniques will emerge in common software, leading to businesses recalibrating how legacy software is defined and treated, said Josh Lemos, VP of Research and Intelligence, BlackBerry Cylance.
"Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent BlackBerry research found malicious payloads residing in WAV audio files, which have been utilised for decades and categorised as benign...Companies will look for ways to secure less commonly weaponised file formats, like JPEG, PNG, GIF, etc. without hindering users as they navigate the modern computing platforms," he predicted.
“2020 will compound the privacy issues as a result of the increased connectivity brought about by 5G. With increased connectivity, we will see a dramatic increase in the number of connected devices and sensors, resulting in a vastly expanded list of targets for cyberattacks. However, in their rush to beat the competition, security will be an afterthought as opposed to being a forethought. The end result will see 2020 as a record breaking year for cyberattacks on connected devices and a recognition for privacy and security regulations at the national level,” said Rana Gupta, APAC VP for Cloud Protection and Licensing activity at Thales.
On the enlightenment front, defences have evolved to keep up with cyberattacks. “We are seeing an uptake in the adoption of innovative email security tools with sandboxing capabilities and which offer an additional layer of protection from spear-phishing and spoofing attacks in 2020 and beyond,” noted Dylan Castagne, MD, Retarus Asia.
“Aside from providing flexible access management and encryption, these innovative email security solutions have the capability to track email security filters and rules while leveraging real-time analysis and IT forensics to optimise email security settings. This includes sandboxing emails infected with malware detected within the company’s infrastructure, for further analysis, or automatic deletion.”
2020 will see the emergence of the cybersavvy board, added Rohit Ghai, President, RSA. "Accountability for cyber and risk incidents moves up the organisational hierarchy and becomes a central issue for the CISO*, C-suite and Board of Directors.
In 2020, expect mindful organisations to begin hiring Board members that bring experience in risk management and information security as a way to prepare the business for a digital future. Gradually, this will become a new normal for the enterprise as investors pressure leadership for clear strategies on how they are managing digital risk," said Ghai.
While there has been enlightenment, there is still complacency and misunderstanding as well.
“With biometric authentication becoming increasingly popular, we’ll begin to see a level of unfounded complacency when it comes to security.
 |
| Source: CyberArk. Lazarovitz. |
“Even more importantly, the network authentication token that’s generated must be protected. That token, if compromised by attackers, can allow them to blaze a trail across the network, potentially gaining administrative access and privileged credentials to accomplish their goals – all while masquerading as a legitimate, authenticated employee.”
 |
| Source: RSA. Lee. |
The talent crunch is still a cybersecurity challenge for 2020, but the discussion has changed a little as we get to grips with the problems.
A ServiceNow study with Ponemon Institute showed that enterprises in Singapore saw an 18% climb in cyberattacks over the past year, with 88% noting they did not have sufficient resources to keep up with the number of software patches, for example. Another Singapore study from VMware Carbon Black notes that CIOs are seeing clouds building on the horizon revolving around mission-critical projects such as digital transformation and the rollout of 5G networks even as they have become confident to fend off cyberattacks over 2019.
 |
| Source: VMware Carbon Black. Kellermann. |
“There is concern that these emerging threats will require bigger security teams drawn from a talent pool that is small, and subject to intense competition, as more organisations compete for limited resources. This will force companies to be creative and thorough in the way they approach cyberdefence.
“Resource efficiency will be a buzzword as businesses aim to maximise the capability of teams to detect and mitigate threats and invest intelligently in the tools that empower their teams to build on that growing confidence and maintain proactive cyberdefence.”
“Shifting left” - baking security into the product creation cycle earlier – is another solution to the problem, one that Ghai predicts will see support in 2020. "Security will adapt to enable AppSec teams to embed security into the DevOps processes. This will make the 'shift left' mentality – something discussed by the security industry for years – a reality," he said.
"It will enable pentesting and code analysis earlier in the development lifecycle, cyber-resilience to be designed into the fabric of the infrastructure which will result in reduction of the attack surface.
"However, this shift left for security will come with tension. Security teams will need to learn how to communicate with developers in a language they understand. Instead of talking about vulnerabilities, they’ll need to talk in terms of delays and unplanned work." AppSec refers to application security.
 |
| Source: ServiceNow. Convery. |
“The demand for cybersecurity will continue outstripping the supply until there is a fundamental shift in mindset. Two complementary approaches will be required to address this challenge: the adoption of automation and exploring alternative sources of talent,” observed Sean Duca, VP and Regional Chief Security Officer, Asia Pacific & Japan, Palo Alto Networks.
“In 2020, we expect to see greater evaluation of emotional quotient (EQ) rather than IQ to find curious minds with problem-solving skills, be it engineers, analysts or even communications specialists. Investments need to be made to upskill and cross-skill these overlooked sources and groom these capable individuals into the talent we need.”
 |
| Source: Tata Communications. Bajaj. |
"The coming challenges will test security providers’ abilities to offer a predictive and proactive range of solutions that will increase visibility of risks and prevent attacks and breaches within businesses. With a robust detection and prevention mechanism in place, threats and attacks can be monitored in real time and resources can then be redistributed to mitigate any arising threats,” she said.
Explore:
Read about the biometrics issue in the 2020 security challenges predictions post on TechTrade Asia.
The security vulnerabilities created by bots is mentioned in Adjust's 2020 predictions for mobile marketing.
*CISO stands for chief information security officer.
This is the Era when many of the businesses like to use Managed IT Services to grow their business rapidly. If you are in Brisbane and also looking for Managed IT Services Provider in your area then Elevate Technology is the best option for your business.
ReplyDelete