I love a game of chess, and I realized cybersecurity is like chess; therefore, I will be drawing that inference. Chess is nothing but a game of strategy and foresight- and so is cybersecurity. Cybersecurity is like chessboards, where defenders and hackers are trying their best to checkmate each other, but hackers are winning the game for now.
The hackers are smart enough to outmaneuver enterprises by launching ransomware attacks every 14 seconds, and the time might fall to 11 seconds in 2021. It is not the speed that matters anymore, but the amount of different attacks these hackers are ready to launch. Initially, they used to target the Grandmaster companies who already have a fat pot of cash hidden virtually, but now that is not the case… you can be a Class C, D, or E player of a small to medium business—everyone is fair game for them.
The strategy here of hackers is to sneak one move at a time, a credible chess move that undebatably is one of the best strategies you can apply.
One right move from the hacker will lead to a halt of business for you, and not to mention the fines that keep on accumulating due to compliance and regulations breach. The solution: Start looking out for better cybersecurity solutions.
Before we dive deep into the cybersecurity trends of 2020, let us talk about the key challenges of it.
Key challenges for cybersecurity
1. Collaboration in cybersecurity that is widespread
Effective cybersecurity should be acutely collaborative. Collaboration enables a sharp mind to cultivate creatively hive minds to learn rapidly, enabling constant expansion of competency and capacity. Extensive collaboration means including everyone in a broader spectrum of conversation about cybersecurity. Deep collaboration means making everyone smarter and more knowledgeable about the underlying threat, also making everyone a part of knowledge repositories that are a part of the operational systems, ergo, a collaboration of education.
Talking more about cybersecurity and its fundamental role in enterprises would mean imparting and nurturing more awareness about the same. This is what this generation of cybersecurity professionals need.
More than 92% of malware is delivered through emails, and the estimated cost of damage caused by hackers is projected to reach $6 trillion by 2021. Leadership must be empowered to meet these challenges, and to enable it, technological experts and decision-makers across the public and private sector must work together.
2. Promoting a vision of integrated cybersecurity
Every leader, be it private or public sector, must commit to creating a common vision for integrated cybersecurity—something akin to NATO, which is based on defined fundamental standards. This vision must be comprehensive, agile, and inclusive, anticipating the actions of cyber criminals rather than solely reacting once the attack has been made.
NATO has trained armies, and they continuously polish their strategies based on the battlefields; similarly, the collective vision should be operational and must look best how to address the technical challenges of cybersecurity, including addressing the skill gaps that exist in the industry.
Every technical expert and enterprise must embrace cybersecurity competency on a positive note, and they must strive to make changes and upgrade their policy frequently.
3. Real-time information sharing
The digital world will keep on growing at an exponential speed. Security professionals have to keep up and address the due threats and security weaknesses before the cyber criminals strike. Speed is of fundamental importance to an effective cybersecurity strategy; cybersecurity systems/protocols must keep up with the traffic speed and volume as the speed of reaction is vital. If you take too long to respond in addressing the issue, remember the hacker, whose mindset is nothing short of a predator, will take advantage of it.
But speed requires visibility, and to act fast, the threat information must be shared in real-time. In a digital world, cybersecurity becomes global security, interconnecting everything. Not a single enterprise has the entire global cyber landscape; therefore, senior management in an organization must insist on sharing information to fit puzzles in a piece; otherwise, it is like flying blindly.
4. Promoting the cybersecurity technology platform
Cybersecurity was never initially a part of the world’s infrastructure, and this has to change. Making cybersecurity work needs power, and new products, devices, and infrastructure must have additional computing power designed. Devices that have cybersecurity capabilities must have an integrated platform that distributes the workloads over the layers of the system.
The ability to provide robust security across networks with low latency is the need and high performance of the hour, and enterprises are seeking 5G deployment for such a centralized approach that is tenable.
Obviously, an integrated and optimized platform will not emerge entirely, but it won’t essentially appear as absolutely useless. Organizations like the World Economic Forum’s Centre for Cybersecurity should continue imparting knowledge and educating product designers on how to build an integrated cybersecurity ecosystem in their products. We also need more widely accepted compliance standards and protocols that encourage discussion on cybersecurity.
As we step into 2020, these are a few trends to look out for,
From the rise of investors’ focus on cybersecurity issues to diverse cyber insurance options, there are a few critical trends that need attention of professionals, and you should be ready to address or combat them in 2020.
Attacks will focus more on blunt-force attacks
If you think zero-day vulnerabilities will garner the most attention, then think again. The zero-day vulnerability attacks have been so highly publicized that hackers won’t bother going that route again. Instead, they will hone on simpler strategies, like gain access to a network via third-party or unpatched systems.
The trend is already starting to get in place. APT33 almost uses exclusive brute-force passwords that sprays when critical infrastructure is attacked. These methods have witnessed success with breached companies facing Shamoon and ShapeShifter, two of APT33’s go-to deployments. And the number of BEC (Business Email Compromise) attacks have soared pretty high in the past, and Nikkei lost $29 million to this ploy.
To counter such trends, cybersecurity plans will need to go back to basics and focus on building a strong foundation, which includes constant monitoring for new threats, continuous evaluation of security posture for third-party.
Investors might add cyber risks in their analyses
When it comes to financial investments, be assured that cybersecurity will play a significant role in 2020 than ever before. For example, Equifax became the first company that received a credit downgrade due to data breach that made investors hesitant to invest in companies without understanding cyber risks.
Savvy investors are holding off without investigating whether the company has reasonable security or not. They are beginning to analyze a link between companies that have robust cybersecurity in place and strong stock performance. Though still in the inception, investors will soon incorporate cyber securities in their ESG analysis.
So now having strong security in place will no longer be just protection against breaches, but is also an opportunity to showcase your worth to the C-suite and pull in investors whether they are looking to invest in stocks or your business.
Cyber insurance- the bigger plan
From BEC to ransomware, the cost of responding to such attacks/breaches is increasing relentlessly. Therefore, 2020 can be the tipping toe for cyber insurance. Many enterprises are learning it the hard way, especially the smaller ones, as they do not have the resources to mitigate the attacks.
Though having cyber insurance does not mean that they will pay the amount lost on a phishing attack or a BEC, but they will help with the legal financing and investigations fee. As more and more enterprises will be moving toward cyber insurance, the insurance industry will have to educate themselves on the nuances in cyberattacks and have to start offering additional cyber coverage plans, the ones that cover consequential losses outside of the cyber realm.
Enterprises need to step into 2020 fully equipped for how cyberattacks could impact the physical world. To do this, they need to reevaluate their existing cyber insurance plan or start shopping for one first.
AI and amp; ML can be Hacked too, but can Help in Defense- Let that seep in!
AI is the new arms race- but can get involved. And also, this arms race is available to all, not just the government. Just like the arms race can be used to cripple the enemy state’s civil and defense infrastructure during the war, criminals and terrorists can also deploy it.
Likewise, today’s criminals are hackers, crackers, data thieves, and phishers, whose job is to cause harm in an organization. The experts in cybersecurity must tackle these threats before they cause damage. Similarly, AI can be trained to spot signals when there are signs of attempted attacks, it can also disguise and learn to adapt the same behavior and trick its way past our defense.
These parallel offense and defense themes will become more prevalent as AI becomes more and more complex, more available, and simpler to deploy. Hence, email spams can be used to trick us into revealing our credit card details, and such attacks will be designed to disable critical infrastructure. On the contrary, deep machine learning algorithms and automation systems are also being developed better to help us combat such sophisticated attacks.
Data theft and vehicle hacking
Vehicles nowadays is moving data factories, and I am not even talking about self-driven cars. Modern automobiles are fitted with GPS and an array of motion sensors, in-car communication, and entertainment platforms that make them a profitable target for hackers.
Such cybercriminals have also learned to piggy pick connected home devices like home appliances and smart devices, thanks to the obscene lack of security standards among the manufacturers and service providers. Likewise, automobiles are likely to become the backdoor hacking choice of such data thieves, thanks to the insane amount of data collected over our day-to-day lives. Attackers will have a ball game as they will have an option to either hack the email accounts associated and hack personal information, or hack the cloud where these data are sent and stored for analysis. The reason: these data can be harvested on a large scale and is extremely lucrative in the black market.
There could be more malicious attacks where the hacker with a way sinister criminal intent can hack into the system and play with the safety features of the automobile. The idea of hijacking autonomous cars may seem far-fetched right now but will not be in toward the end of 2020. During this year, it is already spurring a line of debate on the security features of such autonomous and self-driven vehicles.
The way forward
The new year will bring an array of security challenges, some that have been anticipated, and some that are not. But trying to act on them will mitigate their ramifications.
To begin with, enterprises must make sure that their stakeholders and CFOs understand the growing financial impact of cybersecurity. As the prices of security tools fall, the decision-makers might be tempted to lower the budget without thinking or understanding how bad a cyberattack might not only affect your day-to-day operations but put a temporary halt in your business.
Additionally, a stronger cybersecurity foundation needs to be the importance of this year as we see hackers do rely on their tried-and-tested methods rather than chasing the zero-vulnerability. Therefore, healthy security hygiene is the key to protecting businesses.