2020 Vision: Check Point’s cyber-security predictions for the coming year

Published October 24th, 2019

Hindsight is 20/20 vision, as the old saying goes:  it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future.  However, by looking at security developments over the past couple of years, it’s possible to forecast what’s likely to happen in the cyber landscape over the next 12 months.  Here are the key security and related trends that we expect to see during 2020, in two sections: first, the high-level geopolitical predictions; then the technology-related trends.

Global cyber-security predictions for 2020:

  1. A new cyber ‘cold war’ – The new cold war is intensifying, and taking place online as Western and Eastern powers increasingly separate their technologies and intelligence. The ongoing trade war between the U.S. and China and the decoupling of the two huge economies, is a clear sign. Cyber-attacks will increasingly be used as proxy conflicts between smaller countries, funded and enabled by large nations looking to consolidate and extend their spheres of influence, as seen in the recent cyber operations against Iran, following attacks on Saudi Arabia’s oil facilities.
  2. Fake news 2.0 at the U.S. 2020 elections – The U.S. election in 2016 saw the beginning of AI-based propagation of fake news. Political adversaries made huge progress creating special teams that created and spread false stories to undermine support for their opponents. In the run-up to the 2020 elections, we can expect to see these activities in full effect: it’s certain that overseas groups are already implementing plans to try and manipulate voters by illicit means.
  3. Cyber-attacks on utilities and critical infrastructures will continue to grow – Utilities continue to be a target of cyber-attacks, as seen from attacks on S. and South African utility companies this year. In many cases, critical power and water distribution infrastructure uses older technology that is vulnerable to remote exploitation because upgrading it risks service interruptions and downtime. Nations will need to look at radically strengthening cyber defenses around their critical infrastructure.
  4. High profile US brands, beware – As tensions between the U.S. and Iran continue to escalate, we will see an increase in cyber-attacks targeting high-profile American companies. These attacks will focus on disrupting Internet-facing services that these companies’ customers and employees rely on.
  5. Increased lobbying to weaken privacy regulations – As new privacy regulations are put into effect, it has become clear that most organizations, regardless of size or sector, are not prepared to deal with them effectively. Large corporations will accelerate their lobbying efforts asking governments to weaken privacy regulations, especially those covering rapid breach disclosures and the size of fines, such as the $228M fine against British Airways following its 2018 breach.

Technology cyber-security predictions for 2020:

  1. Targeted ransomware – 2019 saw ransomware exploits getting highly targeted against specific businesses, as well as local government and healthcare organizations. Attackers are spending time intelligence-gathering on their victims, to ensure they can inflict maximum disruption, and ransoms are scaled up accordingly. Attacks have become so damaging that the FBI has softened its stance on paying ransoms:  it now acknowledges that in some cases, businesses may need to evaluate options to protect their shareholders, employees and customers.
  2. Phishing attacks go beyond email – While email remains the #1 attack vector, cybercriminals are also using a variety of other attack vectors to trick their intended victims into giving up personal information, login credentials, or even sending money. Increasingly, phishing involves SMS texting attacks against mobiles, or use of messaging on social media and gaming platforms.
  3. Mobile malware attacks step up – The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware can steal payment data, credentials and funds from victims’ bank accounts, and new versions are available for widespread distribution by anyone that’s willing to pay the malware’s developers. Phishing attacks will also become more sophisticated and effective, luring mobile users to click on malicious weblinks.
  4. The rise of cyber insurance – Underwriters will sell more cyber insurance policies for businesses and government agencies such as schools, hospitals and utilities. Insurance companies will continue to guide their policy holders to pay ransoms, as this is generally cheaper than having to recover from a ransomware attack. This will in turn will lead to more attacks, and fast growth for the cyber insurance industry. However, insurance payouts are not guaranteed: the legal battle between food giant Mondelez and its insurer Zurich is still ongoing. Mondelez’s insurance claim for $100M after the 2017 NotPetya ransomware attack was refused by Zurich as it claimed the attack was “a hostile or warlike action in time of peace or war.”
  5. More IoT devices, more risks – As 5G networks roll out, the use of connected IoT devices will accelerate dramatically, and will massively increase networks’ vulnerability to large scale, multi-vector Gen V cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: it’s hard to get visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors. The new generation of security will be based on nano security agents:  micro-plugins that can work with any device or operating system in any environment, controlling all data that flows to and from the device, and giving always-on security.
  6. Data volumes skyrocket with 5G – The bandwidths that 5G enables will drive an explosion in numbers of connected devices and sensors. eHealth applications will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This ever-growing volume of personal data will need to be protected against breaches and theft.
  7. AI will accelerate security responses – Most security solutions are based on detection engines built on human made logic, but keeping this up-to-date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more ever more evasive malware.
  8. Security at the speed of DevOps – Organizations already run a majority of their workloads in the cloud, but the level of understanding about securing the cloud remains low, and security is often an afterthought with cloud deployments because traditional security measures can inhibit business agility. Security solutions need to evolve to a new paradigm of flexible, cloud-based, resilient architectures that deliver scalable security services at the speed of DevOps.
  9. Enterprises rethink their cloud approach – Increasing reliance on public cloud infrastructure increases enterprises’ exposure to the risk of outages, such as the Google Cloud outage in March 2019. This will drive organizations to look at their existing data center and cloud deployments, and consider hybrid environments comprising both private and public clouds.

We don’t yet have the benefit of hindsight to show exactly what security threats we will face in 2020.  Today’s hyper-connected world creates more opportunities for cyber criminals, and every IT environment is a potential target: on-premise networks, cloud, mobile, and IoT devices. But forewarned is forearmed:  using advanced threat intelligence to power unified security architectures, businesses of all sizes can automatically protect themselves against upcoming attacks.