Happening Now: Trends 2020

In a previous post, we downplayed some cybersecurity predictions for 2020. We found some of them as imprecise, not plausible, or not even being a trend (instead, prevalent decades ago). In this post, we bring to the table other predictions with better support and evidence for 2020.

There seems to be consensus in four predictions for the current year. The growth of artificial intelligence (AI) and machine learning (ML) in cybersecurity is evident. Ransomware is predicted to keep causing harm worldwide, and their impact is scary. The scarce talent in cybersecurity hasn’t gone down in the previous years. And finally, Cloud security disruptions are expected to grow.

Many of the publications we consulted listed this trend. The discourses have little variation: both organizations and criminals, or stated differently, defense and attack sides on cybersecurity are using automated algorithms to improve their performance. In general, we can identify the following advantages by using ML and AI: for defenses, higher effectiveness (mostly detection), lower impact of human error, and acceleration of deployment. For the dark side, the benefits are also sizable —for instance, better and automated phishing attacks, as well as more sophisticated denial of service attacks. Moreover, ML and AI algorithms could be used to spread fake news and deep fakes. Not only that, but those algorithms could create appealing malicious offers, which, combined with malware, could harm significantly. Remember Cambridge Analytica?¹

From another perspective, in 2017, CB Insights published a brief report listing more than 80 cybersecurity companies worldwide using AI. All of this shows apparent growth, and hence, it is indeed a trend.

At Fluid Attacks, we are working on some initiatives using ML/AI algorithms. See, for example, the post Understanding Program Semantics written by Rafael Ballestas, explaining how code audit can be triaged.

Experts see a change from few high-impact targets to many smaller impact targets. "With smaller attacks, it’s easier for the criminals to remain anonymous, laundering money is simpler, and they will have fewer people to share the overall profit with," says Jaxenter. IBM Security noted something in the same lines about this shift.

In the United States, government and public institutions are increasingly the targets of ransomware. CIO Dive published an article that shows the likely cause: these institutions invest significantly less in cybersecurity compared to the average company (3% vs. 10% of their budget). Almost a thousand institutions were victims of ransomware in 2019, according to Emisoft.

Ransomware is particularly scary: no doubt why different sources describe this trend as reaching "crisis level" or "terrifying." For a more comprehensive detail of these statistics, we suggest the excellent compilation Security Boulevard wrote recently.

"The level of understanding about security in the cloud remains low; in fact, it is often an afterthought in cloud deployments," says the World Economic Forum.

It seems that organizations will change their beliefs about cloud security very soon. In line with the ransomware trend, cloud providers have been impacted recently. CyrusOne suffered an incident a few months ago, affecting the availability of several customers. Armor reported that around thirteen managed-services providers were struck by ransomware last year. A ransomware attack vector related to cloud providers is the remote monitoring and management software they use. Emisoft brings one example of this: more than 400 companies were disrupted by one ransomware incident of their cloud provider.

As organizations and people demand more cloud services, attackers naturally shift there too. There is some evidence that the biggest cloud service providers in the world have been breached. According to Proofpoint, Office 365 and G Suite users have been hacked by using legacy protocols (e.g., IMAP). Even two-factor authentication schemes are subject to be bypassed.

In 2014, the estimate of unfilled cybersecurity jobs was 1 million. A view from Cybersecurity Ventures suggests the number will reach 3.5 million during 2020. Other publications like Harvard Business Review and Knowledge @ Wharton have also referred to this issue. Some have blamed academia for this shortage of skilled talent. However, it is not that simple. In a previous post in which we interviewed a DevOps engineer, it was discussed that academia, in cybersecurity, is not capable of keeping up with the pace of the industry.

Some people think innovation in automated tools might be the key to compensate for this shortage. "With as many as two in three organizations worldwide reporting a shortage of IT security staff, automated security tools such as online vulnerability management solutions are fast becoming essential to maintaining a good security posture,” says Netsparker. Others are not that sure about it, as there needs to be a skilled talent to operate and fully leverage these solutions. Besides, in our view, vulnerability management should include ethical hackers' manual techniques for identifying, classifying and prioritizing the security issues in information systems.

In our exercise reviewing trends for the ongoing year, we found other predictions worth mentioning. However, we don’t think they will be too relevant, yet. Some sources see mobile 5G technologies as a big door for more vulnerabilities and incidents. Other sources predict multi-factor authentication schemes will replace two-factor authentication. Moreover, some predict that there will be lots of vehicle hacks and the rise of IoT breaches too. To conclude, some even predict that in 2020 countries will be destabilized by national elections hacking (this implies the use of digital voting systems. Will we see that happening?).

What do you think about all of these trends? We hope you have enjoyed this post, and we look forward to hearing from you. Do get in touch with us!

In line with these posts about trends, we predict continuous hacking will grow in 2020 as it delivers more value to organizations and enables them to implement DevSecOps. We have evidence that customers continuously testing the robustness of their software and IT infrastructure do find more weaknesses and achieve a higher rate of fixes. To know more about this, check our "State of Attacks" 2020 Report. Click here to read it.