Cyber attacks in 2020 are likely to be both more sophisticated and more frequent. As such, risk managers must be prepared - here are the top trends expected over the coming y

Bridewell consulting, an independent cyber security and data privacy consultancy, has issued some stark forewarnings for businesses as it sets out its top five predictions for developments set to impact cyber security in 2020.

The predictions have been identified based on the industry changes that the Bridewell team witnessed in 2019.

cyber

1) More and bigger attacks – An increase in cyber attacks will certainly happen in 2020.

The continued integration of applications and systems (often spanning multiple organisations, but with little end-to-end oversight) will lead to bigger, wider reaching attacks.

Future cyber attacks will have the power to affect an entire business, especially those that are ‘born in the cloud’, whereas until recently, such attempts would likely be limited to taking down a firm’s website or one specific element of the business.

2) The cloud compromise – With the sharp increase in moving workloads to the public cloud, it is likely there will be more opportunity for hackers to use new technology to compromise a business.

The convenience and ease of access of cloud increases the risk, for example the single-sign-on functionality for many applications.

As a result, it’s likely we will see organisations fail to implement software security features sufficiently, thereby enabling hackers to gain access to accounts and the rest of the corporate network through lax folder permissions or phishing attacks.

3) Start of the AI arms race – In 2020 and beyond, artificial intelligence (AI) will be used a lot more in cyber security solutions to stop threats and mitigate risk.

Activities that used to be laborious manual tasks by human analysts will become automated. In the same vein, cyber criminals will also use AI and machine learning to develop malware with self-evolving code that will learn and try another approach if blocked from an organisation’s network.

This will mark the beginning of a shift to an AI “arms race” between attackers and defenders of systems, with organisations that are slow, or lack the skills to effectively implement new AI-based controls, becoming increasingly vulnerable.

4) Attacks from inside social media – Social media is already a well-established avenue for social engineering, but moving into 2020 we will see more phishing attacks coming from social media posts themselves; cyber criminals setting up fake accounts (known as Sockpuppets), befriending individuals and interacting with them to foster trust.

The end game could be getting them to divulge personal or company information or stealing their logon details.

New technological developments, such as convincing AI-generated faces and “Deepfakes” make the identification of Sockpuppets considerably more challenging.

We can also expect to see developments in the use of AI/automation to identify the type of Sockpuppet a given user will be most receptive to, in order to make these more tailored to their target and therefore more likely to be accepted.

5) Weaponising IoT and 5G – As the cost comes down and the adoption of 5G grows, so too will the number of connected devices, opening the doors to bigger attacks by cyber criminals.

Many organisations still fail to adequately segregate insecure Internet of Things (IoT) and 5G-enabled devices from the rest of their network, making these a popular “stepping stone” allowing attackers to reach higher value targets.

Cyber attackers will be rubbing their hands at the growing opportunity to compromise systems and networks, as more and more devices become connected to the internet.

“As we move into a new decade it is more important than ever that businesses keep abreast of the latest cyber security developments. There’s no room for complacency; organisations need a layered cyber security strategy to mitigate risk and stay ahead of attackers,” says Anthony Young, Director at Bridewell Consulting.

Topics