Josh Lemos, vice-president of research and intelligence at BlackBerry Cylance, has put forward some predictions on cyber security trends for 2020 that will impact Governments and companies across a variety of industry sectors.
(1) Uncommon attack techniques will emerge in common software
Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent research at BlackBerry found malicious payloads residing in WAV audio files, which have been used for decades and categorised as benign.
Businesses will begin to recalibrate how legacy software is defined and treated and effectively invest in operational security around them. Companies will look for ways in which to secure less commonly weaponised file formats, like JPEG, PNG and GIF, etc without hindering users as they navigate the modern computing platforms.
(2) Changing network topologies challenge traditional assumptions and require new security models
Network-based threats that can compromise the availability and integrity of 5G networks will push Governments and enterprises alike to adopt cyber security strategies as they implement the 5G spectrum. As cities, towns and Government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as the expansion of bandwidth that 5G requires inevitably creates a larger attack surface.
Governments and enterprises will need to retool their network, device and application security. We will see many lean towards a zero-trust approach for identity and authorisation on a 5G network.
Threat detection and threat intelligence will need to be driven by Artificial Intelligence and machine learning to keep up.
(3) 2020 will see more cyber-physical convergence
As all sectors increasingly rely on smart technology to operate and function, the gap between the cyber and the physical will officially converge. This is evident given the recent software bug in an Ohio power plant that affected hospitals, police departments, subway systems and more in both the US and Canada.
Attacks on Internet of Things (IoT) devices will have a domino effect and leaders will be challenged to think of unified cyber-physical security in a hybrid threat landscape.
Cyber security will begin to be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it.
(4) State and state-sponsored cyber groups alike are the new proxy for international relations
Cyber espionage has been going on since the introduction of the Internet, with Russia, China, Iran and North Korea seen as major players. In 2020, we will see a new set of countries using the same tactics, techniques and procedures as these superpowers operate against rivals both inside and outside of national borders.
Mobile cyber espionage will also become a more common threat vector as mobile users are a significant attack vector for organisations that allow employees to use personal devices on company networks.
We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware. Recent research discovered nation state-based mobile cyber espionage activity across ‘The Big 4’, as well as in Vietnam. There’s likely to be more attacks coming in the future. This will create more complexity for Governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at a larger scale.