4 Cyber Security Trends for 2020 to Keep an Eye On
And while it’s nearly impossible to predict the future — least without a Delorean retrofitted as a time machine — here are four key cyber security trends for 2020 we think every infosec professional should keep tabs on.
#1 – Router-Based Attacks Will Increase
Routers aren’t just low-hanging fruit for hackers. They’re fruit that has fallen off the tree and is lying on the floor of the jungle, waiting to be exploited. This is the findings Akamai revealed in a new report.
Whether it’s because of infrequent updates or the fact there are so many router brands — making upgrades difficult — routers represent a serious vulnerability for security professionals.
The Akamai folks specifically call out flaws in UPnP implementations that allow hackers to alter NAT rules, which can affect as many as 4.8 billion people at any given time. But whatever path the hackers take the conclusion seems clear: router-based attacks will only increase in 2020, not decrease.
#2 – The Cloud Still Won’t Be Configured Correctly
You may not know the name Paige Thompson. But you might have heard about the ex-AWS software engineer who stole the personal data of 106 million Capital One credit card applicants, including social security and bank account numbers.
A firewall misconfiguration, allegedly, gave Thompson the ability to access Capital One’s AWS folders with a GitHub file. And though many security professionals feel the “cloud” is more secure than premise data centers, there are still countless organizations who either have their cloud structure configured incorrectly, or simply have no idea how their cloud is configured in the first place.
The “cloud” is convenient. The “cloud” is powerful. It is also a gateway to the world-wide Internet. It’s important you know exactly how your folders are organized – and how accessible they are to the public – before jumping on the “cloud” bandwagon.
#3 – The CyberSecurity Skills Gap Will Grow
There’s no question the demand for qualified and knowledgeable cyber security professionals continues to rise. Unfortunately, according to a study released by the ISC, this demand doesn’t seem to be anywhere near filled by the existing workforce.
Their research shows 58% of respondents report their organizations are at extreme or moderate risk due to cyber security staff shortages. And just 28% report they have the right amount of staff dedicated to cyber security.
We predict that this will continue to be a problem for organizations across every vertical. Short of an unlimited budget — and a whole new wave of qualified staff — this will probably lead to an increase in vulnerability & visibility tools that offer a proactive, rather than reactive, response to hacking. It will also likely mean cyber security tools that require less overhead — and more automation — will be much sought after in 2020.
#4 – Phishing and SQL Injection Cases Will Rise
It’s hard to predict, precisely, what form the majority of cyber security attacks will take in 2020. But the early money seems to be, according to Beyond Security, on phishing and SQL injection.
According to their research one in every 99 emails contains a phishing attack, making ransomware threats a likely top priority for most network security professionals in 2020.
In addition, SQL injection — and the manipulation of query strings — could represent a new hammer in the hacker’s toolbox.
Though robust authentication can do much to mitigate this type of attack, the best remedy for this type of threat is to implement an ongoing internal security audit that can identify vulnerabilities, long before they are exploited.
If you’re involved in IT, you’ve probably heard of HOPs. But you might have asked yourself: What does HOP count mean? And why should you care?
Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise?...
Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals...
Chinese Army purportedly inserted chips to provide hackers a connection into the back-end infrastructure where they can steal information and credentials.
HOPZERO & Incubator CTX performed a survey of the enterprise security industry. Most participants opted to donate to Water to Thrive than take a gift card.
Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.