And while it’s nearly impossible to predict the future — least without a Delorean retrofitted as a time machine — here are four key cyber security trends for 2020 we think every infosec professional should keep tabs on.
#1 – Router-Based Attacks Will Increase
Routers aren’t just low-hanging fruit for hackers. They’re fruit that has fallen off the tree and is lying on the floor of the jungle, waiting to be exploited. This is the findings Akamai revealed in a new report.
Whether it’s because of infrequent updates or the fact there are so many router brands — making upgrades difficult — routers represent a serious vulnerability for security professionals.
The Akamai folks specifically call out flaws in UPnP implementations that allow hackers to alter NAT rules, which can affect as many as 4.8 billion people at any given time. But whatever path the hackers take the conclusion seems clear: router-based attacks will only increase in 2020, not decrease.
#2 – The Cloud Still Won’t Be Configured Correctly
You may not know the name Paige Thompson. But you might have heard about the ex-AWS software engineer who stole the personal data of 106 million Capital One credit card applicants, including social security and bank account numbers.
A firewall misconfiguration, allegedly, gave Thompson the ability to access Capital One’s AWS folders with a GitHub file. And though many security professionals feel the “cloud” is more secure than premise data centers, there are still countless organizations who either have their cloud structure configured incorrectly, or simply have no idea how their cloud is configured in the first place.
The “cloud” is convenient. The “cloud” is powerful. It is also a gateway to the world-wide Internet. It’s important you know exactly how your folders are organized – and how accessible they are to the public – before jumping on the “cloud” bandwagon.
#3 – The CyberSecurity Skills Gap Will Grow
There’s no question the demand for qualified and knowledgeable cyber security professionals continues to rise. Unfortunately, according to a study released by the ISC, this demand doesn’t seem to be anywhere near filled by the existing workforce.
Their research shows 58% of respondents report their organizations are at extreme or moderate risk due to cyber security staff shortages. And just 28% report they have the right amount of staff dedicated to cyber security.
We predict that this will continue to be a problem for organizations across every vertical. Short of an unlimited budget — and a whole new wave of qualified staff — this will probably lead to an increase in vulnerability & visibility tools that offer a proactive, rather than reactive, response to hacking. It will also likely mean cyber security tools that require less overhead — and more automation — will be much sought after in 2020.
#4 – Phishing and SQL Injection Cases Will Rise
It’s hard to predict, precisely, what form the majority of cyber security attacks will take in 2020. But the early money seems to be, according to Beyond Security, on phishing and SQL injection.
According to their research one in every 99 emails contains a phishing attack, making ransomware threats a likely top priority for most network security professionals in 2020.
In addition, SQL injection — and the manipulation of query strings — could represent a new hammer in the hacker’s toolbox.
Though robust authentication can do much to mitigate this type of attack, the best remedy for this type of threat is to implement an ongoing internal security audit that can identify vulnerabilities, long before they are exploited.