In this post, we talked about 9 cyber security predictions and protections for 2020/2021 including Tech protection, and intelligence report. As online users, our hopes (and fears) for the info-security world for this year and the coming year. Meanwhile, check out the Microsoft Cyber Security & Trending Threat Landscape as seen in our last article.
2020/2021 cyber security predictions, Protection, intelligence report
As we all know, making unforeseen predictions are very difficult, but even more so in the muddled world of cyber security. As a matter of, the threat landscape is massive. Currently, offensive and defensive technologies are developing every day and speedily, and private to public and nation-state attacks are increasing in sophistication and in terms of scope.
In the first place, this cyber “fog of war” makes it difficult for us to see or assess all the trends. Take for instance, last year there were predictions for 2019 which did not anticipate the rapid rise of crypto-mining. By a clear observation, this moderately was easy to implement, reducing risk way for cyber thieves to monetize their energies should have been a clear choice.
[Meanwhile, it is important that you keep up with eight hot cyber security trends. You can also decide to give your career an enhancement with top security certifications. You can also find out who the services suite well, the amount they cost, and which one you need. | Simply Sign up for Hybrid Cloud Tech newsletters.]
Back to the topic at hand: The last year’s predictions got a few things right. As can be seen, there were more automation of threat-detection processes. There was also a substantial rise in attacks using compromised IoT devices, and the failure to trust any system in the face of rising cybercrime, to mention but a few.
In 2020, as a way of boosting and updating our archives, we asked Hybrid Cloud Tech staff and contributors to make a research and find out the major events or trends that is expected for the next one year. From there research, they made the following finding which we have categorized in to top 9 cyber security predictions, Protection and intelligence report.
1. Ransomware flames off, but still causes chaos
First and foremost, Ransomware will flame off as cybercriminals change to other ways to generate revenue from their wrong deeds. As they prepare to that, “ransomware will still be a problem to us, since research shows that it will be more of a focused, targeted attack”. We will quote the decreasing number of ransomware attacks as we proceed. However, according to Kaspersky Antivirus Company, the total figure of users who encountered ransomware in the year 2017 and 2018 fell by nearly thirty percent over the 2016 to 2017 time period.
By the same token ‘the randoms went down, and the targeted ones became newsflash in the US”. Symantec Antivirus Company says the ransomware group responsible for SamSam is now concentrating mainly on a relatively few U.S.A companies; mostly metropolitan and healthcare organizations.
Furthermore, the motive for the failure is that cybercriminals are discovering crypto-jacking and other negative schemes as more effective money-makers. From the increasing amount and superiority of ready-made crypto-mining tools means that cybercriminals don’t need to be technically skilled to attack. This alone has reflected in about 44.5% rise in number of users that have fallen prey to a cryptomining attack in the past year, says Kaspersky team. There are concealed cypto-coin-miners that have continued to thrive in 2019, meanwhile malware code writers are taking advantage of them to interrupt business around the globe. All things considered, it is noted that Crypto-mining will continue to be a danger to cyptocurrency as long as these attackers can make fast money from the infections they send to users.”
2. New Regulation and public sentiment on privacy will drive data protection policies
In the previous year, there was a prediction that the European Union (EU) would rapidly penalize a few companies in violation of its General Data Protection Regulation (GDPR) to make an example of them. However, to our surprise, that didn’t happen as expected. As a matter of fact, the threat of consequences over compromised personal information will definitely have a massive effect on security operations in 2019, 2020 and 2021 nevertheless.
Conversely, those consequences are likely coming sooner than later. It is expected that the EU will break some toes with the GDPR. It is believed that prosecution is going to be harsh at the beginning of the first half of 2020. For example, big Companies involved in investigation capitalism, like Google.com and Facebook.com, are definitely in for a tough years ahead.” Several hundreds of complaints have been filed by individual and cooperate organisations, against Google and Facebook among others.
According to predictions for 2020, we may see how the European Union will react to those complaints. Additionally, that will offer some required transparency regarding the risk that GDPR and other privacy regulations present to online users. Comparatively, wrong messages to people and organisations not to take the regulation seriously if the GDPR doesn’t react.
There have been growing worry over how companies use and protect personal information will encourage many US citizens to hold those companies more responsible. Currently, there have be reaction by online users to constant security gaps and other wrong information disclosures (Facebook for example) hints U.S.A consumers to request more default privacy and control over their personal information.
Privacy Laws (CCPA and CDPA) on Cyber security
We certainly expects to see an effort to pass privacy laws similar to GDPR nationally this year. Though, the California Consumer Privacy Act (CCPA) has previously passed into law and begins effect from 2020. Remember that on November 1 2018, Senator Wyden Ron announced a bill titled the Consumer Data Protection Act (CDPA), which has rigid penalties, including jail time, for privacy violations of consumers.
From the look of the federal government’s current state of efficacy, the CDPA bill is unlikely to gain much power. In the time being, all firms that handle consumer data in the United States will look to other guidelines such as the GDPR and CCPA for direction. Correspondingly, California and New York for example will continue to motive the conversation around consumer data privacy, while Washington moves sluggishly.
With the GDPR and CCPA bills, Companies will surely start thinking about a privacy-first approach to data, particularly as these laws expand to more authorities. They will also narrow targeted verticals, such as banking sector, medical diagnosis and online payments. Nonetheless, that will involve some key changes in how companies collect, use, and share data of customers.
3. Anticipate more nation-state attacks on and surveillance of persons
Do you know that the state-conducted or funded targeted cyber-attacks on news journalists, protestors and statesmen will continue to increase? We all know that like-minded administrations will turn deaf ear to such attacks on their own land.
Moreover, the worst possible outcome of a country putting surveillance its own citizens played out in the case of one Saudi Arabia journalist named “Jamal Khashoggi”. According to online sources, one Israeli newspaper named “The Haaretz” reported that the Saudi government used Israeli cyber-weapons to trail Khashoggi while he went to Canada.
A simple research online will show you that the Israeli government seems to be a foremost exporter of technology that other governments can use to spy on its own Israeli citizens. There is also another story reports that various countries are using Israeli software to target homosexuals and insurgents.
4. Microsoft shall carry Advanced Threat Protection (ATP) to all its mainstream products
Did you know that Windows 10 Advanced Threat Protection (ATP) is a service that permits someone with an E5 license to see the backdoor and review what an attacker did to a system? Still, it relies on telemetry that is enabled when the laptop or desktop computer is connected to the ATP service.
We areglad that the software giant (Microsoft) will move to secure its continuing efforts to build a security-focused brand image by making ATP standard with all Windows versions (both old and new). Some Windows expert says that this will be a major selling point in selecting Windows products over IBM’s Red Hat in years to come.
5. It will decide that voter fraud occurred in the previous elections
If this is confirmed, voter fraud will spur calls to better protect and enroll people in online voter procedures. However, the struggle between those who want to protect the integrity of the process and those who want to make voting as accessible as possible will remain.
The U.S. government have a need to ensure that everyone can register and vote for their candidates online, but they certainly will need to take key measures to make sure citizens can do so safely and appropriately.
6. Multi-factor authentication will become the standard for all online transactions
Though far from a perfect solution, most websites and online services will abandon password-only access and offer additional required or optional authentication methods. For a while, the different forms of multi-factor authentication will likely confuse and frustrate users.
“Only using a password to authenticate is increasingly leaving us open to phishing and other attacks,” says Bradley. “But the fact that all the vendors are implementing different systems to authenticate means I’m being driven slightly crazy with all of the two-factor authentications I’m having to manage. It won’t be better until a more standardized process is settled on.”
Those standards, at least on the vendor side, are on the way. “With FIDO2 browser enhancements and the Duo/Cisco acquisition, it could tip the scales. Expect to see more innovation here in the coming year that makes it easier and more compelling to use MFA than not to,” says Strom.
7. Spear phishing becomes even more targeted without cyber security
Cyber attackers know that the more data and information they have about you or your organisation, the better they can craft a successful phishing campaign against you/your Company. To make matter worse, most of them are using tactics that are a bit weird. As a matter of fact, one of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, waits and learns every details of the person. After that, they then use the information they have gathered, as well as taking advantage of the relationships and trust built between people or organisations who regularly communicate with each other via mail.
Example of Spear Phishing Attacks
Yes, it is true. Again, one area where we sees this happening more is mortgage transfer fraud, where property buyers are deceived into transferring closing deal fees to a rogue party by an email arriving from a trusted mortgage agent. Meanwhile, these hackers will have patience and break into the mortgage lenders (or title agents) computer network and takes note of all the upcoming pending deals and their payment dates. They usually strike on the day before the mortgage agent would normally send out an email telling the client where to send the payment fund. The phisher uses the mortgage agent’s computer to overtake them in the deal by sending the mail first and redirect the correct mail. In the meantime, the unsuspecting client transfers the closing fund, (which most times is not recovered) and ends up losing the house. Except if they can come up with another substantial final payment, which most clients can’t do at all.
8. Countries are making efforts to launch Cyber Security Warfare rules
Warefare is important in a nation, even in physical warfare. Most countries have agreed upon an elementary set of rules, such as no poison gasses, torture, or no slaughtering of citizens. These set of rules help set restrictions that could align much of the world against people that cross them.
Currently, there are no such rules that exist for cyberwarfare, and most countries seem to believe that they can do practically anything with near impunity.
Examples – The following are citations:
- North Korea hacks Sony Pictures
- Russia hacks industrial critical control systems and tries to influence the elections of other nations.
- China steals intellectual property.
- And the U.S. and Israel use malware to destroy nuclear equipment
By the same token, “Digital boundaries are being tested, and some countries and their states are starting to push back. We are expecting that there should be a Geneva Convention for digital warfare coming soon for us to attend.”
Nonetheless, with regulations or not, some countries will continue to push boundaries when it comes to cyber warfare. For now, Cyber attackers will continue to have a safe harbor in Russia, China and North Korea. For the time being, they will have more resources at their disposal than ever. These resources are either from their government backers or from the financial dividends of this year’s ransomware and cryptojacking attacks. In the light of this, they will use these means to find new attack vectors and to improve the flexibility and adaptability of their malware codes. From the look of things, the condition will continue to get worse until something very vital changes in international geopolitics, which won’t be until the next United States presidential administration.”
9. More organizations Need Masters Degrees in Cyber security for CSOs/CISOs
It is predicted that Cyber security training will continue to advance, and certifications alone will no longer be enough to take the next step in a cyber security professional’s career. “The mass system of security certifications to individuals has failed to provide the right kind of education and training the system needs. In summary, Masters’ degrees in cyber security are flowing all over the place, including some prominent universities like UC Berkeley and NYU, and more. Finally, more companies will be looking to employ CSOs/CISOs with the cross-disciplinary skills acquired from a Masters’ degree certificate.