2020 stands to be a big year for cyber security. Current technology trends and the political landscape are contributing to a particularly volatile and concerning environment for governments, businesses, ad individuals alike. Risk and uncertainty are high, and preparedness is low, which could mean many entities are left exposed to malicious cyber-threats. Maxwell Bond have explored what the cyber-security landscape looks like in 2020 to highlight the importance of strategic planning, ahead of their event Cyber Security in 2020 which will explore how businesses can mitigate and manage risk in the current and future cyber threat landscape.
1. Militarising Cyber Space
Political tension is running high as Western and Eastern powers increasingly separate their technologies and intelligence. Additionally, the ongoing feud between the US and China, and now the US and Iran, is putting many cyber security experts on edge. Iran are already a top cyber adversary, responsible for the deployment of Shamoon which destroyed Saudi Aramco oil refineries systems within days in 2012. Experts suggest that a cyber attack on the US could severely impact water, transportation, and energy systems, as well as making large amounts of sensitive, national security information vulnerable.
Cyber-attacks and threats are likely to play an increasingly pivotal part in international conflict, and the damage which an attack could cause at this level is monumental. Therefore, national security has never been more important, and we expect to see a higher threat level and a more risk adverse response and approach to security.
2. AI Becomes More Intertwined in Cyber Security
Artificial Intelligence will continue to grow, expand, and evolve throughout 2020 and beyond, which comes with both benefits and complications for cyber security. In the 2016 US elections we saw the beginning of AI-based propagation of fake news, which politicians used to slander and score points against their opponents. In 2020, with some major elections on the cards worldwide, it is likely that these activities will be repeated.
AI is self-learning and constantly improving meaning that it changes with the times in order to operate efficiently and successfully. This is a great attribute for a cyber-security system, as it means that systems can quickly and automatically adapt and develop ahead of the threats. AI therefore provides a faster method of effective threat detection and problem solving, as well as introducing better security methods, including biometrics and multifactor authentication. AI constantly learns new information by automatically scanning the web for knowledge and data, which means, unlike most humans, it can stay ahead of the next threat.
However, this also means that the biggest issue with AI is that this self-learning technology is also available to cyber-criminals, who can use it to test malware and other forms of cyber-threats. This flipside to AI levels the playing field, meaning that a human employee to manage and maintain AI software is still fundamental.
3. Machine Learning: Optimising and Preventing Attacks
As mentioned above, machine learning will increase the complexity and sophistication of cyber-attacks, because it means that software constantly learns by absorbing new information and data. As it becomes more intelligent, it can adapt and change in order to operate more efficiently and effectively. This technology in the hands of cyber-criminals could be disastrous as it gives them the ability to execute more sophisticated, cutting edge cyber attacks that has an exponential ability to cause severe harm.
On the other hand, cyber security systems that are supported by machine learning, will have the ability to analyse patterns and learn from them to help prevent similar attacks from occurring in the future. Machine learning helps cybersecurity teams be more pro-active in preventing threats and responding to active attacks in real time, as systems can learn from and adapt to changing behaviour. Therefore, like most technology, machine learning has both pros and cons in the cyber-security threat landscape.
4. 5G and IoT will Increase Connectivity and Risk
Connectivity is growing. A great movement for individuals and businesses alike. But it comes with an increased security risk, especially as our methods of communication become increasingly weaponised. Interconnected devices with weak mobile and IoT links, means an increasing vulnerability to large scale, multi-vector 5th generation cyber-attacks. The ever-growing volume of personal data we store on mobile devices will need securing against breaches and theft.
The IoT functions without human interaction. Instead, sensors collect, communicate, analyse, and act on information, offering new ways for businesses to create and add value for their clients and consumers from adding new revenue streams or improving UX. This however, also creates new opportunities for all that information to be compromised. More data is being shared through the IoT, especially more sensitive data, among many more participants meaning that the risks are exponentially greater. In the first half of 2019 we saw a 50% increase in mobile banking malware compared with 2018 which means that with a single, innocent button click we could accidentally transfer all of our payment data, credentials and money to cyber-attackers who can then sell on data and steal any funds. Cyber-criminals leverage the most popular platforms to execute attacks, such as SMS, Social Media Posts, and Gaming Platforms which is why cyber-security is important to both individuals and businesses.
5. Cloud Security becomes Critical
Companies continue to migrate to the cloud, but often without a full understanding of the security implications of its use. In order to truly protect cloud-based data, businesses must implement flexible, cloud-based architectures that deliver scalable protection at speed, which aims to prevent cyber-attacks rather than just detect them. Cloud vendors like Amazon, Google, and Microsoft are already investing an increasing amount of resources into their products security. This is valuable for SME’s who might not have adequate resources, as they can rely on these products providing some of IT’s most robust security. Without cloud security, sensitive and personal data could be left vulnerable. Effectively as cloud computing becomes the norm in business, so should cloud security.
6. Skill Gap Continues to Grow
Demand for cyber-security skills will continue to grow at a faster rate than supply resulting in a problematic skill-gap for many companies. This means that approximately half of companies feel that they wouldn’t be prepared for a cyber-attack, an extremely problematic scenario considering predictions that the rate and severity of cyber-threats will continue to increase. This skills gap is likely the result of a combination of underfunded education in this area and poor recruitment processes.
A limited talent pool and counter-productive recruitment processes of under-skilled candidates into overgeneralised roles, is severely hindering businesses as they try and secure themselves against cyber-threats. Whilst the talent pool is unlikely to grow at the required pace, companies should be looking at robust training strategies to upskill their current staff and should review their recruitment processes or outsource to an expert cyber recruitment consultancy, like Maxwell Bond. Hiring the right people is the foundation to implementing and maintaining effective cyber-security technology, protocols, and strategies.
With the outlook on cyber looking more daunting than positive, now’s the time to strategise and plan for the year ahead, so you can champion cyber this year. If you’re unsure about any aspect, register for our event ‘Cyber Security in 2020’ where we have invited key industry experts to speak on the most prominent issues in the sector today. Paul Vlissidis (NCC Group and Channel 4’s Hunted) will be exploring ‘Managing Cyber Risk in a Fake World’, evolving AI and its impact on the threat landscape and how businesses should respond. N Brown Group’s Mike Koss will be sharing his story of how he built up his own Infosec division from scratch in a challenging environment, and how you can do the same. Plus hear from a mystery keynote speaker from the public sector on the changing cyber landscape in Greater Manchester.