(i.e., Cybercriminals read the same articles as cybersecurity experts)
Oh how we love to predict the future. Who will win the next Super Bowl, Presidential Election, or Best in Show Pooch-a-thon following the Macy’s Day Parade? I’m frequently asked as a cybersecurity expert to peer into my somewhat cloudy crystal ball and give opinions on what cybersecurity trends the criminals have in store for us. It’s so common at this time of year that I’m thinking of setting up a Fantasy Hacker League to take advantage of our love of betting on things that haven’t yet happened.
Ironically, cybercriminals read the same predictive articles that we do, but they take notes. And then, innovative as they are, run in the complete opposite direction. Here’s a peek into the cheeto-soaked (that’s a false stereotype by the way – these criminals have PHDs) and highly brilliant minds of organized cybercriminals: “If a CEO is reading this same predictive article on how bad Ransomware is going to be in 2020, and that advice serves as the basis for her decision to over-fund anti-ransomware countermeasures, I, smart hacker that I am, will trade my pick on Ransomware in 2020 and browse the “Insider Theft” section of the cybercrime-gamblers catalog.”
Unlike football (or dog shows), where the outcome is not influenced by predictions, cyberthreats often become trends because no one has predicted them yet. And by the time they do, the smart criminals have moved onto something new.
But this isn’t always true, and we still do need to prepare for what is coming, which is why, in the spirit of the season, I can predict with almost perfect accuracy, the Top Cybersecurity Trends for 2020 that will affect the average organization.
Top Cybersecurity Trends 2020 – The average organization will CONTINUE to…
- Treat cyber risk as an overwhelming tech puzzle rather than a solvable business issue
- Fail to budget appropriate funds to train the humans that misuse the technology
- Give hackers easy access to the crown jewels by allowing pet names as passwords (see graphic)
- Shut down for weeks or pay the ransom due to system backups that “just won’t restore”
- Spend inordinate amounts of cash to protect “all the data” instead of “the right data”
- Lose more data to incompetence, human error and malicious insiders than to hackers
- Live in a Fantasy League where “something like this” can’t happen to “someone like them”
Why can I predict these and other trends so accurately? Because they have been trending for the past ten years and show no signs of stopping. The good news is that everything in this list is eminently solvable if you dedicate the appropriate time, budget and leadership focus. While you are taking action on the above items, don’t forget to consider the Top 2020 Cybersecurity Trends, Part II.
Top Cybersecurity Trends 2020 (What You Were Actually Looking For)
The Internet of Things and Ransomware Will Get Married. Instead of just freezing an organizations’ computers, ransomware will burrow it’s way into WiFi-connected refrigerators, industrial control systems, operational sensors and monitors, pace-makers, emergency room equipment, traffic lights and anything connected to the internet. It will then freeze the operation of the device and ultimately will demand that you pay a sizeable ransom to (maybe) get your nuclear power plant back online.
Leading Organizations Will Discover a Centuries-Old Cybersecurity Tool: Going Analog Once information or operational systems are digitized, they are vulnerable to attack by remote forces—including hostile nation states, organized crime and malicious competitors. In other words, when the only method of controlling a system is digital, hackers have a way to assume 100% control. Going analog—introducing human and physical “backstops” into your security supply chain—provides the best defense against network-based remote control takeover. We will see traditional analog systems (paper ballots) increase security in the 2020 Presidential Election, better protect the electric grid (manual on/off switches) and decrease the chance of hacked naval navigation (sextants).
Data Manipulation Will Challenge Financial Gain For Top Cybercrime Honors
Data manipulation is unique among cybercrimes because it’s not about taking the information — it’s about altering the data. The information generally never leaves the owner’s servers, so the criminal raises no red flags that something is amiss. This makes it much harder to catch, and it can be much more destructive. Think maliciously altering flight plans with air traffic controllers, altering bank account balances, or appending your criminal record with fictitious arrests. Every one of us takes data integrity for granted, except for cybercriminals, who will use that bias against us. Think of data manipulation as a virus that invades the body and alters its fundamental DNA. The damage is done quietly, and you may never know it happened.
A.I. Won’t Take Over the World, But it Will Follow Malicious Instructions Like a Robot
Right now, artificial intelligence is more human than we think. From my experience peering under the hood of AI-enabled technology like smart TVs, digital assistants and end-point cybersecurity products, I’m constantly amazed by how much human input and monitoring is necessary to make them “smart.” But that is changing as machine learning progresses. We tend to focus on AI taking over the world (thanks to the movies), but it’s not that we need to fear. It’s AI in the hands of would-be dictators and cybercriminals. Fathom, for a moment, Darth Vader, Hitler or a cyberterrorist in charge of an army of robots that always obey their leader’s command. As always, there is the positive side of the technology, and AI will be used to detect malicious attacks and defend the data on which our economy runs.
To help you get ahead of these topics, I will be writing at length and speaking on all of the above trends (and more) in 2020. Please check back here often, or connect with me to get our latest news on Facebook, Twitter or YouTube. In the meantime, resist the trend to let fear paralyze you in taking action on cybersecurity.
About Cybersecurity Keynote Speaker John Sileo
John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on intentional technology, cybersecurity and data privacy.