“Small and medium-sized businesses (SMB) will be a bigger target for cybercriminals in 2020 The Ponemon Institute reports that 76% of SMBs suffered a cyber attack in 2019, up from 55% in 2018. Meanwhile, the average cost of an attack against an SMB is now $200,000.”
“Quantum computers will advance far quicker than predicted, leaving enterprises scrambling to become quantum safe. By the end of 2020 it will be evident that RSA 2048 will be doomed in under 5 years when a nation state like China or the U.S. will have a quantum computer capable of decrypting current encryption paradigms” – John Prisco, President and CEO, Quantum Xchange.
Varonis reports that there are approximately 7 million data records compromised each day, and 56 records compromised each second. This means that in the average year (365 days), based on the number of daily breaches, there’s about 2,555,000,000 (2.55 billion) records exposed annually.
- “In 2020, cyberattacks will become more and more focused on having a physical impact on industry. So, for example, companies and organizations in the transportation sector—with its growing focus on autonomous, connected vehicles—will view cybersecurity as a key enabler towards modernization. Subsequently, we will continue to see more cybersecurity solutions tailored towards specific industries and their unique technologies and business logic, and which are particularly effective for such targeted attacks”—Amir Levintal, Co-Founder and CEO, Cylus.com
- “2019 saw a record number of hospital and medical networks breached, compromising more health records and patient data than ever before. With thousands of connected medical device endpoints in every hospital and sub-par cybersecurity measures, continued ransomware and phishing will plague the industry as clever hackers eye lucrative pay days from stolen patient data. 2020 will see many hospitals continue to struggle to protect their organizations as they begin the attempt to bridge the gap and improve lacking cybersecurity protocols”—Dustin Anders, VP of Field Engineering, CyberMDX.com
- “In 2020, we will see the emergence of the ‘cyber savvy’ board. Accountability for cyber and risk incidents moves up the organizational hierarchy and becomes a central issue for the CISO, C-Suite and Board of Directors. In 2020, expect mindful organizations to begin hiring board members that bring experience in risk management and information security as a way to prepare the business for a digital future. Gradually, this will become a ‘new normal’ for the enterprise as investors pressure leadership for clear strategies on how they are managing digital risk”—Rohit Ghai, President, RSA.com
- Due to the simple fact that businesses and governments continue to pay the ransom. Why? Well, most times it’s cheaper and less hassle for the victims to pay the ransom than to try to repair the damage themselves. Just ask the city of Atlanta. The city refused to pay a ransom of $52,000 and ended up spending $17 million to rebuild its computer network. So expect this trend to continue in 2020. To make matters worse, the average ransomware payment increased 6X in 2019.
- “To pay or not to pay, that is the question: More than 100 public-sector ransomware attacks have been reported in 2019 so far, compared to 51 reported in 2018. As we head into 2020, ransomware attacks will continue to rise and the targeting of specific industries, locales and public services will continue. And we will see more debate on paying versus not paying”—Jon Check, Senior Director of Cyber Protection, Raytheon
- “2019 was a great year for cyber crooks successfully targeting municipalities, schools and universities worldwide with ransomware and spear phishing attacks. As these organizations have proven easy targets, a rise in campaigns is expected in 2020. Healthcare will also be an attractive sector for hackers due to its high potential gains. However, many in this sector are now investing substantial work and resources to improve their security posture so while attacks will occur, they won’t be as successful”—Eyal Aharoni, VP Customer Success and Sales Operations, Cymulate
- “In 2020, we will see the first bank surrender to ransomware. The year will also bring many struggles to recover data and service”—Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity Software
- The trend that started with the General Data Protection Regulation (GDPR) and accelerated with the California Consumer Privacy Act (CCPA) is set to spread to other state laws that prescribe security standards as part of privacy laws and regulations.
- “Advertisers like Google, Facebook, and Amazon are going to start using more offline data to target consumers. Google’s recent acquisition of Fitbit, in particular, means the tech giant has access to years of fitness data for tens of millions of consumers”—Wayne Coburn, Principal Product Manager, Iterable.com
- “In 2020, image security and privacy will percolate to become a top cybersecurity concern, driven by anonymity erosion. Face recognition is an emotional topic: from accuracy failures revealed in London to rejection in San Francisco; from desire for privacy to policing needs; from obligation to protect children and assist drivers to accidental or intentional exposure and disclosure”—Ron Moritz, Venture Partner, Cybersecurity and Enterprise Infrastructure, ourcrowd.com
- “Bots had a substantial impact on the 2016 presidential election, so there is no doubt they will work to influence the 2020 presidential election as well. Bots will not only work to influence public opinion but will also target the election systems themselves. Local and government agencies will need to be prepared for the multiple threats they present as not only do they pose a huge threat to the swaying people’s perceptions of candidates, but when structured as a 7-layer DDoS attack they have the ability to take down entire election systems”—Tiffany Olson Kleemann, VP of Bot Management, Imperva.com
- “In 2020, we will move beyond the buzzword and see clearer definitions of what zero trust really means for enterprises and individuals. What is currently missing is a zero-trust reference architecture—to assume everything is bad—and I foresee truer definitions coming to fruition for deploying something meaningful. With the perimeter dissolving and people working from multiple environments, zero trust will move more into the mainstream as everyone begins to buy into the vision”—Kowsik Guruswamy, CTO, Menlo Security
- “The 2020 presidential election will see more meddling than any election before. Not only will meddling come from nation-states, but we will see interference from pockets within the United States attempting to manipulate their own election. As the diversity of voting methods increases, the attack surface will increase as external and internal threats loom. It will be critical to protect and restrict access to election materials”—Tim Eades, CEO, vArmour.com
- “As assets become increasingly digital, and deep fake techniques improve, cryptographic signatures will be an important tool to push back against fraudsters and fakers”—Max Krohn, Co-Founder, Keybase.io
Cyber Attack creativity.
- “Business Email Compromise (BEC) or impersonation-based attacks will be a big theme in 2020. The social-engineering aspects of such attacks are becoming more and more sophisticated and difficult to detect, and can easily be leveraged within email as well as other collaboration channels. Most importantly, they can’t be prevented by endpoint security—only email or messaging security solutions combined with user education will fight such attacks”—Yoram Salinger, CEO, Perception Point
- “It is only a matter of time before we see a catastrophic breach of private information coming from Alexa, Google Assistant or Siri. This would have devastating consequences, as these devices, that live in your home, listen and collect highly sensitive personal information”—Otavio Freire, Co-Founder, President and CTO, SafeGuard Cyber
- “The proliferation of artificial intelligence (AI) solutions for communication (e.g., Gmail auto-complete) will continue to lower the bar for exceptionally effective phishing email at scale. Today, it takes time to build something contextually meaningful and accurate for hopeful phishing victims, but attackers continue to leverage more and more tools and data sources (e.g., information lost to breaches) to make every phishing attack a spearphish”—David Pearson, Principal Threat Researcher, Awake Security
- “In 2020, business email compromise will continue to rise because of a confluence of three events:
1) More password dumps are hitting the market, resulting in more email/password combinations (or crackable hashes) being available to bad actors.
2) Credential-stuffing techniques have gotten more prolific and sophisticated because attackers have realized that password re-use (with small variations) is still the predominant user practice, as password-generators and password managers haven’t yet taken off in the market.
3) The primary targets of cred-stuffing campaigns are the major cloud email providers like Gmail, O365 and Yahoo, especially on older accounts with POP/IMAP enabled, because those services do not correctly rate-limit or lock accounts with too many failed password attempts”—Kevin O’Brien, CEO, GreatHorn.com
- Cybercrime-as-a-service — stronger than ever. The crime-as-a-service (CaaS) model will continue to fuel the growth of the cybercrime ecosystem. The model facilitates the emergence of new criminal organizations and speeds up the operations of existing ones. CaaS allows attackers to rapidly access malicious services and products, including malware, exploits, DDoS-for-hire services, RDP accesses and botnets.
Image Disclaimer: “While LIFARS encourage any company small or large to be as vigilant as possible about cyber security and protecting their assets with professional cyber security products and services such as ours, we are in no way associated with any of the brands used as part of the conceptual artwork in this infomercial which is meant to primarily serve to educate any relevant person or entity about the importance to consider ironclad cyber security measures today.”