The State of Cybersecurity in 2020
Just two weeks shy of the new year, the US Navy announced a ban on TikTok, the popular video sharing app. Following the ban, service members will no longer be allowed to download the app on government-issued smartphones. Pentagon spokesman Lieutenant Colonel Uriah Orland said that the move was to “address existing and emerging threats.”
Stories like this are not uncommon, and government entities are beginning to take more drastic steps in protecting society.
The Navy’s ban underscores just one sphere of cybersecurity threats that continue to pervade everyday life. Let’s review the biggest trends to watch for as we begin the new year.
In addition to the TikTok ban, states all over are implementing new legislation that encourages higher levels of cybersecurity or protects end-user data and information. In 2019, at least 43 states and Puerto Rico collectively introduced close to 300 cybersecurity-related bills or resolutions.
For example. Starting January 1, 2020, California will begin enacting Assembly Bill No. 1906. The new law states that all connected device manufacturers must equip them with a “reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.” 2020 will see the enactment of more of these proposed bills as well as some brand new proposals.
Did you notice more fake emails this year from people claiming to be someone else? Just as people have wised up and cracked down on phishing emails, phishing companies have gotten smarter about their deception. They are able to collect far more private information, such as our browsing habits, our location, even the names of people close to us.
And much worse, their phishing tactics are no longer exclusive to email. Now, phishing via SMS and phone calls is growing in popularity. Based on a report by AIG, phishing is the top cyber insurance claim, accounting for almost one-quarter of all claims.
Biometrics and “Passwordless” Authentication
In 2013, Apple introduced Touch ID, a smartphone unlocking mechanism that relied on reading the user’s fingerprint. In 2017, they added Face ID, a similar feature this time relying on facial recognition. And in 2019, more companies are beginning to implement some form of biometric or “passwordless authentication.”
HSBC, for instance, has already implemented a system that lets their customers verify their identity using “active” voice ID. Customers simply state “my voice is my password” during the call, and the system matches and analyzes the user’s voice to a previously recorded voice print.
2020 will see more “passive” methods that offer more security. Instead of doing a voice print match, artificial intelligence will be able to process more natural, free-flowing speech, reducing the risk of impersonation or coercion.
AI-Powered Defenses and Attacks
We’ve seen artificial intelligence in the medical industry, in entertainment, and soon we’ll see it in cybersecurity.
On one side, we can see it predict and analyze malware and similar attacks with superhuman speed and precision. Already, 61% of enterprises say they cannot detect a breach without AI technology, and 48% say their AI cybersecurity budget will increase by an average of 29% next year. A single AI and a dedicated team can keep a company protected far more effectively than a whole division.
On the other hand, the same AI could counteract these security checks and develop a near-impossible-to-detect threat. Director of Strategic Threat at Darktrace, Marcus Fowler, believes that AI could make an attack as early as next year.
“If we haven’t seen it before we celebrate the arrival of the new year, 2020 undoubtedly holds the first AI-powered cyberattack,” Fowler said.
Reimagining Third-Party Security
In-house security experts and engineers simply won’t cut it anymore. Third-party vendors are necessary in delivering a prime security experience. However, even third-party vendors are at risk.
There are a few reasons why. At times, vendors have non-stratified access to a business’s network, meaning there’s either total security access or none at all. Other times, companies are not privy to the access a vendor even has. Out of date policies and enforcement have also been listed as common causes for vulnerability.
Privileged access management will become more crucial. Vendors with privileged access will need to explain what they have access to and why they need it. Speedy identification of a vendor’s access and compromisation will also be key to preventing critical attacks.
Demand for Talent Will Exceed Supply
The writing has been on the walls for some time, but cybersecurity professionals continue to be in short supply. As many as two in three organizations around the world report that they have a shortage in IT security staff.
In response, various IT tools are becoming indispensable parts of a cybersecurity strategy. These products can effectively allow a startup or team to manage various websites and applications’ security.
Still, in 2020 it will become more important than ever to form a team of diverse experts, in the administrative, developer, and non-technical roles. Education should become a core part of the culture as new hires are brought on board.
Despite the many dangers, pitfalls, and nightmares of cybersecurity, the good news is that our technology continues to evolve and expand, allowing us to fight previous challenges with greater ease and efficiency.
The question now becomes whether companies are determined to stay vigilant on their cybersecurity efforts. Unlike other aspects of a business, cybersecurity is not something that can be set and forgotten. It requires continuous research, frequent updates and audits, and a hardened resolve to provide the highest quality protection. Companies that do not take this seriously may find themselves in an uphill battle for consumer trust.
If you need to improve your IT security, make sure you contact us today to find out how we can help.