Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.
Follow the Money
Honestly, I do not feel anyone can speak with certainty about what is next when it comes to cyberattacks and trends. However, I do feel I can apply some simple situational awareness...follow the money. Based on my observations of the current threat landscape and the corresponding money trail, here’s where I believe things are heading in 2020:
Ransomware isn't Going Anywhere Anytime Soon
Ransomware will continue to remain in the forefront of cyber-attacks. The wheel has been invented and the bad guys continue to evolve the tactics they use to successfully infect systems with malicious code, in hopes of yielding a ransom payment. With so many successful attacks in 2019 alone, it is unlikely this trend will taper off anytime soon. Based on the attack trends of this year, I foresee more targeted attacks against specific organizations in 2020.
Social Engineering will Continue to Bring in the Big Bucks
Nearly every day I hear about another organization that has been affected by compromised email credentials via some derivative of phishing or deception. Attackers continue gain unauthorized access to corporate email accounts. Then, by manipulating mailbox rules, they are able to control a victims mail flow while hiding the email communications and modifying ACH information in invoices, that ultimately result in money being sent right to the perpetrator. The next stage of social engineering I anticipate gaining in popularity is the realm of mobile devices and messaging platforms.
Questions Around Security of The Cloud
The Cloud has, for some time, been growing in popularity. However, after several high-profile security events in recent years, organizations are beginning to question the security of having their operations in hosted environments. While these solutions have enabled organizations to scale quickly and transfer some risk to the providers, many are wondering if the providers are holding up their end of the deal. We have seen many organizations recently move their operations from hosted environments to on-premises equipment. I believe we will continue to see a rise in on-premises versus hosted environments.
Taking an Offensive Approach to Cybersecurity
2020 is the year of situational awareness. The bad guys are winning on many fronts. It’s going to take organizations building situational awareness and taking an offensive approach to cybersecurity, rather than solely depending on a shiny new security appliance.