2019 has been the year of the data breach with over 10 billion records estimated to have been leaked. The news headlines have been flooded with unfortunate attacks with enterprises on both sides of the Atlantic suffering. Whether it’s ransomware, phishing or endpoint attacks, there’s always something on the horizon waiting for its turn in the spotlight. Yet, with 2020 now on our doorstep, cyber security professionals are concerned with what new threat vectors may lie around the corner as we enter the next decade, especially with new legislation becoming enforced.
On the topic of legislation, 3rd January 2020 will be the formal start date of the California Consumer Privacy Act (CCPA) which is a bill passed to enhance privacy rights and consumer protection for residents in the state of California. But what else could 2020 bring in terms of regulation changes? Stu Sjouwerman, CEO at KnowBe4, expects there to be “federal legislation to be passed that makes any ransomware infection of more than 500 records, automatically a data breach with all the resultant disclosure requirements and legal expenses.” Given there have been over 620 ransomware attacks against government agencies, healthcare providers and schools in the first nine months of 2019, the threat of ransomware will continue to plague enterprises. If a bill that was described by Stu was approved and resulted in fines for businesses affected, this could prompt enterprises to take cybersecurity and awareness training seriously to help reduce the overall threat of a ransomware attack.
Security awareness training will also reduce the number of employees suffering from business email compromise (BEC), which can result in millions lost. Jacqueline Jayne, security awareness advocate at KnowBe4, fears “BEC will escalate and cause major disruption to day-to-day activities across the globe.” As a result, this could lead to the addition of compulsory new-school security training and testing within businesses, academia, industry and government to regularly update the knowledge of the general workforce to be more conscious when it comes to BEC.
Speaking of governments, the notion of nation state attacks are always circulating the worlds press, with China, Russia and North Korea often the main culprits in causing disruption to critical services. An area of concern for Erich Kron, security awareness advocate at KnowBe4, would be the potential election meddling by foreign powers in the 2020 elections in the United States and further afield. He believes “Deepfake technologies will be used to attempt to influence” the voting public with fake videos and audio being released close to the election time in order to discredit candidates or to swing votes.” Despite these proven as fakes fairly rapidly, undecided voters will be influenced by the most realistic or believable fakes meaning Deepfake technology poses a serious threat to society and there is evidence that it is already being used maliciously.
Furthermore, in the wake of the security and privacy issues surrounding Huawei and Kaspersky products, and these being banned in the United States, Javvad Malik, security advocate at KnowBe4, claims we will see a “further balkanisation of the internet”. Going forward into 2020, tactics may change out of fear of being banned, leading to vendors being more tailored with their products and services to meet the local requirements and regulations of the location of their customers.
There’s no doubt that it will be interesting to see what the future holds for the cybersecurity industry next year. Most importantly, users should remember to think before they click. Security professionals should remain vigilant and keep these upcoming threats and trends in mind when thinking about the overall security of their organizations in 2020 and beyond.