Next year will see the risk of cyber attacks continue to increase, with specific industries being targeted.
This is according to ThreatQuotient co-founder and CTO Ryan Trost, who said that security leadership in companies must work hard to remain ahead of attackers.
“A difficult but worthwhile exercise for security leadership as they attempt to assess the adversaries’ trajectory and work to remain several moves ahead,” Trost said.
“More often than not, adversaries stay true to their methods but only make slight variations to their attacks – why change what historically works?!”
Trost laid out three cybersecurity predictions for 2020, outlined below.
The prevalence of cloud attacks is expected to increase as companies continue to migrate their businesses to cloud infrastructure.
“Teams have slightly more control and oversight over private cloud deployments but the public multi-tenant cloud deployments are rich targets for an attacker,” Trost said.
“No need for the adversary to enumerate their prey when they can infiltrate the ‘entire herd’.”
He added that attackers can become extremely efficient by studying how a single cloud technology operates from infrastructure to defences.
“Very similar to our defensive budgets, adversaries must weigh their operating costs against their potential profits,” Trost said.
“Therefore, their motivation to gain access to cloud environments provide exponential financial gain.”
Another prediction of Trost’s was that botnet armies would become even more widespread.
“Botnet armies are nothing new, however, as endpoint devices in households become “connected” and schools provide each individual student with personal computing devices it opens the doors for widespread takeover,” Trost said.
“I can appreciate the benefits of every single student having a tablet (or equivalent) for schooling. However, I struggle to find the legitimacy of why my refrigerator needs an Internet connection, or for that matter, a video conferencing feature.”
When these compromised devices are assembled and employed en masse to target a single victim, they can become a formidable tool.
“Whether used for computation resources (think brute-forcing passwords) or used to launch denial of service attacks against a target the volume of botnet armies will surely increase exponentially,” Trost said.
An Operational Technology (OT) line will fall victim to a ransomware threat next year, Trost predicted.
“These environments typically rely heavily on older infrastructure and technology and are infrequently updated to the latest security levels.”
He added that these networks are often overlooked because they don’t have traditional weak points, they are generally not connected to the Internet, and they do not have a high number of end-users who can be targeted by phishing attacks.
“But as manufacturers live and die by product branding the importance for a company to comply with criminal demands warrants a lofty ransom threat,” Trost said.
“I predict 2020 will see at least one high-value OT network get infiltrated and held for ransom.”