Author: Paul Hogan, Chief Strategy and Innovation Officer, Ward Solutions
It’s at this time of year that I typically sit back and reflect on the trends in cybercrime and cybersecurity in 2019 and make some predictions around cyber security and the threat trends that we think we may see in Ireland in 2020.
Ransomware: More of the same but smarter
2019 was an active year for Ransomware, with a range of targeted and broad indiscriminate attacks. I would expect to see more of the same in 2020, possibly with more targeted attacks, as they tend to be more successful. Where phishing was once the predominant attack vector, there is growing evidence of attacks exploiting vulnerable RDP services on servers as well as other software vulnerabilities.
Business Email Compromise (BEC) coming to your inbox
Our incident response service dealt with a BEC related attack on a near weekly basis. In 2020 I would expect to see this trend increase as cyber criminals find more creative ways of executing impersonation attacks, CEO/CFO fraud and BEC. Email in general will continue to be used as an attack vector for threats such as Ransomware and Phishing as well,
Cloud First must be Security First
As organisations migrate more and more workloads to the cloud, their attack surface increases and I would expect to see more attacks both against cloud service providers and the apps and data that organisations manage in the cloud. Hacks like those we saw in 2019 most likely will be as a result of misconfigurations of cloud management, identity and security features.
5G Networks with unprecedented data theft speed
5G networks will become more prevalent in 2020 delivering high speed access from just about anywhere. This increased access could facilitate theft/exfiltration at greater speeds from expanding attack surfaces. Speed to deploy is also critical with malware based attacks, so we expect to see more attacks from those networks.
An area that can sometimes be over dramatized, however we do see more and more attacks aimed at industrial processes rather than just data. In 2019 we witnessed nation state activity such as the US cyber operation against Iran last September, in 2020 we expect to see this continue as nation states look to consolidate and extend their influence. And without ruling out the possibility, it’s not something we are likely to see more locally.
To meet these growing threats its clear that organisations understand their security posture, have in place the right controls and technologies to protect them from advanced threats, and have the ability to detect, respond and recover from the advanced threat that we expect to see in 2020.