Cybersecurity

Report: 2020 will be transformational year for security

Fujitsu Global, an information technology equipment and services company, outlines 11 key security forecasts in its Cyber Security Predictions 2020 report.

In the report, Fujitsu security experts discussed the positive changes being brought by the actions done by both the private and public sectors to bring more talents to the sector. There has also been a growing number of cybersecurity solution vendors in the market, the rising standards for managing identities and access, as well as more organizations investing in security tools, making 2020 a transformational year for security.

Have you read “Fujitsu unveils compact image scanner“?

Here are the 11 Cyber Security predictions as listed in the report:

1. New pathways for cybersecurity talent
Talent has been scarce in cybersecurity and, various reports predict that this will even be more of a challenge in the coming years if no new action will be taken. A global shortage of around 3.5 million in cybersecurity specialist positions is projected by 2021. New approaches must be considered, and it will need the collaborative effort of the government, academe, law enforcement, and the businesses to identify and develop new paths for talent creation.

In the Philippines, some institutions now offer new cybersecurity courses. This is part of its efforts to strengthen the students’ skills in Science, Technology, Engineering, and Mathematics (STEM), especially with senior high schools offering this strand. While this is a great starting point, more is still needed to be done to reduce the talent shortage.

2. Cloud adoption expands the unknown threat landscape
This year, cloud computing is expected to account for 13% of the Philippine information technology services market, a report by BMI Research revealed. This development also adopted by the government sector as the Department of Information and Communications Technology (DICT) works on making available a complete cloud solution to all agencies.

As cloud adoption continues to rise, however, it will take time for organizations to understand their risk posture. While most companies move to the cloud due to its operational, business, and commercial benefits, it will still be a challenge for chief information officers (CIOs) to fully understand the risks to their business, which come along with the transition to cloud-based services, as well as the new data flows and storage.

3. Artificial Intelligence (AI) will need real security
While it may have been predicted that Artificial Intelligence (AI) is the “silver bullet” that will put an end to cybercrime, there is still a lack of focus on its security. This will urge businesses to become more cautious with adversarial attacks to exploit vulnerabilities in AI systems. These attacks, which are currently hard to detect and remediate, could look like a malicious hacker intervening in the training process of an AI system. Businesses will see more research in this area, this year, to make for a more explainable and accountable AI.

4. SOAR Revolution
As the threat landscape expands, new cybersecurity technologies also arise, such as the Security Orchestration, Automation, and Response (SOAR). This technology refers to a collection of software solutions and tools that allows organizations to collect data about security threats from multiple sources and respond to low-level security event without human assistance. It will take time for businesses to fully understand and adopt SOAR but, its benefits are tangible. And, it will not take a while for early adopters to see these benefits, such as faster and enhanced reporting and improved security posture.

5. Further market fragmentation will frustrate CISOs
The number of vendors in the cybersecurity market will continue to rise this year. However, as the number continues to rise, it also leads to confusion, especially for CISOs, who are often tasked to evaluate new solutions.
For providers to gain traction, they need to work on offering a combined set of cybersecurity services, diligently aligned to business outcomes. By doing so, they can offer benefits over the use of disparate security technologies. It will also help CISOs to upskill their administrators and eliminate some of the workloads.

6. Taking better advantage of available security measures
Organizations are failing to take advantage of the many integrated security features of digital tools, such as the well-established cloud platforms because they are not aware of them. A greater understanding of these features will allow organizations to make smarter investment decisions. This year, however, there will be a growing demand for advice and services, allowing organizations to optimally configure and monitor those technologies, to ensure they have minimal risk and exposure to threats.

7. The rise of password-less authentication
The old-fashioned password management practices will become a thing of the past as security measures will now start moving to password-less authentication technology. While passwords, as an authentication method, are ubiquitous, they are still vulnerable to a wide array of attacks. They also create friction in login workflows, which disregards good user experience.

Companies are now leaning towards using modern and password-less authentication technologies, such as the use of biometrics, to provide frictionless and maximum user convenience and security.

8. Raising the standard for managing access and vulnerabilities
As companies continue to adopt hybrid and multi-cloud infrastructures, as well as their “cloud-first” attitude for applications, managing the expanded bundle of associated identities and credentials across the organization also becomes a challenge.

Identities and associated credentials are the key attack vectors in a data breach. Without enough controls, it will become increasingly difficult for organizations to securely manage identities and mitigate the risk of a data breach. As such, Federation Authentication, Single Sign-On, and Adaptive Multifactor will become standard, if not required, practice in 2020.

9. Do you WannaCry, again?
The support life for all variants of Windows Server 2008 and Windows 7, which share elements of the same code base, has officially ended last January 2020. This means that both end-user devices and data center servers will be vulnerable to the same exploits and, opens the possibility for an organization to become more susceptible to attacks that cause large outages, like the WannaCry in 2017. To prevent it, organizations may need to use the latest versions not just with their Windows Servers but also, other tools or operating systems that have ended support from vendors.

10. Extortion phishing is on the rise
There has been an increase in the form of phishing. Cybercriminals are making users believe their potentially embarrassing web browsing or private activities have been observed with spyware and, will be made public unless a large ransom is paid. The emergence of these incidents proves that the techniques used by extortionists to evade filters continue to develop. They are now using simple text-only e-mails from single addresses that come ‘burnable’ single-use domains. They also utilize Glyphs from the Cyrillic, Greek, Armenian, and extended Latin alphabets as substitute letters in the email to bypass keyword filters. And, since they use psychological tricks ion the wordings of these e-mails, their phishing attack is most likely to develop and succeed.

11. Ransomware not so random
Last year, there has been a shift in the way ransomware cybercriminals construct their ransom notes. These notes are used to be a generic template text informing the victim that their files are encrypted and that they must pay a set of bitcoins to have it unencrypted.

This time, however, they are now hiring threat actors tasked to successfully deploy ransomware network-wide and achieve other deployment objectives. After doing so, they inform their victims that their files are encrypted without revealing the price they demand the decryption. Instead, they seek to open a dialogue with the victim to discuss a price. This change has seen organizations employ negotiators to work with threat actors on managing and reducing the demand. As more organizations employ negotiators to work with threat actors, ransomware is likely to decrease this year.

Fujitsu’s 2020 Cyber Security Predictions show that the threats are becoming increasingly complex and have wide-reaching implications for all organizations across the globe. These organizations, however, now realize the need to rethink how their security programs work.