by James Aguilan

We learn from history and make changes in the right direction – we should, anyway. In the past decade, we saw emerging technologies and new tools and techniques that met the challenges posed by the evolving cyber threat landscape.

So what lies ahead as we move into a new decade? Here are my predictions and expectations shaping the future of Cyber Security.

1. AI and ML will be driving cyber security efforts

Artificial intelligence (AI) and machine learning (ML) have broken their way into cyber security through highly effective automation. Modern cyber attacks have become heavily automated and I expect that if organisations try to defend against these attacks manually, the fight will be man versus machine – and the battle will inevitably swing towards machine as human effort simply won’t keep up.

AI and ML have certainly made big gains in addressing these operational security challenges, and they’re continuing to grow exponentially. Automation tools and platforms can help organisations in collecting and analysing big data to check for unusual activities, track assets and keep software updated without additional human effort. It’s worth the investment.

2. Expect an increase in social engineering attacks

Social engineering – when scammers strike up a relationship with unsuspecting users under false pretences and get them to divulge personal or sensitive information – will always be the top cyber security threat.

Phishing has ­­­­become the most potent attack vector, with email phishing still leading the way. I expect many companies are still failing to consider general cyber security awareness across departments, and the different ways in which phishing attacks can be performed, for instance exploiting an innocent-looking customisable 404 error page. 

The first step in protecting your company – or personal security – is to immediately make yourself aware of the potential risks, what you can do to step up your Cyber Security, and then train everyone in your company or household in basic cyber security principles.

3. GDPR will create data protection opportunities

In May 2018, the European Union (EU) rolled out the General Data Protection Regulation (GDPR) for data protection and privacy. Since the GDPR rolled out, many companies have been fined by the Information Commissioners Office (ICO). In 2019, British Airways was fined £183 million and Marriott was fined £99 million for failure to protect personal data. 

Organisations are regulated to comply with data privacy-related standards and laws by becoming more transparent and increase information-sharing efforts, especially in case of security or privacy incidents. I expect there to be many more data breaches and security incidents as we still mature through new technologies and evolving tools and techniques.

The best practices in minimising the risk of data breaches is to make sure you update security software and applications regularly, you perform regular risk assessments, you encrypt and backup data and ensure that your supply chains and partners maintain high data protection standards too.

4. Cyber criminals will expand attack vectors with IoT devices and mobile phones

As we move into a world of connections and automation, efficiency will win over security to meet consumers' demands of getting things done, personally or professionally, with "just a few clicks". 

With the increasing demand for internet of things (IoT) devices, smartphones now become a dominant attack channel. Symantec exposed 25 Android applications that were acting maliciously, with more than 2.1 million downloads . Additionally, Wandera researchers reported two strange malware applications that had over 1.5 million installs. These are just some of the malicious applications discovered this year.

It remains to be seen what this new year brings for the cybersecurity landscape.

What do you think 2020 will be like?

At QA, our latest Cyber Security Essentials Bootcamp provides hands-on scenario-based exercises that simulate attacks so learners can learn leading-edge skills to prevent, detect and respond to a cyber incident.