We learn from history and make changes in the right direction – we should, anyway. In the past decade, we saw emerging technologies and new tools and techniques that met the challenges posed by the evolving cyber threat landscape.
So what lies ahead as we move into a new decade? Here are my predictions and expectations shaping the future of Cyber Security.
1. AI and ML will be driving cyber security efforts
Artificial intelligence (AI) and machine learning (ML) have broken their way into cyber security through highly effective automation. Modern cyber attacks have become heavily automated and I expect that if organisations try to defend against these attacks manually, the fight will be man versus machine – and the battle will inevitably swing towards machine as human effort simply won’t keep up.
AI and ML have certainly made big gains in addressing these operational security challenges, and they’re continuing to grow exponentially. Automation tools and platforms can help organisations in collecting and analysing big data to check for unusual activities, track assets and keep software updated without additional human effort. It’s worth the investment.
2. Expect an increase in social engineering attacks
Social engineering – when scammers strike up a relationship with unsuspecting users under false pretences and get them to divulge personal or sensitive information – will always be the top cyber security threat.
Phishing has become the most potent attack vector, with email phishing still leading the way. I expect many companies are still failing to consider general cyber security awareness across departments, and the different ways in which phishing attacks can be performed, for instance exploiting an innocent-looking customisable 404 error page.
The first step in protecting your company – or personal security – is to immediately make yourself aware of the potential risks, what you can do to step up your Cyber Security, and then train everyone in your company or household in basic cyber security principles.
3. GDPR will create data protection opportunities
In May 2018, the European Union (EU) rolled out the General Data Protection Regulation (GDPR) for data protection and privacy. Since the GDPR rolled out, many companies have been fined by the Information Commissioners Office (ICO). In 2019, British Airways was fined £183 million and Marriott was fined £99 million for failure to protect personal data.
Organisations are regulated to comply with data privacy-related standards and laws by becoming more transparent and increase information-sharing efforts, especially in case of security or privacy incidents. I expect there to be many more data breaches and security incidents as we still mature through new technologies and evolving tools and techniques.
The best practices in minimising the risk of data breaches is to make sure you update security software and applications regularly, you perform regular risk assessments, you encrypt and backup data and ensure that your supply chains and partners maintain high data protection standards too.
4. Cyber criminals will expand attack vectors with IoT devices and mobile phones
As we move into a world of connections and automation, efficiency will win over security to meet consumers' demands of getting things done, personally or professionally, with "just a few clicks".
With the increasing demand for internet of things (IoT) devices, smartphones now become a dominant attack channel. Symantec exposed 25 Android applications that were acting maliciously, with more than 2.1 million downloads . Additionally, Wandera researchers reported two strange malware applications that had over 1.5 million installs. These are just some of the malicious applications discovered this year.
It remains to be seen what this new year brings for the cybersecurity landscape.
What do you think 2020 will be like?
At QA, our latest Cyber Security Essentials Bootcamp provides hands-on scenario-based exercises that simulate attacks so learners can learn leading-edge skills to prevent, detect and respond to a cyber incident.
James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
More articles by James
Cyber Pulse: Edition 105
Cyber Pulse: Edition 104
Cyber Pulse: Edition 103
Cyber Pulse: Edition 102
Cyber Pulse: Edition 101
How does Ransomware-as-a-Service work?
Phishing Campaigns: Defending organisations against phishing
Is Mr Robot a good representation of real-life hacking and hacking culture?
Safeguarding your Digital Footprint
How do organisations demonstrate accountability for GDPR compliance?