We learn from history and make changes in the right direction – we should, anyway. In the past decade, we saw emerging technologies and new tools and techniques that met the challenges posed by the evolving cyber threat landscape.
So what lies ahead as we move into a new decade? Here are my predictions and expectations shaping the future of Cyber Security.
1. AI and ML will be driving cyber security efforts
Artificial intelligence (AI) and machine learning (ML) have broken their way into cyber security through highly effective automation. Modern cyber attacks have become heavily automated and I expect that if organisations try to defend against these attacks manually, the fight will be man versus machine – and the battle will inevitably swing towards machine as human effort simply won’t keep up.
AI and ML have certainly made big gains in addressing these operational security challenges, and they’re continuing to grow exponentially. Automation tools and platforms can help organisations in collecting and analysing big data to check for unusual activities, track assets and keep software updated without additional human effort. It’s worth the investment.
2. Expect an increase in social engineering attacks
Social engineering – when scammers strike up a relationship with unsuspecting users under false pretences and get them to divulge personal or sensitive information – will always be the top cyber security threat.
Phishing has become the most potent attack vector, with email phishing still leading the way. I expect many companies are still failing to consider general cyber security awareness across departments, and the different ways in which phishing attacks can be performed, for instance exploiting an innocent-looking customisable 404 error page.
The first step in protecting your company – or personal security – is to immediately make yourself aware of the potential risks, what you can do to step up your Cyber Security, and then train everyone in your company or household in basic cyber security principles.
3. GDPR will create data protection opportunities
In May 2018, the European Union (EU) rolled out the General Data Protection Regulation (GDPR) for data protection and privacy. Since the GDPR rolled out, many companies have been fined by the Information Commissioners Office (ICO). In 2019, British Airways was fined £183 million and Marriott was fined £99 million for failure to protect personal data.
Organisations are regulated to comply with data privacy-related standards and laws by becoming more transparent and increase information-sharing efforts, especially in case of security or privacy incidents. I expect there to be many more data breaches and security incidents as we still mature through new technologies and evolving tools and techniques.
The best practices in minimising the risk of data breaches is to make sure you update security software and applications regularly, you perform regular risk assessments, you encrypt and backup data and ensure that your supply chains and partners maintain high data protection standards too.
4. Cyber criminals will expand attack vectors with IoT devices and mobile phones
As we move into a world of connections and automation, efficiency will win over security to meet consumers' demands of getting things done, personally or professionally, with "just a few clicks".
With the increasing demand for internet of things (IoT) devices, smartphones now become a dominant attack channel. Symantec exposed 25 Android applications that were acting maliciously, with more than 2.1 million downloads . Additionally, Wandera researchers reported two strange malware applications that had over 1.5 million installs. These are just some of the malicious applications discovered this year.
It remains to be seen what this new year brings for the cybersecurity landscape.
What do you think 2020 will be like?
At QA, our latest Cyber Security Essentials Bootcamp provides hands-on scenario-based exercises that simulate attacks so learners can learn leading-edge skills to prevent, detect and respond to a cyber incident.
James Aguilan
More articles by James
The Air-Gap Dilemma
QA Cyber Security Specialist, James Aguilan, looks at the methods through which air-gapped systems can be compromised.
26 March 2019Safeguarding your Digital Footprint
QA Cyber Security Trainer, James Aguilan, shares 6 tips that can help you safeguard your digital footprint.
05 March 2018Phishing Campaigns: Defending organisations against phishing
QA Cyber Security Trainer, James Aguilan, argues that understanding how to defend against phishing is of paramount importance for the confidentiality and integrity o…
15 February 2018Most common ways for thieves to steal your cryptocurrency
QA Cyber Security Trainer, James Aguilan, looks at how cybercriminals can steal your coins.
19 July 2018Is Mr Robot a good representation of real-life hacking and hacking culture?
QA Cybersecurity trainer James Aguilan looks at several scenarios featured in the hit US TV series Mr Robot – and how they may represent real-life hacking.
19 February 2018How to build an effective cyber defence against polymorphic malware
QA Cyber Security Trainer, James Aguilan, lists three key areas where security efforts should be focussed to counter polymorphic malware.
11 October 2018How do organisations demonstrate accountability for GDPR compliance?
QA Cyber Security Trainer, James Aguilan, outlines steps towards demonstrating compliance with the GDPR.
20 March 2018Cyber criminals can exploit flaws in online security and all new appliances
QA Cyber Security Trainer, James Aguilan, looks at how internet-enabled devices such as fridges, doorbells and TVs are leaving consumers exposed to hackers.
22 May 2018Cryptocurrency Mining: Does the reward outweigh the cost?
QA Cyber Security Trainer, James Aguilan, looks at the practice of mining cryptocurrency.
27 March 2018Cryptocurrency in traditional crimes
QA Cyber Security Trainer, James Aguilan, looks at how cryptocurrency is used in crimes such as drug trafficking, money laundering and fraud.
25 July 2018