Three Things To Consider In The 2020 Cybersecurity Landscape
By Paul Lipman
2019 was a tumultuous year for cybersecurity and privacy, from the WhatsApp hack that injected spyware onto consumer devices to repeated Facebook privacy breaches, GDPR, the rise of cyberattacks against small to midsize businesses (SMBs) and small cities, and more.
Large and small companies are reevaluating data privacy and security as a result, learning from past lessons as they seek to pinpoint where future cybersecurity threats exist. In equal measure, many companies are turning to technologies like AI and machine learning to play an even larger role in threat detection.
The past year also saw the rise of — and the race to jump on — the “privacy bandwagon.” Companies like Facebook and Apple have discussed the importance of putting privacy first, but reports of leaks and breaches have called that into question. Consumers today are more aware of privacy breaches and misuse of their data, and they’re more skeptical of tech companies that claim they protect and value their users’ privacy but don’t “walk their talk.”
With the new year upon us, here are three things to consider in the cybersecurity landscape:
The Rise Of The Machine
Machine learning (ML) is poised for a greater role in 2020. Investment in the technology is brisk: According to estimates published by IDC, the three largest use cases for AI, including threat intelligence, will make up roughly 30% of total AI spending in 2020. ML will take center stage given its ability to analyze patterns and use findings to prevent future attacks. ML also reduces the time organizations spend on routine tasks, enabling resources to be reallocated elsewhere.
A perennial in cybersecurity, supervised AI algorithms will continue to play a critical role. Unsupervised deep learning models will also play a key role, extracting and learning from patterns in existing corpora of known good and bad files to detect and eliminate threats. These algorithms will search for and scour new and unfamiliar files — such as zero-day threats — and score their risk.
Cybersecurity firms on the cutting edge will also use unsupervised ML models to identify feature sets and parameter models based on unlabeled collections of data in order to uncover hidden patterns and unique approaches to identifying threats. This will result in the meaningful progression in the usage of unsupervised deep learning models, which extend to become the most advanced level in threat detection and amelioration.
It will be paramount to respond to threats quickly in 2020 as opposed to the antiquated pattern of identifying a suspicious file, uploading it to the cloud and reviewing it. Companies are instead turning to ML models that run not only in the cloud, but also at the endpoint to identify and address threats in real time in the race to keep pace with the cyberthreat landscape’s evolution.
Small Businesses Wake Up To Increased Cyberattacks
The escalation of cyberattacks against small businesses in 2020 will demand they implement much more stringent and disciplined cybersecurity defenses. Hackers are opportunistic, and SMBs fare even worse at their hands, as hackers see them as much easier prey than large enterprises.
Ransomware will continue to be the primary risk for SMBs. The increasing sophistication and decreasing cost of “ransomware as a service” will enable hackers to execute attacks with impunity. Expect to see ransomware become more sophisticated in terms of contextual ransoms — adjusting the ransom demand through the automated determination of the ransomee’s industry, size and ability to pay.
Additionally, hackers will try to gain access to SMB networks and more lucrative data and information such as banking information, payroll details and client details — all of which provide access to more extensive company networks. Once hackers have access to information, how they manipulate and use it will be endlessly creative, whether it be blackmail attacks, phishing scams or more “advanced” attacks that use information as a springboard for accessing supplier/client networks.
Small businesses that believe antivirus software on endpoint devices is sufficient will also be at risk if they fail to religiously apply upgrades, which are critical to nullify zero-day threats, quarantine infected devices and proactively monitor for breaches.
Private Is As Privacy Does
Privacy will continue to be a hot-button issue in 2020. The rise of the internet and social media came at a high price: privacy. Tech companies will continue to push consumer privacy boundaries as they collect, use and sell consumer data, but new companies built with privacy by design, such as Brave, FigLeaf and Jumbo, will also rise to give consumers the choice to be private.
The concept of data minimalism will gain more ground in 2020. It’s a simple philosophy: Companies collect only the data necessary to provide products and services, and they are transparent about it with the consumers who share their data. It’s a matter of trust, and it’s imperative to address rising privacy and security concerns among consumers.
We’ll begin to see meaningful engagement on the concept of data minimalism within the industry in 2020. However, don’t expect to see major steps taken toward implementing solutions for at least another couple of years. Unfortunately, inertia remains a powerful impediment to change.
Legislation has a role to play as well. Laws that aim to redress the online privacy balance by hanging the Sword of Damocles over organizations that don’t tighten up cybersecurity will proliferate. The California Consumer Privacy Act (CCPA) becomes law in January 2020 and will rival GDPR in terms of the stringent demands it places on organizations.
Consumers will also have a role to play due to the rising tide of distrust in big tech companies. In the wake of the vast number of breaches, I believe 2020 will see more consumers use VPNs and secure browsers to keep their browsing habits private and data protected when online.
The stories about breaches are cause for concern. However, there’s also room for optimism. Consumers will continue to voice their support for additional privacy measures, keeping big companies honest, and the “privacy-first” discussions from companies like Apple and Facebook are encouraging to hear. The confluence of public pressure and private self-interest will undoubtedly help to improve the ever-evolving cybersecurity landscape as we enter the new year.