Cybersecurity Trends to Watch in 2020
As COVID-19 drastically shuffled priorities across organizations, the need for improved cybersecurity has skyrocketed. Reports of malicious attacks and scams rose quickly during the lock down period while hordes of remote workers logged in from their virtual offices. Months later and the US continues to struggle containing the virus. One takeaway businesses should regard from this disaster is that being prepared is highly underrated.
Not only did we not see the COVID-19 pandemic coming, but as a country we also were not adequately prepared to fight it on multiple levels. That same insufficient response is exactly how a business feels when blindsided and debilitated by a cyber-attack. The following cybersecurity processes, technologies and trends are most likely to gain attention and investment given the current environment.
Fear Drives Cybersecurity Spending
With privacy regulations and costly repercussions already in place (see: GDPR and CCPA), the focus on digital infrastructure is more critical than ever. Scammers and hackers know you are more likely to fall prey to scams in times of crisis. Now add in the lock down measures, increasingly sophisticated malware attacks, hordes of e-commerce traffic, and the massive shift in people working remotely. All of this has forced executives and security leaders to look at how they are safeguarding their organizations.
The latest high-impact ransomware attack on Garmin is prime example of how not to handle a ransomware attack. As they scramble to restore a multi-system outage with little to no communication of the problem, it’s clear they need to step up their security game—and fast.
70 percent of organizations anticipate increasing their investments in cybersecurity solutions, due to the coronavirus crisis creating new opportunities for cybercriminals according to Security Magazine. Besides having enough operating capital to weather the economic effects, companies would also be foolish to cut cybersecurity spending and stop mitigating risks in the near term.
Coronavirus / Covid-19
The global pandemic’s impact has rippled through all of our lives. It also has major cybersecurity implications as well. With millions of workers working from home (see: CMIT’s working safely from home tips) to recent cyber-attacks and espionage being performed on hospitals and companies developing vaccines and therapies the stakes couldn’t be higher. All cybersecurity professionals are on high alert during these times and will remain vigilant for the foreseeable future.
High Demand for Cybersecurity Professionals
Now that executives are paying attention to security and the rising importance of chief information security officers (CISO), finding experienced candidates to fill those cybersecurity vacancies will continue to be a problem. By 2021, it is predicted there will be 3.5 million cybersecurity job openings in high demand. 100 percent of Fortune 500 and Global 2000 companies will have a CISO position by 2021, up from 70 percent in 2018 reports Cybersecurity Ventures.
Despite the crisis, a recent Adobe survey found half of the CIOs surveyed reported their organizations are still actively hiring—though 47% anticipated the current situation will slow their hiring cycle. As more companies implement artificial intelligence/machine learning (AI/ML) to automate their IT and customer support, the bigger issue becomes the shortage of talent with a deep understanding of those processes. That talent gap continues to widen and while demand remains high, companies will need to heavily invest in training young cybersecurity professionals who have a combination of technical, business, and soft skills.
Major Spotlight on Election Security
As witnessed from the 2016 election interference, there’s a heightened awareness on identifying and removing disinformation campaigns before they go viral on social media. Just last week, hackers successfully accessed Twitter’s internal systems to hijack and the top accounts of prominent political and influential figures in a bitcoin scam. This recent Twitter attack is a prime example of how easily corruption can unknowingly come from inside an organization.
In an early 2020 poll, 59 percent of Americans believe false election information is becoming more difficult to spot, while 37 percent believe it is the opposite. Expect the spotlight on election security coverage to heat up considerably the closer we get to the election this fall. Be wary of intentionally misleading and inaccurate stories being portrayed as truth on social media. Fact check the sources for credibility before sharing any political content.
Emerging Cybersecurity Technologies
Many organizations made the leap to support large numbers of remote employees or upgraded their e-commerce platforms seemingly overnight since the crisis started. The emergence of the Zero Trust security strategy has drawn increasing attention from cybersecurity leaders who are frustrated by their vulnerabilities. A Zero Trust strategy or Zero Trust architecture essentially trusts no one by assuming all data access points are potential breaches. This security model securely connects the right users to the right data at the right time under the right conditions.
Zero Trust strategies are likely to drive investment in several technologies, such as cloud access controls, unified endpoint management (UEM), and security information and event management (SIEM) as organizations look towards applying artificial intelligence (AI) techniques to identify and isolate intruders. Moving forward, expect to see more Zero Trust projects get fast-tracked as businesses invest in multi-factor authentication (MFA) and microsegment their networks.
Opportunity Awaits
The saying that “out of crisis comes great opportunity” paves the way for organizations to reassess their cybersecurity priorities and take the necessary steps toward greater process efficiency and technology innovation. If 2020 has any silver linings, one could be that the cybersecurity trends emerging may ultimately make businesses more resilient in the future.
Written by: Chris Zambuto | Chief Information Security Officer @CMITBostonCambridge
