5 cybersecurity trends we spotted in 2020
Where digital innovation goes, cyberthreats doggedly follow. And while there’s a sizeable chunk of 2020 still to come, an extraordinary year for digital transformation and IT dependence has been matched by an unprecedented surge in crisis-time attacks.
Amid a year of phishing scams leveraging pandemic panic to the insidious rise of deepfakes, here are just five trends TechHQ identified in cybersecurity in 2020.
# 1 | The robots are coming
On both sides of the cyberwar, emerging technologies continue to play a key role, and artificial intelligence (AI) is no exception.
Cybercriminals can take AI designed for legitimate use cases and adapt it to illegal schemes. Readers will be familiar with CAPTCHA, a tool that has been around for decades now in order to defend against credential stuffing by presenting non-human bots the challenge of reading distorted text. As far as a couple of years ago, however, a Google study found that machine learning-based optical character recognition (OCR) technology could solve 99.8% of these challenges.
Criminals are also using AI to crack passwords faster. Brute force attacks can be sped up using deep learning; researchers have fed purpose-built neural networks tens of millions of leaked passwords, and have asked them to generate hundreds of millions of new passwords, which in one trial, turned out a 26% success rate.
# 2 | AI fighting back
Faced by these fast-moving and evolving threat, cybersecurity will increasingly leverage the power of AI themselves.
Advanced antivirus tools can leverage machine learning to identify programs exhibiting unusual behavior, to scan emails for indications of phishing attempts, and automate the analysis of the system or network data to ensure continuous monitoring.
Given that the cybersecurity industry is facing a widening skills gap, we can reasonably expect investments in ‘intelligent’ cybersecurity systems to be the next best course of action.
However, the increasing use of AI and machine learning has some cybersecurity professionals concerned about their future prospects. According to a report from security advisors Exabeam, there’s a creeping skepticism among younger people under the age of 45 as to whether AI and machine learning is a threat to job security.
“The concern for automation among younger professionals in cybersecurity was surprising to us. In trying to understand this sentiment, we could partially attribute it to lack of on-the-job training using automation technology,” said security strategist at Exabeam, Samantha Humphries in a press release.
# 3 | The unseen damage of ransomware
Ransomware has surged again this year. One of the most notable attacks successfully targeted multinational GPS and fitness company Garmin, while a series of attacks against universities and hospitals in a pandemic demonstrated just how callous attackers were prepared to be.
A report by cybersecurity firm Sophos revealed how organizations are never the same after being hit by ransomware. But besides lost business, downtime, and reputational impact, the report highlighted how the confidence of IT managers and their approach to tackling cyber attacks is impacted significantly depending on whether or not their organization has been attacked.
It was a reminder of the weight of responsibility and pressure faced by individuals in what has become a critical ‘make or break’ role in the business, and how the psychological strain is likely a key contributing factor in the overall shortage of cybersecurity professionals available, and high churn-rate of employees. More than one-third (35%) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest cybersecurity challenge, compared with just 19% of those who hadn’t been hit.
# 4 | All the gear, no idea?
To offset a shortage of readily accessible cybersecurity talent, many businesses have opted for increased investments in cybersecurity tools and solutions.
According to a study by IBM, overinvesting in cybersecurity tools to compensate for limited skills or understaffing can actually hurt corporate defenses. Companies that use more than 50 cybersecurity tools scored 8% lower in their ability to mitigate threats, and 7% lower in their defensive capabilities compared to other enterprises employing fewer toolsets.
Although companies that invest in cybersecurity tools have increased by 18% in the past five years, many of these same companies are reporting they are 13% less effective at containing active threats.
Investment is still important, but the coronavirus pandemic has revealed which companies have cybersecurity protocols and safe remote work policies, and which ones are scrambling to get their act together. According to research by Oslo-based cybersecurity company Promon, two-thirds of the UK’s newly-remote workforce claimed to have not been given any cybersecurity training from employers within the past 12 months.
# 5 | CISOs struggling to be heard
No business leader with a grain of common sense would doubt the importance of cybersecurity today. The dangers to business are well-documented, well-publicized, and should be a constant consideration hand-in-hand with pretty much every operational decision today.
Despite this, cybersecurity executives still face challenges in getting through to business leaders.
“The board’s main concerns are revenue and risk. We in the cybersecurity industry know that cyber risk is something that should come under this umbrella, however it is not always top of the executive priority list […],” Galina Antova, a cybersecurity entrepreneur and executive with over 15 years in the cybersecurity industry, and co-founder of Claroty, told TechHQ.
Boards that lack this specialized perspective and expertise may fall into complacency or a false sense of security. Business leaders may mistakenly believe they have all bases covered, or miss the chance to make important strategic changes simply because they lack the necessary background to understand the full potential that technology can unlock.
“By giving more CISOs a seat at the table, enterprises will be able to move forward with digital change initiatives much more effectively and efficiently, ensuring they are prepared for whatever the future may throw their way,” said Antova.
Antova shared three ways that cybersecurity professionals can cut through the noise.