Working in the depths of cybersecurity—testing corporate cybersecurity defenses and managing cleanup after an incident—provides useful insight in predicting the changing threat landscape. However, my basic prediction for the security challenges facing businesses in 2020 would be the same. This may seem strange given the dramatic developments in organizations' security strategies over the past year. For example, we have seen many more companies introduce multi-factor authentication (MFA). The main candidates have been messaging service providers, with Office 365 and G Suite, for example, lowering the barriers to entry in implementing MFA. This is good news for consumers, and it certainly makes it more difficult for cybercriminals to interfere with victims' email accounts. This is good news for businesses.
About the author Elliot Thompson is the leading security consultant for SureCloud. But cybercriminals, like the rest of us, tend not to give up tried-and-true techniques and processes without good reason. The fact is that some of the most established data extraction and infiltration techniques are because they are so effective and organizations still struggle to keep up.
Social engineering and phishing offer access to the cloud
For example, social engineering and credential phishing techniques, which have dominated cybercriminals' arsenal for years, are just the elements of infrastructure they can access that have evolved. Over the past year, even the most reluctant companies have initially plunged into cloud computing services such as Microsoft Azure and AWS, and notable successes in criminal access to these cloud panels. , usually through credential stuffing or phishing. . It may sound shocking that anyone with admin access to production environments is making such a mistake, but in large organizations or with multiple accounts, this is much more common than it should be. be.
Ransomware has become a stable business model
Similarly, ransomware has truly become one of the most powerful and effective weapons bad actors can deploy. We have seen fewer and fewer cases where poorly implemented ransomware cryptography can be exploited to unlock files for free. Similarly, we've seen fewer cases where an attacker takes over a large network and requires a small amount of money. Unfortunately, many threat actors take advantage of incomplete disaster recovery service coverage across organizations. I think I'd be surprised not to see a fully implemented massive malware campaign based on BlueKeep in 2020. This security flaw of Microsoft's Remote Desktop Protocol, which allows remote code execution by cybercriminals, could kick off some truly devastating attacks.
Machine learning is within the reach of criminals
Machine learning and artificial intelligence are actually exploited by many endpoint security tools and applications, often used to flag unusual network traffic or log user behavior. Machine learning will likely be applied to new security use cases in 2020, where the usual gap analysis is less effective. This is the good news. But while security professionals exploit computer learning in exciting ways, it also offers criminals slightly more insidious possibilities. It will be used more and more often when creating malicious content by trying to bypass existing filters, based on machine learning. We really are in an arms race for machine learning, and unfortunately, there are still far too many incidents where the so-called artificial intelligence powering a seemingly smart security tool is really just a series of nested "if" statements. Security professionals need to take AI seriously and master it properly, just like criminals do.
Timeless challenges, new defenses
And beyond these most recent technical evolutions, the top security issues facing organizations small and large in 2020 must follow three near-timeless classics: 1. Credentials: The age-old challenge of preventing weak, shared, and similar identifiers in our networks still is in progress. But with the aforementioned increase in the use of multi-factor authentication, this problem seems to improve for identity management. A big recommendation now is to forget all the old password hints that generated likes like Monday1? and Brazil2019! and instead apply NIST's current recommendations that number, capitalization, and symbol requirements be reduced to a much higher minimum length to encourage passphrases over passwords. 2. Inbound Communications: From malicious attachments to phishing scams, invoice forgery, and CEO fraud, the number and scale of attacks are trending on the rise. While new technologies at the perimeter certainly help reduce the volume of malicious content reaching our staff, an attacker only has to win once. By 2020, I think we will see more automation of message content generation rather than delivery, with the attacker's goal being to defeat existing filtering systems. 3. Perimeter Erosion: The boundaries of our network have become increasingly blurred over the years and should be strengthened by 2020. Even in small organizations, the simple act of listing third-party applications used by all members of the personal It will probably be a difficult prospect. In many cases, our information is spread across dozens of heterogeneous systems hosted by different organizations, such as CRM and productivity software. From Slack to ZenDesk, Office 365 to AWS, it's often no longer necessary to access internal company resources if you're on the corporate network . The compromised staff IDs meant an attacker was digging into Outlook Web Access. Now this can mean full access to SharePoint, support tickets, and your chat logs.
How can organizations better protect themselves?
Of the top three challenges of identifying information, inbound communications, and eroded perimeter, combining password scanning, phishing, and remote compromise is essential. However, along with the increasing number of organizations migrating their workloads to the cloud, it is also critical that these organizations discuss, at the purchase stage, how cloud services contain company resources and data. are managed Enterprise security and risk strategies now reach far beyond your own premises and network perimeters and into the cloud, requiring a more collaborative approach to security than ever before. Elliot Thompson is the leading security consultant for SureCloud.