With 2020 already upon us, cybersecurity continues to be at the top of the board room agenda as the threat landscape continues to evolve at pace, and businesses across all sectors strive to adapt.
As one of the UK’s leading independent security companies, we’ve consulted our team, along with our customers and partners, to bring together a list of top cyber trends for 2020.
A SOAR-ing success
Security Orchestration, Automation and Response (SOAR) is a familiar term within the cyber industry. This combination of transformational technologies and processes is developing the way security services are delivered. In its recent Market Guide for SOAR solutions, Gartner predicted that “By year-end 2022, 30 percent of organisations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5 percent today.”
The survey found that 60% of organisations that suffered a breach in the last two years had the right patches in place but couldn’t install them in time.
“IT departments and security teams understand that detecting and patching vulnerabilities is very important, but they still struggle to prevent these attacks,” says Sean Convery, vice president and general manager of security and risk at ServiceNow.
Automating manual security processes is one of the most effective methods of breach prevention; saving time, reducing costs and improving analyst effectiveness. As efficiency continues to be a priority, our SOAR services utilising technologies such as Phantom from Splunk and ServiceNow are becoming increasingly desired among our customers in order to enhance their SOC capabilities and maximise breach prevention efforts. (ServiceNow and Adam Thomson, Security Consultant, Adarma)
The industry skills shortage
Global IT security skills shortages have now surpassed four million, according to (ISC)2.
The shortage of skilled workers in the industry in Europe alone soared by more than 100% from 2018 to 2019, increasing from 142,000 to 291,000. Without the appropriate training and development as well as opportunities for graduates with cyber related qualifications, this trend is set to continue.
A move towards managed services and outsourcing has been seen in recent years as a result. 2020 will see more organisations strengthening from within and combining outsourced teams with their existing in-house IT professionals and cross-training where appropriate.
At Adarma, reducing the industry skills gap is central to our 2020 strategy. We provide career opportunities with support and training, continuous learning and ongoing development to university graduates as well as seasoned professionals from consulting and contracting sectors with a keen interest in cybersecurity.
A tipping point in Personal data
Alistair Thomson, Product Lead at Adarma has highlighted “Big Data” as a major target for criminals in 2020 – Google does it, governments do it, and criminals do it too. Gathering huge amounts of data on people and organisations and using algorithms to gain insights on them. There is a massive amount of breached data available on the open web or from criminal marketplaces, and 2019 has added enormously to the body of data. According to SecurityIntelligence, “You’re more likely to experience a data breach of at least 10,000 records (27.9 percent) than you are to catch the flu this winter (5-20 percent, according to WebMD).”
In addition, a data breach will have a huge financial impact. The average total cost of a breach is $3.86 million. Even a small business with 1,000 lost records could see costs in the tens of thousands. Criminals are increasingly using it to profile and compromise their targets thanks to the immense amount of data available following any data breach. In 2020, more and more organisations will begin to “assume breach” and re-evaluate their control landscape as a result, to ensure there are more preventative measures to stop these breaches in their tracks.
Nation-state-sponsored attacks are on the rise
We live in uncertain times where nations orchestrating frequent, coordinated and sophisticated cyberattacks against both public and private entities is a reality, though these attacks often fly under the radar.
Respondents of a recent survey carried out by Crowdstrike confirm this, with over 81% reporting that nation-state sponsored cyberattacks are far more common than most people think. It’s fair to say that five years’ ago, relatively few organisations would readily admit that they were at risk of cyberattack by a nation-state. Today, only 5% feel they are not at risk.
Respondents are concerned that what their organisation produces (73%), their industry itself (63%), high profile members of the leadership team (56%), and the country in which they are based (33%), could all place them in harm’s way. These types of attacks are on the rise and nation-states have far greater resources available to achieve their goals than your typical cybercriminal or hacktivist. With political tensions high, it’s no wonder that almost three quarters (73%) of IT leaders and security professionals see nation-state sponsored attacks as having the potential to pose the single biggest threat to organisations like theirs in 2020.
While it’s more understandable for the majority (82%) to see the clear and present danger from malicious or unfriendly countries, it’s perhaps surprising that a similarly high proportion (80%) cannot rule out an intrusion by any government, including their own. With threats at home and abroad, no one should be taking nation-state sponsored cyberattacks lightly.
Evolution of threat and the trickle-down effect
We’ve seen it all over the headlines, ransomware attacks have become more and more pervasive throughout the last year, as attackers continue to enjoy massive success targeting organisations of all shapes and sizes using a number of tactics. This success has emboldened cybercriminals as they look to refine their attacks, from zero-day vulnerabilities to patched flaws, malicious spam emails and weaknesses in Remote Desktop Protocol. Criminal groups are also becoming increasingly capable of adopting advanced nation-state techniques within weeks or months of them becoming public.
For this reason, we expect to see both supply-chain attacks and targeted ransomware emerge as more common criminal tactics over the next year, along with techniques we have not seen before. Threat management strategies and remediation planning will be crucial to organisational effectiveness in 2020. (Tenable and Alistair Thomson)
RDP brute force attacks
Remote Desktop Protocol (RDP) brute force attacks are expected to continue according to Tenable. Following the announcement of Bluekeep (the remote code execution vulnerability in the Microsoft RDP that could allow an unauthenticated, remote attacker to exploit and take complete control of a vulnerable host) in May 2019, RDP brute force attacks have increased.
This reminds us that attackers are opportunistic and take advantage of any technique available. With over 500,000 vulnerable hosts online as of November 2019, we expect BlueKeep will continue to be a problem for organisations in 2020. While it is likely that new RDP exploits could be discovered this year, common tried-and-true methods such as brute forcing RDP credentials are still popular and often successful approaches attackers will continue to employ.
The evolution of social engineering
Whilst social engineering is a well-used and familiar strategy, it’s in no way in decline. In fact, between 2013 and 2019, the number of people using social engineering hacking methods more than doubled. According to Alistair Thomson, Product Lead at Adarma, that is thanks to recent advances in adversary techniques and the wide availability of personal data, coupled with the trend for companies to use cloud services such as Office365.
Splunk reports that in 2019, we encountered a new level of social engineering – Deepfakes. Technologically altered audio or video that convincingly puts someone else’s words in a person’s mouth. According to Symantec, three companies have already been swindled — in one case, of millions of dollars — by deepfakes of executive voices.
“The bottom line is that when it comes to cybersecurity, the human element remains a major threat vector,” says Haiyan Song, Splunk’s senior vice president for security markets. “Attackers will evolve from targeted email schemes to using new tools like deepfake technology to continue what has always been the easiest way to circumvent security: people.”
Organisations must continue to invest in the technology to close down software vulnerabilities and automate against incoming attacks, but not to the neglect of training and vigilance around simple human weakness. And whatever you’re doing to teach employees to stop clicking on sketchy links, also build in a response to unexpected calls from apparent execs making strange demands.
We hope these insights from the Adarma team and partners will help you look ahead and prepare for the potential threats, challenges and opportunities to come your way in 2020.
Please get in touch to discuss any of your security related concerns in 2020.
Wishing you a safe and successful New Year, from all of us here at Adarma!