With 2020 already upon us, cybersecurity continues to be at the top of the board room agenda as the threat landscape continues to evolve at pace, and businesses across all sectors strive to adapt.<\/p>\n
As one of the UK\u2019s leading independent security companies, we\u2019ve consulted our team, along with our customers and partners, to bring together a list of top cyber trends for 2020.<\/p>\n
A SOAR-ing success <\/strong><\/p>\n Security Orchestration, Automation and Response (SOAR) is a familiar term within the cyber industry. This combination of transformational technologies and processes is developing the way security services are delivered. In its recent Market Guide for SOAR solutions<\/a>, Gartner predicted that \u201cBy year-end 2022, 30 percent of organisations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5 percent today.\u201d<\/p>\n The number of security breaches has jumped 17% since 2018, but according to a recent survey carried out by ServiceNow and Ponemon Institute<\/a> it\u2019s taking companies up to a week longer to make security upgrades.<\/p>\n The survey found that 60% of organisations that suffered a breach in the last two years had the right patches in place but couldn\u2019t install them in time.<\/p>\n <\/p>\n \u201cIT departments and security teams understand that detecting and patching vulnerabilities is very important, but they still struggle to prevent these attacks,\u201d says Sean Convery, vice president and general manager of security and risk at ServiceNow.<\/p>\n Automating manual security processes is one of the most effective methods of breach prevention; saving time, reducing costs and improving analyst effectiveness. As efficiency continues to be a priority, our SOAR services utilising technologies such as Phantom from Splunk and ServiceNow are becoming increasingly desired among our customers in order to enhance their SOC capabilities and maximise breach prevention efforts. (ServiceNow and Adam Thomson, Security Consultant, Adarma)<\/em><\/p>\n The industry skills shortage<\/strong><\/p>\n Global IT security skills shortages have now surpassed four million, according to (ISC)2<\/a>.<\/p>\n The shortage of skilled workers in the industry in Europe alone soared by more than 100% from 2018 to 2019, increasing from 142,000 to 291,000. Without the appropriate training and development as well as opportunities for graduates with cyber related qualifications, this trend is set to continue.<\/p>\n A move towards managed services and outsourcing has been seen in recent years as a result. 2020 will see more organisations strengthening from within and combining outsourced teams with their existing in-house IT professionals and cross-training where appropriate.<\/p>\n At Adarma, reducing the industry skills gap is central to our 2020 strategy. We provide career opportunities with support and training, continuous learning and ongoing development to university graduates as well as seasoned professionals from consulting and contracting sectors with a keen interest in cybersecurity.<\/p>\n A tipping point in Personal data<\/strong><\/p>\n Alistair Thomson, Product Lead at Adarma has highlighted \u201cBig Data\u201d as a major target for criminals in 2020 \u2013 Google does it, governments do it, and criminals do it too. Gathering huge amounts of data on people and organisations and using algorithms to gain insights on them. There is a massive amount of breached data available on the open web or from criminal marketplaces, and 2019 has added enormously to the body of data. According to SecurityIntelligence<\/a>, \u201cYou\u2019re more likely to experience a data breach of at least 10,000 records (27.9 percent) than you are to catch the flu this winter (5-20 percent, according to WebMD).\u201d<\/p>\n In addition, a data breach will have a huge financial impact<\/a>. The average total cost of a breach is $3.86 million. Even a small business with 1,000 lost records could see costs in the tens of thousands. Criminals are increasingly using it to profile and compromise their targets thanks to the immense amount of data available following any data breach. In 2020, more and more organisations will begin to \u201cassume breach\u201d and re-evaluate their control landscape as a result, to ensure there are more preventative measures to stop these breaches in their tracks.<\/p>\n Nation-state-sponsored attacks are on the rise<\/strong><\/p>\n We live in uncertain times where nations orchestrating frequent, coordinated and sophisticated cyberattacks against both public and private entities is a reality, though these attacks often fly under the radar.<\/p>\n Respondents of a recent survey carried out by Crowdstrike<\/a> confirm this, with over 81% reporting that nation-state sponsored cyberattacks are far more common than most people think. It\u2019s fair to say that five years\u2019 ago, relatively few organisations would readily admit that they were at risk of cyberattack by a nation-state. Today, only 5% feel they are not at risk.<\/p>\n Respondents are concerned that what their organisation produces (73%), their industry itself (63%), high profile members of the leadership team (56%), and the country in which they are based (33%), could all place them in harm\u2019s way. These types of attacks are on the rise and nation-states have far greater resources available to achieve their goals than your typical cybercriminal or hacktivist. With political tensions high, it\u2019s no wonder that almost three quarters (73%) of IT leaders and security professionals see nation-state sponsored attacks as having the potential to pose the single biggest threat to organisations like theirs in 2020.<\/p>\n While it\u2019s more understandable for the majority (82%) to see the clear and present danger from malicious or unfriendly countries, it\u2019s perhaps surprising that a similarly high proportion (80%) cannot rule out an intrusion by any government, including their own. With threats at home and abroad, no one should be taking nation-state sponsored cyberattacks lightly.<\/p>\n Evolution of threat and the trickle-down effect<\/strong><\/p>\n We\u2019ve seen it all over the headlines, ransomware attacks have become more and more pervasive throughout the last year, as attackers continue to enjoy massive success targeting organisations of all shapes and sizes using a number of tactics. This success has emboldened cybercriminals as they look to refine their attacks, from zero-day vulnerabilities to patched flaws, malicious spam emails and weaknesses in Remote Desktop Protocol. Criminal groups are also becoming increasingly capable of adopting advanced nation-state techniques within weeks or months of them becoming public.<\/p>\n For this reason, we expect to see both supply-chain attacks and targeted ransomware emerge as more common criminal tactics over the next year, along with techniques we have not seen before. Threat management strategies and remediation planning will be crucial to organisational effectiveness in 2020. (Tenable<\/a> and Alistair Thomson)<\/em><\/p>\n RDP brute force attacks<\/strong><\/p>\n Remote Desktop Protocol (RDP) brute force attacks are expected to continue according to Tenable. Following the announcement of Bluekeep (the remote code execution vulnerability in the Microsoft RDP that could allow an unauthenticated, remote attacker to exploit and take complete control of a vulnerable host) in May 2019, RDP brute force attacks have increased.<\/p>\n This reminds us that attackers are opportunistic and take advantage of any technique available. With over 500,000 vulnerable hosts online as of November 2019, we expect BlueKeep will continue to be a problem for organisations in 2020. While it is likely that new RDP exploits could be discovered this year, common tried-and-true methods such as brute forcing RDP credentials are still popular and often successful approaches attackers will continue to employ.<\/p>\n The evolution of social engineering<\/strong><\/p>\n Whilst social engineering is a well-used and familiar strategy, it\u2019s in no way in decline. In fact, between 2013 and 2019, the number of people using social engineering hacking methods more than doubled. According to Alistair Thomson, Product Lead at Adarma, that is thanks to recent advances in adversary techniques and the wide availability of personal data, coupled with the trend for companies to use cloud services such as Office365.<\/p>\n