BR +55 11 3069 3925 | USA +1 469 620 7643

7 Cybersecurity Predictions for 2020

by | Jan 31, 2020 | BLOG

The cybersecurity issue has remained at the top of the list of priorities and concerns for individuals, companies, and governments in recent years. In 2020, the Olympic Games, American presidential elections, the expansion of connected devices and the 5G internet, in addition to the new data protection laws, are some of the events that will keep the cybersecurity topic on the spotlight and direct organizations’ actions and investments to mitigate risks in Information Security, considering the context of digital transformation.

In this context, we have prepared a list of issues that, in our view, may be linked to cybersecurity with the greatest impact on economies, governments, and society:

1 – Protection of IoT devices and edge computing

With the 5G internet, the number of connected devices will continue to expand, which will increase the surface for cyber attacks. Despite this, IoT implementations currently prioritize connectivity over security. Thus, the variety of devices (ranging from smartphones to connected refrigerators and toys) poses a challenge to the lack of standardization in relation to operating systems and hardware and network settings. In this case, the application of Zero Trust-associated concepts can help mitigate the risks related to IoT devices protection, which involves protecting not only the data but also the data traffic and access to the devices.

2 – Security at major events

Major events, such as the Japan Olympic Games and the World Expo in Dubai, will test the protection of connected devices to deliver the best user experience. In the case of the Olympic Games, these devices range from box office equipment to those for broadcasting the games. To get an idea, in 2019, the Japanese government scanned more than 200 million connected devices, such as routers, cameras, and home devices, to find possible vulnerabilities that could be exploited by malicious attackers.

3 – Systems and DevOps Integration

In a context of increased communication between different vendors, protecting these integrated systems (including legacy systems) will be a major challenge for cybersecurity leaders. Attacks involving insecure APIs will increase in 2020, which can result in the exposure of sensitive data from employees, customers, partners, and suppliers. In addition, with the evolution of the software development cycle, the concepts associated with DevOps will gain even more visibility and maturity within organizations, including the adoption of strategies such as microservices. Many development teams are already considering the security aspect of application development, involving behavioral profile, automatic policy generation and compliance tests for infrastructure as code. It is no coincidence that the term DevSecOps is already common, which consists of not only Development and Operation but also Security of applications.

4 – Data Protection Laws

In addition to the consolidation of GDPR in Europe, the use of LGPD in Brazil, CCPA in California and NY SHIELD in the state of New York will test the effectiveness of the sanctions provided for in these laws. Through pressure from businesses and congressmen, the United States is expected to begin debates on the creation of a federal data protection law. The Saudi Arabian Monetary Authority’s (SAMA) cybersecurity framework, in addition to GDPR’s extraterritorial impacts, have been pressuring countries in the Middle East to update their privacy laws. An example of this was the launch of the public call for a new data protection law, issued in June 2019, by the Dubai International Financial Centre Authority (DIFCA). Another important aspect that should be taken into account is the liability of third parties in the event of data leaks, especially in a scenario of exploitation by malicious attackers for greater integration through APIs.

5 – The Future of User Identity

The lack of proper management of credentials and passwords is usually a flawed aspect of Information Security, which will cause identity theft to continue to be the reason for most security incidents. With the growth in the adoption of cloud solutions, remote teams and the greater number of connected devices to improve team productivity, the number of identities associated with users will also tend to grow. The result is an increase in the attack surface and the related business risks.

6 – Cyber War

2020 proves to be a challenging year for governments around the world. With tensions rising – mainly between the United States, Russia, and Iran – agents linked to those countries will continue to focus on malware and ransomware attacks. It is worth to mention that the goal of these agents is not to obtain credit card data to sell on the Dark Web but to attack the critical infrastructure of their targets, such as nuclear power plants and telecommunications infrastructure. In addition, with the US presidential elections scheduled for 2020, an increase in cyber attacks is expected to confuse and affect voter confidence.

7 – Deepfakes

The issue of deepfakes is related to user identity. However, instead of stealing user credentials and passwords, deepfakes also allow one to steal your digital identities, such as biometrics and voice. This means that, for example, in a remote conference between individuals, it will no longer be possible to ensure that the people speaking are who others may think they are. Deepfakes have been changing the cybersecurity perspective and organizations must put any effort into creating new forms of validating the identity of users and thus mitigating the new associated business risks. Deepfakes can also be used to influence American elections by creating fake news.

Top 7 Types of Phishing Attacks and How to Prevent Them

Social engineering, in the context of information security, consists of practices performed by hackers to manipulate users to take actions that go against their interests, exploiting their vulnerability and lack of knowledge for their benefit. One of the main types of...

ISO 27001 – What is the importance of having achieved the certification

The process of digital transformation has intensified in companies of all sizes and industries, and is considered an essential factor for business success. One of the main consequences of this process is the exponential growth in the amount of data from customers,...

Principle of Least Privilege: Understand the Importance of this Concept

Granting administrator access to a user who does not even have time to explain why they need this permission is not an efficient way to solve a company's problems but rather to harm its security.  This is because sensitive data can fall into the wrong hands through a...

How to Prevent DDoS Attacks in Your Company?

There are several methods by which malicious agents attack websites and destabilize network services and resources. One of the most widely used techniques is the DDoS attack, which means distributed denial-of-service. Through this attack, a website ends up becoming...

Gartner and PAM: What Does One of the Most Important Consulting Companies in the World Say About this Cybersecurity Solution?

All of us have already heard of digital transformation at some point. This phenomenon affects companies of all verticals and sizes and has been gaining prominence in the market.  Digital transformation increasingly requires organizational leaders to adapt their...