TheHa

ckerNews
CyberSec
uri
ty
Predi
cti
ons
2020

ht
tps:
//
thehacker
news.
com/
 Top5Cyber
securi
tyandCyber
cri
me
Pr
edic
tionsf
or2020

Wedi st
il
l
ed30independentr
eport
sdedi
cat
edt
ocybersecur
it
yandcybercr
ime
pr
edicti
onsf
or2020andcompi l
edthet
op5mosti
nter
esti
ngfindi
ngsand
pr
ojecti
onsi
nthi
spost.

1.
)Compliancef
ati
guewi
llspr
eadamongsecur
ity
pr
ofessi
onals

Bei
ngasourceofongoi
ngcontr
over
syanddebate,t
heCal
if
orni
aConsumer
Pri
vacyAct(
CCPA)wasfinal
i
zedon1 1t
hJanuar
y1,2019.

Dri
venbylaudableobject
ivestoprot
ectCal
if
orni
ans'personaldata,pr
eventi
ts
misuseorunconsentedusagebyunscrupul
ousentit
ies,thel
awi mposes
for
midabl
emonet ar
ypenal ti
esofupto$7,
500perintenti
onalviol
ati
onand
$2,500peruni
ntent
ionalviol
ati
on.

TheActisenforceabl
eagai
nstorganizati
onsthatprocessorhandlepersonal
dataofCal
if
orniaresi
dent
s,regar
dlessofthegeogr aphicall
ocati
onoft
he
for
mer.Aki
ntot heEUGDPR,dat asubj ectsareempower edwit
habundleof
ri
ghtst
ocontrolthei
rper
sonaldat
aandi t
seventualusage.

Thepit
fal
list
hatifeveryUSstat
eintr
oducesit
sownstat
epr i
vacyl
aw,onewil
l
havetocomplywithover50overl
appingsandsometi
mesincompat
ibl
y
cont
radi
ct
iveregulat
ionsonl
yontheUSt err
it
oryorot
her
wisefacehar
shfi
nan-
ci
alpenal
ti
esorevencr imi
nalpr
osecuti
on.

Exacer batedbyt hemushr oomingregional

,nati
onal,andtransnat
ional
regulati
ons,2020maybecomeayearwhencyber securi
tycompl i
ancewi l
lerode
andst artit
sr api
ddownf all
.Inl
ightofthesl
owj udi
ci
alsystem ononesi de,and
i
nsuf f
ici
entcyber secur
it
yskill
sandscant ybudgetsonanot her
,cybersecuri
ty
professionalsmayst ar
tflat
lydisr
egardingt
hewi despectr
um ofsuper f
luous
regulati
ons.

t
hehac
ker
news
.com 1
 2.
)Thi
rd-
par
tydat
abr
eacheswi
lldomi
nat
ethet
hreatl
andscape

Supplychai
nat tacksar
eup78% i n2019,saysSymant ec.Compet i
ti
veand
successf
ulbusinessesareusual
lydisti
nguishedbyahighlevelofprof
ici
ency
andspecial
izati
on,concent
rat
ingallavail
ableresour
cestoatt
ainexcell
enceina
part
icul
armar kettoout
pacecompet i
tor
s.

Hence,theyout
sourcemostofthei
rsecondarybusi
nesspr
ocessestoski
l
led
suppl
ier
sandexperiencedt
hird-
par
ti
es,ther
ebyreduci
ngcost
s,incr
easi
ng
qual
it
y,andaccel
erati
ngdel
ivery
.

Sadly,suppl
ier
salsooperat
eintur
bulentandhighly-
competi
ti
vegl
obalmar ket
s
andthuscanr arel
yaf
fordadecentlevelofcyber
securi
tyanddat
aprotect
ionfor
thei
rcli
ents.

IBM sayst heaveraget i

met oidenti
fyabreachi n2019wasashi ghas206
days.Stil
l,evenwor se,suchat t
acksareinfrequent
lydetect
edbothduetot hei
r
sophisti
cationandlackofski l
l
sami dthevicti
ms,eventuall
ybeingsuddenl
y
report
edbysecur ityresearchersorjour
nalistsandfl
abbergast
ingt
hedat a
owner s.

Cybercri
minalsar
ewellawareoft
hisl
ow-hangi
ngfr
uitandwi
llcont
inueto
purposel
ytargett
hisweakestl
i
nktogetyourdat
a,t
radesecr
ets,andint
ell
ec-
tualpr
operty
.

3.
)Ext
ernalat
tacksur
facewi
llcont
inuet
oexpandwi
thoutcont
rol

61% ofor gani

zati
onshaveexper iencedanIoTsecurit
yincidentin2019,
accordingtoCSO Onl i
nebyI DG.Thegl obalpr
oli
fer
ationofIoTandconnected
devices,usageofpubliccloud,PaaS,andIaaSgreat l
yfacil
it
atesbusi
nessand
enablesrapidgrowth.Concomi t
ant,andoft
enunnoticed,istheincr
easeinan
organizat
ion'
sexternalat
tacksurface.

Putitsi
mply;anexter
nalatt
acksur
facei
scomposedofallyourdi
git
alasset
s
(akaITassets)t
hatat
tacker
scanaccessfr
om t
heInt
ernetandatt
ri
butetoyour
organi
zati
on.

t
hehac
ker
news
.com 2
 Traditi
onaldi
gitalassets,suchasnetworkorwebser vers,areusuall
ywel l
i
nvent ori
ed,butRESTf ulAPIandwebser vi
ces,hybri
dcloudapplicat
ions,and
business-cr
it
icaldatahost edonext
ernalplat
for
ms-ar ej ustafewexampl esof
mushr oomingdi gi
talassetsofamodern-dayattacksurf
acet hatr
emai n
unattended.

Asyoucannotpr
otectwhatyoudon'
tknow,thevastproport
ionoft
hesedi
git
al
asset
sar
enotproperl
ymaintai
ned,monit
ored,orpr
otectedinanymanner
.

Thesituati
onisexacerbatedbyroguemobileapps,f
raudul
ent
,phishi
ng,and
squatti
ngwebsi t
es,detect
abl
ebypr oper
lyi
mplementeddomainsecuri
ty
monitori
ngthatnowst art
spavi
ngitsroadtopopul
ari
tyamongcybersecuri
ty
prof
essionals.

Insummary,asorganizat
ionsupgr
adetheirI
Tandleavebehindatr
ailof
obscur
edigit
alunknowns,whetheri
n-houseorext
ernal
,theeasi
erandfast
eri
t
i
stobreakin.

4.
)Cl
oudmi
sconf
igur
ati
onswi
llexposebi
ll
ionsofr
ecor
ds

Forbessayst hat83% ofenterpri

seworkloadswil
lmovet othecl
oudby2020.
Unfortunat
ely
,thesteadygrowt hofthecloudfordatast
orageandprocessi
ng
widelyoutr
unsr equi
si
tesecurityski
ll
sandadequat etr
aini
ngamongI T
personneli
nchar geofcloudinfrast
ruct
ure.

Gart
nerr
epor
tsthataround95% ofcl
oudsecuri
tyfai
l
uresr
esul
tasaf
aul
toft
he
cust
omer
,notvendorsofpubl
iccl
oudinf
rast
ruct
ure.

Unsurpr
isi
ngl
y,asubst
antialpartofsi
gni
fi
cantdat
aleaksin2019st
emsfrom
misconf
i
guredcl
oudstorage,exposingthecrownJewelsoft
helar
gestt
ech
companiesandfi
nanci
alinsti
tut
ions.

InJuly2019,theworl
dmediareport
edabr eachofCapit
alOne,bei
ng
presumablythelar
gestdat
abreachwithi
ntheUSf i
nanci
alsect
orandaf
fect
ing
approxi
mately100mill
ioni
ndi
vidual
sintheUnit
edStatesand6mi l
l
ioni
n
Canada.

t
hehac
ker
news
.com 3
 Report
edly
,theatt
ackerexpl
oit
edami sconf
igur
edAWSS3buckett
odownl
oad
ext
remelysensi
ti
vedatalef
tunatt
ended.

Whil
eCapi t
alOneest i
mat
edonlyi
tsdir
ectlossesst
emmingf
rom t
hebr
eacht
o
at
tai
n$150mi ll
ion,t
heFBIlat
erdi
scl
osedt hatasmanyas30ot
her
or
ganizati
onscouldhavebeencompromisedusingt
hesameAWS
mi
sconfigur
ati
on.

Foreseeabl
y,i
n2020,cl
oudsecur
it
yinci
dent
swi
l
lst
ayat
opofdat
abr
eachr
oot
causes.

5.
)Passwor
dre-
useandphi
shi
ngat
tackswi
llskyr
ocket

Justf
ortheworl
d'
slar
gestcompaniesfr
om theFor
tune500l
i
st,onemayf err
et
outover21mil
l
ionofval
i
dcr edent
ial
sexposedint
heDarkWebi n2019,says
ImmuniWeb.

Cybercr
iminal
spreferrapi
dandriskl
essr
aidst
ot i
me-consumingAPTat
tacks,
cost
ly0days,orchainedexpl
oit
ati
onofsophi
sti
catedvul
nerabil
i
ti
esi
nSAP.

Evenifmanyorganizat
ionsfi
nal
lymanagedtoimplementaconsumableIdent
it
y
andAccessManagement( IAM)syst
ems,withst
rongpasswordpol
ici
es,MFA,
andconti
nuousmoni t
ori
ngforanomali
es,f
ewexternalsyst
emsareincl
udedin
thesaf
eguardedscope.

Suchgrey-
zonesyst
emsr
angef
rom SaaSCRM andERPt
oel
ast
icpubl
i
ccl
oud
pl
atf
orms.

EvenifthepasswordsfoundorpurchasedbytheattackersontheDar kWeb
arei
nvalid,t
heyprovi
deagr eatwealt
hofideasforingeni
oussocialengi
neer
ing
campaigns,faci
l
it
atephishi
ngandsmar tbr
ute-
forci
ngattacks.

Frequentl
y,theseat
tacks,bei
ngatf i
rstsightquit
eprimiti
vefrom atechnical
st
andpoint,demonstrat
eastonishi
ngef f
iciencyandrelentl
esslyundermineand
decoll
atetheorgani
zati
on'scybersecuri
tyr esi
l
ienceeffor
ts.

t
hehac
ker
news
.com 4