What lies ahead in 2020? We asked Panorays researchers to weigh in on what they see as the key issues that will surface in the new year. Read on for their predictions.
Because enterprises are becoming better at protecting themselves, attackers will continue to go after the weakest link in the supply chain: the smaller third parties that interact with enterprise systems. In 2020, hackers will exploit popular third-party vulnerabilities at scale, similar to the many Magecart attacks that took place in 2019. As a result, we will likely see more smaller companies putting security policies and procedures in place.
As more people store data on the cloud, we will likely see a rise in breaches resulting from cloud configuration mishaps. These won’t be because someone hacked into the system, but rather, because of inadvertent exposure. For more information about how to avoid this issue, see this post.
In 2020, we will see the passing and enforcement of new data security laws. They include CCPA, which goes into effect in January, and other similar laws in the works across the country.
As we saw clearly with GDPR, it will be some time before local regulators have the resources and the know-how to enforce such regulations. However, given the political value and potential financial windfall from high-profile enforcements, there is no doubt that funding will materialize and investigators will be hard at work seeking and investigating juicy targets.
These data privacy regulations will also result in an increased requirement for reporting. Today, only a few industries must report on security breaches, and just those numbers are staggering. Once more industries will be regulated, we will start to truly understand the full impact of cyberattacks.
We saw deepfake attacks—forgeries of videos, audio or photos using artificial intelligence—for the first time in 2019. The epitome was when criminals successfully scammed a British energy company out of $243K by impersonating a chief executive using an AI-generated fake voice.
These attacks are extremely effective because people instinctively believe they can trust a recognizable voice—which seems far more reliable than an email or text message from a familiar source. We will undoubtedly see more of these types of attacks in 2020, which will likely target organizations that deal with money transfers, such as banks and other financial institutions.