2020 will see a rapid increase in ransomware attacks on the cloud, targeted at industries particularly vulnerable to downtime, including healthcare, government and industrial control systems, according to the WatchGuard Threat Lab. Already a billion-pound industry, ransomware has so far largely left the cloud untouched but as businesses of all sizes move their servers and data, WatchGuard predicts more attacks on consolidated cloud assets, such as file stores, S3 buckets and virtual environments as the cybercriminals evolve to maximise profits.
“The team at our WatchGuard Threat Lab has been tracking the trends over the last 12 months and it is clear that ‘shotgun blast’ ransomware attacks are being replaced by targeted attacks,” said Corey Nachreiner, CTO at WatchGuard Technologies. “Too many companies think that migrating to the cloud means moving their data to a ‘safe haven’. While the threats on the horizon won’t be any less intense, complicated or difficult to manage, we do see a move to simplify security in order to mitigate the risks.”
The WatchGuard Threat Labs’ ‘ones to watch’ for security predictions for 2020 also include:
Attackers will find new vulnerabilities in the 5G/Wi-Fi handover to access voice and/or data of 5G mobiles
Security researchers have already exposed flaws in the cellular to Wi-Fi switch when people use devices in public Wi-Fi hubs, which have intelligence built in to automatically and silently switch between cellular and Wi-Fi. So, as 5G is rolled out, it’s very likely we will see a large 5G to Wi-Fi vulnerability exposed in 2020, which could potentially allow attackers to access the voice and/or data of 5G mobile phones when they start to increase in use and operability. The only way to prevent attackers eavesdropping or access data on cellular to Wi-Fi connections is to use a VPN. More information about how to create a secure Wi-Fi deployment can be found at: https://www.trustedwirelessenvironment.com/what-is-a-trusted-wireless-environment/
A quarter of all breaches will happen outside the perimeter
The more widespread practises of flexible and mobile working mean operating outside the traditional network boundary, which has been a key part of a layered security defence. And as mobile devices can often mask the signs of phishing attacks and other threats, we think that a quarter of all data breaches in the next 12 months will involve telecommuters, mobile devices and off-premises assets.
Multi-factor authentication becomes the norm
Most businesses are still terrible at validating online identities. Previously considered too expensive and cumbersome for midmarket organisations, cloud-based multi-factor authentication (MFA) using easy app-based models have become more available and simpler to deploy and use for organisations of all sizes. Mobile phones have also removed the expensive need for hardware tokens. At long last, company-wide MFA will become the de facto standard among all midsized companies next year.
GDPR goes global
Companies across Europe have already been fined millions of euros for GDPR violations. Meanwhile, the US has no real equivalent, but as companies like Facebook leak more and more of our personal data, which has been used in everything from election manipulation to unethical bounty hunting, US citizens are starting to lobby for greater protection along the lines of the California Consumer Privacy Act which will come into force next year.
The cyber security skills gap widens
Demand for skilled cyber security professionals keeps growing without any recruitment and educational changes which could increase the supply, so we predict the skills gap to widen by an additional 15% next year.
For more information about WatchGuard Threat Lab predictions, please visit: