Cybersecurity trends to look forward to in 2020

 From left: Mark Loman, Andy Miller, Joe Levy, Dan Schiappa and Scott Barlow

The cybersecurity threat landscape has seen several big shifts throughout 2019, as evidenced in the SophosLabs 2020 Threat Report. Understanding these trends is important for defenders to anticipate what lies ahead and how to best prepare. 

Below, Sophos explores some of the major changes in the threat landscape that emerged over the last year, which will continue to impact cybersecurity in 2020, encompassing everything from ransomware and automated, active attacks to machine learning, mobile and cloud security risks.

1.Ransomware attackers will up the ante – Mark Loman, Director of Engineering for Next-Generation Tech at Sophos

It is a lot easier to change a malware’s appearance than to change its purpose or behaviour, which is why modern ransomware relies on obfuscation to be successful. However, in 2020, ransomware will raise the stakes by changing or adding traits to confuse some anti-ransomware protection. 

From abusing a user’s account to bypass controls and elevate user account privileges to prioritising the document size and drives they target first, ransomware attackers are tweaking their methods to give themselves an edge. Among the most notable advancements is an increase in ransomware attackers raising the stakes with automated, active attacks that blend human ingenuity with automation tools to cause maximum impact. And by encrypting only a relatively small part of each file or booting the operating system to a diagnostic mode (Safe Mode) where anti-ransomware protection is often unavailable, attackers will continue to evade most defences. 

Ransomware will continue to be a major player in the threat landscape as long as victims remain easily identifiable. The low-hanging fruit of exposed services, unpatched systems and compromised credentials will provide an ample bounty to both skilled and unskilled attackers. It is vital to have robust security controls, monitoring and response in place covering all endpoints, networks and systems, and to install software updates whenever they are issued.

2.Little missteps will lead to big breaches in the cloud – Andy Miller, senior director of global public cloud, Sophos

Flexibility is the name of the game in cloud computing. With very little effort, it’s possible to toggle on or off resources as needed. This makes it easy for businesses to scale up computing power to suit the needs of their clients or customers. But when it comes to securing the cloud, all that flexibility and ease can come back to bite you later. 

In 2020, small missteps in the cloud will end up exposing large businesses. The greatest vulnerability for cloud computing is simple misconfigurations. As cloud systems become more complex and more flexible, operator error continues to increase risk. Combined with a general lack of visibility, this makes cloud computing environments a ready-made target for cyber-attackers.

Cloud platforms themselves are so complex, and change so frequently, it’s often difficult to understand the ramifications or consequences of misconfiguring a specific setting. Further, the inability to closely monitor exactly what an organisation’s machines are doing is hugely problematic. Criminals know this and have been attacking cloud computing platforms for precisely these reasons. 

Protecting data stored in the cloud requires a very different toolset, because the threat model is quite different from those of workstations or servers. It’s critical that organisations re-evaluate their cloud strategies with security top of mind.

3.Cybercriminals will try to corrupt machine learning detection models – Joe Levy, CTO, Sophos

Machine learning has become an essential part of most modern organisations’ cybersecurity strategy, and cybercriminals are now aware that these tools are being used to thwart their attacks. In response, criminals will set their sights on trying to evade or undermine machine learning security systems.

As the cat-and-mouse game between attackers and defenders continues, we can expect both offensive and defensive machine learning tools of increasing sophistication and effectiveness to develop rapidly. Over the next year, we expect to see more incidents where cybercriminals attempt to trick machine learning detection and classification models, and even leverage machine learning to generate highly convincing fake content for social engineering attacks. 

Over the coming years, the rate at which the cybersecurity industry experiments with and adopts new techniques from the scientific machine learning community will continue to increase, allowing systems to make semi- or even fully-autonomous decisions in defending information systems and their users. We are on the verge of exciting examples of this, such as the application of novel techniques like reinforcement learning to the problem. These new defence techniques will be crucial, as it’s likely that cybercriminals will begin executing ‘wetware’ attacks by combining automated content generation and manual human effort to personalise attacks against targets, and evade the current generation of defences.

In addition to leveraging prevention and protection to stop attacks before they happen, businesses are advised to take a layered approach to security. By combining human threat hunters with the leading threat intelligence and technologies like deep learning, organisations can detect and contain even the most sophisticated attacks faster, minimising their impacts and costs.

4.5G will introduce never before seen security threats – Dan Schiappa, Chief Product Officer, Sophos

5G will be the most fundamental game-changing technology to impact the cybersecurity landscape – maybe ever. 5G promises to connect almost all aspects of life through the network with game-changing speed and lower latency, but it will also introduce significant security risks with new potential entry points that will expose organisations to new types of attack. 

While 5G holds tremendous promise, overhauling our essential networks will open a Pandora’s box due to the introduction of radio frequencies that to date have not been accessible, not to mention the minimised visibility that will result from them. This will require us to put an even greater focus on the security of our connections, devices and applications.

5G devices come with built-in radios that don’t require communication with the corporate network anymore. This makes it incredibly difficult to identify threats and compromised devices. 

It’s never been more critical for cybersecurity products to work together as a system. Organisations will need a layered approach to security where products connect and share actionable intelligence. A synchronised security approach builds bridges allowing products to work together stronger than they would on their own.

5.MSPs will become security advisors – Scott Barlow, Vice President of Global MSP, Sophos 

In today’s crowded market, it’s more important than ever for MSPs to double down on becoming educated security advisors. Next year, MSPs need to ensure that they are staying up to date on the rapidly evolving threat landscape and available next generation security solutions in order to arm their customers with the industry’s best solutions for staying secure. 

The cyberthreat landscape is moving quickly and end users need help and guidance to ensure they’re being protected from today’s sophisticated attacks. It’s critical that MSPs are educated in order to provide the right resources for their customers – which in turn supports upselling and cross selling – to really take advantage of this opportunity. 

Internally, MSPs also need to take steps to secure their own environments because MSPs are becoming rich targets for cybercriminals. Sophos recommends that MSPs leverage two-factor authentication and ensure they’re locking down their network with layered security to protect themselves from unwanted threats.