Global Security Threats Organizations Must Prepare for in 2020


As we kickoff a new decade, it's time, once again, to gaze into our crystal ball and look at the year ahead.

In 2020, businesses of all sizes must prepare for the unknown, so they have the flexibility to withstand unexpected and high impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since new attacks will most certainly impact both shareholder value and business reputation.

After reviewing the current threat landscape, there are three dominant security threats that businesses need to prepare for in 2020. These include, but are not limited to:

  • The Race for Technology Dominance 
  • Third Parties, the Internet of Things (IoT) and the Cloud 
  • Cybercrime – Criminals, Nation States and the Insider

An overview for each of these areas can be found below:

The Race for Technology Dominance 

Technology has changed the world in which we live. Old norms are changing, and the next industrial revolution will be entirely technology driven and technology dependent. In short, technology will enable innovative digital business models and society will be critically dependent on technology to function. Intellectual property will be targeted as the battle for dominance rages. 

Evidence of fracturing geopolitical relationships started to emerge in 2018 demonstrated by the US and China trade war and the UK Brexit. In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize.  This race to develop strategically important next generation technology will drive an intense nation-state backed increase in espionage. The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies. The UK’s exclusion from the EU Galileo satellite system, as a result of the anticipated Brexit, is one example.

New regulations and international agreements will not be able to fully address the issues powered by advances in technology and their impact on society.  Regulatory tit for tat battles will manifest across nation states and, rather than encourage innovation, is likely to stifle and constrain new developments, pushing up costs and increasing the complexity of trade for multinational businesses.

Third Parties, the IoT and the Cloud 

A complex interconnection of digitally connected devices and superfast networks will prove to be a security concern as modern life becomes entirely dependent on technology. Highly sophisticated and extended supply chains present new risks to corporate data as it is necessarily shared with third party providers. IoT devices are often part of a wider implementation that is key to the overall functionality.

Few devices exist in isolation, and it is the internet component of the IoT that reflects that dependency. For a home or commercial office to be truly 'smart', multiple devices need to work in cooperation. For a factory to be 'smart', multiple devices need to operate and function as an intelligent whole. However, this interconnectivity presents several security challenges, not least in the overlap of consumer and operational/industrial technology.

Finally, since so much of our critical data is now held in the cloud, opening an opportunity for cyber criminals and nation states to sabotage the cloud, aiming to disrupt economies and take down critical infrastructure through physical attacks and operating vulnerabilities across the supply chain. 

Cybercrime – Criminals, Nation States and the Insider

Criminal organizations have a massive resource pool available to them and there is evidence that nation states are outsourcing as a means of establishing deniability. Nation states have fought for supremacy throughout history, and more recently, this has involved targeted espionage on nuclear, space, information and now smart technology. Industrial espionage is not new and commercial organizations developing strategically important technologies will be systematically targeted as national and commercial interests blur. Targeted organizations should expect to see sustained and well-funded attacks involving a range of techniques such as zero-day exploits, DDoS attacks and advanced persistent threats.

Additionally, the insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. 

The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.

Don’t Get Left Behind

Today, the stakes are higher than ever before, and we’re not just talking about personal information and identity theft anymore. High level corporate secrets and critical infrastructure are constantly under attack and organizations need to be aware of the emerging threats that have shifted in the past year, as well as those that they should prepare for in the coming year.

By adopting a realistic, broad-based, collaborative approach to cyber-security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber-threats and respond quickly and appropriately. This will be of the highest importance in 2020 and beyond.

About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

 

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "https://ift.tt/2satH9Q"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more