Trevor Pott, Technical Security Lead at Juniper , explains it clearly : in the course of 2020, traditional, improved cyber security attacks will still dominate the market.
"The most common and most effective attacks are those that rely on people doing something they shouldn't," says Pott. "In fact, there is every reason to say that human error will continue to be taken advantage of."
Certainly, there will be a greater focus on emerging technologies, such as deepfakes (manipulated videos where a person's face is replaced by another person's face), however, new attack vectors need time to spread and will most likely not pose an immediate threat.
"The Bluekeep vulnerability, forexample, has only recently become a full-fledged weapon, despite being disclosed in May 2019, and is far less complicated to use than deepfakes," he adds. Last year ended with an increase in login credential theft, facilitated by the fact that the number of compromised credentials increases every year and new records in personal data breaches are continually being reached.
Going forward, Pott urges security professionals to pay attention to SaaS (Software as a Service) applications and IaaS (Infrastructure as a Service) accounts, especially those of major cloud service providers. "The larger the user base, the richer the target, and despite decades of recommendations, people still reuse the same credentials for different accounts they have on the network," he highlights. "The best defence is multi-factor authentication, which, however, is still a niche solution in terms of real-world usage."
Cyber security threats are becoming more targeted
As Laurence Pitt, Global Security Strategy Director at Juniper, explains,
phishing attacks will become smarter and harder to detect:
"Cyber criminals can use public domain information scattered across the internet (political views, interests, pets, work, family) to carry out more effective attacks.During the 2020s, we will see an increase in phishing emails that use public domain personal data to target people and increase the credibility of the message, while making it increasingly difficult to distinguish a phishing email from a genuine one. Theadvice, in addition to stopping clicking on links in emails, is to use a password manager, as most of these programs do not allow passwords to be entered into fake sites when the URL address is not recognised."
Deepfakes are also something to be wary of, although their widespread use is not foreseeable in the short term. Says Pitt: "In 2020, this technology may become increasingly sophisticated and we may see deepfakes at work in social engineering to access corporate data. What if a deepfake is created in which the CTO of a company makes forward-looking statements that affect the share price? Or, more simply, a deepfake of a CTO during a video conference asking his team to manipulate or share data?"
While generic attacks are bound to fail, we will see an increase in so-called social engineering attacks: 'Any criminal has enough information in the public domain to build up a good profile of his target: physical appearance, place of residence, work career, pets, friends, etc.With this data, it becomes much easier to contact the victim directly and solicit interaction or response from him'. With this data, it becomes much easier to contact the victim directly and solicit their interaction or response'.
People and objects more connected and more vulnerable
With the advent of 5G, the increase in speed and reduction in latency will allow greater flexibility in the deployment of applications and data.
Without rapid detection and containment, before a threat is found on a 5G network it will have had plenty of time to cross key areas and cause serious damage (or hide and wait). To increase security levels, it will be necessary to leverage network data to speed up detection and response.
Nor should we overlook the consequences of the increasing use of IoT (and IIoT) technologies. "The biggest challenge comes from all the other IoT devices connected to corporate networks whose proliferation on the network grows with business needs but with which the security department is unable to align. Many of these devices lack built-in security technologies, so security must be considered as part of the overall network strategy. Expect cyber criminals to take advantage of this."
