The experts are agreed: as we move into a new year and a new decade, cyber crime is becoming more sophisticated.
As consumers and technology users, we’re being urged more than ever to practice vigilance as nefarious emails, texts and messages seek to cheat us of our identity or our money.
Related story: The AusPost scam that could ruin Christmas
Related story: Spotify scam harvests users' credit card details
Related story: 15.9 million Aussies at risk of major bank scam
And in the cybersecurity sector, the experts are working hard to get better at identifying and preventing criminals from accessing systems, data and information that’s not theirs.
According to the professionals themselves, these are the cybersecurity trends to watch out for in 2020:
Businesses will invest in cyber security, and AI will fight cybercrime
Following an explosion of data breaches in small, medium and large businesses over the past year, investment in data security and cloud security became the key cybersecurity theme for 2019.
In 2020, businesses will spend more time and effort understanding the levels of cyber risk in their organisation and implement cybersecurity roadmaps to ward against the breaches of 2019.
Creating a roadmap will likely fall on the Chief Information Security Officer whose role will become crucial for businesses in an increasingly digital world. A roadmap will help businesses maintain continuity and provide the guardrails needed to protect themselves from cyber threats.
Another trend we can expect to see in 2020 will be the use of artificial intelligence (AI) to fight cybercrime. As organisations move away from a data centre to cloud-based platforms, the use of AI-based technologies will continue to grow and be more widely adopted.
–Ramesh Thiagalingam, Head of Infrastructure at ELMO Cloud HR & Payroll
Consumers take matters into their own hands...
I anticipate, as consumers react to the growing number of data breaches and demand better protection from the companies they do business with, they will start to take matters into their own hands. While using multi-factor authentication has long been a best practice, consumers will bolster their security with other techniques like biometrics to help protect their data and devices.
Facial recognition and fingerprint ID on smartphones and other devices have made consumers comfortable and accustomed to biometric identification ― voice, behaviour and other forms of biometric technologies are a natural extension of this, and will likely become more widely adopted in the coming year.
Simon Marchand, CFE – Chief Fraud Detection Officer, Nuance Communications
...But the bad guys will use deepfakes to get past facial ID
It’s predicted that deepfakes, created by an untrained class, will enhance an increase in quantity of misinformation. In addition, adversaries will begin to generate deepfakes to bypass facial recognition.
With these threats shaping the cyber trend curve, businesses are urged to protect their data sitting on-premise and in the cloud. To adequately do so, the shared responsibility model is something that needs to be understood, with a strategy in place to support it.
Through data transformation, data is more valuable than ever, and every organisation now has a certain level of responsibility for its protection. Being cyber resilient and having a proactive mindset and approach to security is going to be crucial as we move into the new year.
It’s important for organisations to not only know how to address an attack but have measures in place to prevent an attack, with a strategic, cyber resilient plan of action in place. Data is the lifeblood of not only threat intelligence, but organsiations of today, and we’re committed to helping organisations make the important move to a proactive security posture.
Data and insights will offer tech and security professionals an inside look into the effectiveness of their defenses against all kinds of threats. It’s urged they cease this opportunity to quickly and accurately respond to threats.
–Gary Denman, Vice President, ANZ, McAfee
Cyber experts need to upskill for better protection
Cybersecurity is a space that’s constantly evolving as new threats surface and cybercriminals become more sophisticated. What skills in security will we need next? Among the trending technologies was ‘certified ethical hacker’ and the top security course centres around understanding ethical hacking, which provides the fundamentals of ethically and efficiently exploiting vulnerabilities in systems by assuming both the mindset and toolset of an attacker.
The spike in professionals wanting to upskill and expand their knowledge in ethical hacking is a trend we’ll see emerge in the Australian market, especially following a year of notable data breaches. In 2020, the local cybersecurity space will see organisations and security professionals focus largely on defending against attacks to avoid data breaches and hackers getting into the cloud and internal systems.
Security teams are urged to stay up-to-date with knowing how to identify vulnerabilities and defend against them. This begins with understanding the difference between hacking, which is maliciously driven by cybercriminals, and ethical hacking, the practice of thinking and looking at your network through the eyes of malicious attackers in effort to enhance the security of infrastructures.
To truly remain ahead of the cyber trend curve and keep security skills up to scratch, organisations must invest in a skills development platform that can offer interactive courses to enhance overall security by providing recommendation-based courses in real-time.
–Mike Featherstone, Managing Director, ANZ/APAC, Pluralsight
Data management will get more tangly
“Migration to the cloud is quickly transforming the IT landscape; accelerating business outcomes by enabling improved data accessibility and user self-service. However, these benefits do not come risk-free as organisations are increasingly faced with the challenges of managing increasingly fragmented – often multi-cloud located – data sets, causing less control of data, and greater exposure to cybersecurity risks.
2020 will see a growing complexity of cloud environments and a shift from data security and aggregation to a unified data management. As organisations integrate different clouds for different use-cases, security teams will be taking a step back to make sure their data architecture is holistic and properly managed.
There will be a greater emphasis on the capacity of data management systems and platforms when it comes to facilitating the protection of different cloud environments from containers, to massive databases, to Platform-as-a-Service and more.
Cloud data strategy will be an essential part of the playbook. Cyber threats and data breaches can be countered if the right strategy with data management tools are in place before the breach even takes place. Organisations are responsible for data management first and foremost when it comes to cybersecurity.
–Prasanna Gulasekharam, Area Vice President, ANZ, Commvault
Apps and programs need to become more secure
The coming year we will see heightened innovation in the Australian banking and financial industry as Open Banking initiatives occur for banks and fintechs alike. With the RBA reassessing economic rates in February 2020, there’ll be a much greater emphasis on the security of ‘open’ APIs (application program interfaces) which will be required to allow third-party applications to access user data.
The security of customers’ data is just as important as the security of your applications. In 2020, organisations will need to holistically approach security as encryption, identity and content validation. DevOps will play a large role in the security of APIs, and will need to define, publish, secure, monitor, and intently analyse APIs. Developers should prepare to be driving the overall API design for open banking platforms.
As we thrive in the application capital era, the security of APIs, while a focus for 2020, is only one piece of the cybersecurity puzzle. Data breaches continue to be a key threat to the security infrastructure of any business with 53 percent of data breaches targeting the application itself. Security must be embedded within the DevOps process, where security is integrated with governance into the DevOps life cycle from the beginning.
–Jason Baden, Regional Vice President, F5 Networks, ANZ
Scams will get more sophisticated, and businesses need support
As we enter 2020, we’ll see cybercriminals leveraging ransomware and phishing attacks to target an organisations’ security posture. With the major spike in adoption of online email platforms, credential-based attacks will become much more problematic.
This will result in cybercriminals undertaking more targeted attacks via embedded hyperlinks in attachments to infiltrate a network. With this in mind, it’s never been more important for organisations to implement more than just firewalls and basic email security solutions, but to leverage multifactor authentication and increase user security awareness.
While one piece of the cybersecurity puzzle is, of course, the technology behind it, cybersecurity is also about the people driving and monitoring the security posture of an organisation. For IT and security teams to source the right kind of cyber support in 2020, it’s encouraged for technology partners to be consulted and brought on-board to provide both security policies and programs, and support employees’ approach to security.
With an existing local tech and cybersecurity skills gap looming, a technology partner can step in to correct and train staff, which will be essential in the coming year, especially as more than a third of respondents (37 percent) to a Brennan IT survey advised they don’t conduct security training.
We operate in a cybersecurity landscape that’s never static, so it’s crucial for organisations to tap into third-party support to remain proactive and vigilant, especially with the steady rise of new threats and cyber risks.
–Stephen Sims, Chief Executive Officer, Brennan IT
Ransomeware will become more tactical – and that’s bad news
Ransomware is causing damage and costing companies money, but in totally different ways to the past. In 2020, it will be used more strategically and cause even more damage if companies fail to employ appropriate protections.
Malicious actors will transform how ransomware has traditionally been used. It will no longer be considered a nuisance or an easy opportunity to raise money quickly. Now, malicious actors are exfiltrating sensitive data or intellectual property and ransoming it back to the company on the threat of releasing the data to the public.
Or, ransomware is deployed in an isolated part of the business as a diversion, for example, causing IT staff to begin incident response in one section of their network, whilst the malicious actors perform their primary goal – data exfiltration, lateral movement etc – in other sections of the business.
Ransomware will be used in very different tactical ways in 2020 and business leaders must be mindful of the new diversity of risks associated with lax security policies and protections.
–Cameron Exley, Manager, Network Security, Rackspace.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.