According to the US National Cyber Security Alliance, 83% of small businesses have no formal cybersecurity plan, and 69% have no plan in place at all. This makes small businesses easy pickings for your average hacker. How prepared are small businesses? The short answer is ‘not very.’ Hackers aren’t interested in the devices, they want to get into the network and access the company’s crown jewels.
The primary risk for SMBs in 2020 will continue to be ransomware. The increasing sophistication and decreasing cost of “ransomware-as-a-service” will enable hackers to execute attacks with impunity. Expect to see ransomware become more sophisticated in terms of contextual ransoms – adjusting the ransom demand through automated determination of the ransomee’s industry, size and ability to pay.
Hackers will also look to gain access to SMBs networks and more lucrative data and information such as banking information, payroll details, client details, etc. Once they have access to information, how they manipulate and use it will be endlessly creative, e.g. blackmail attacks, phishing scams, and more ‘advanced’ attacks that use information as a springboard for accessing supplier/client networks. Small businesses who believe antivirus software on endpoint devices is sufficient will also be at risk if they fail to religiously apply upgrades.
Legislation and concern about reputational damage will continue to drive cybersecurity onto the enterprise executive agenda in 2020. Large organizations will continue to allocate resources to 24/7 network monitoring, security intelligence, incident response, behavioral detection, predictive analytics and more. Conversely, small businesses that don’t have these same resources will find themselves the targets of hackers who have identified them as easier prey. These small businesses will start to wake up to increased cyberattacks and will need to implement more stringent and disciplined cybersecurity defenses.
Machine Learning & AI
While machine learning has been used in cyber security for some time, it is becoming increasingly important. Used for detection of advanced and low-incidence rate threats without human intervention in endpoint security software it provides an added layer for zero day threat detection.
Supervised AI algorithms are most typically used today in the cyber security industry. These extract and learn from patterns in existing corpii of known good and known bad files, to enable evaluation and risk-scoring of new files that the algorithm has not encountered before (such as zero-day threats). Leading edge firms are also utilizing unsupervised models that extract feature sets and parameter models based on unlabeled data sets, in order to extract hidden patterns and novel approaches to detecting threats. We expect to see significant advances in the use of unsupervised deep learning models in 2020 to extend the state of the art in threat detection and amelioration.
To be effective, cyber security solutions must respond very quickly to threats. The old model in which a potentially suspicious file was flagged, uploaded to the cloud, and then reviewed by multiple threat detection algorithms (and even human analysts) is no longer sufficient. This concept, known as “pioneer dies” simply can’t keep up with the pace of evolution of the threat landscape. During 2020 we will see increasing use of highly-optimized machine learning models running not just in the cloud, but actually on the endpoint itself. This will enable dramatically faster identification and termination of threats in real-time.
5G and cybersecurity
5G is set to be the most sweeping communication revolution we have ever experienced and will usher in an area of innovative new consumer services. Because 5G is a switch to mostly all-software networks, and upgrades will be like the current periodic upgrades to your smartphone, the cyber vulnerabilities of software poses potentially enormous security risks.
The big question is how the 5G network revolution and its attendant devices and applications will be secured? There’s already a lot of speculation and theories but it’s an unusual situation in that while 5G will ultimately define how we live our lives and fuel economies there are so many participants no one has ultimate responsibility for cybersecurity.
However, that said during 2020 responsibility for cybersecurity will begin to coagulate. We believe this will largely veer towards service providers who deliver the network, supported by governmental and industry security bodies working together. We could also see the seeds of legislation and best practise guidelines for device and application providers to ensure their products have a cybersecurity seal of approval. In parallel with this we are also set to see a wider introduction of artificial intelligence and machine learning to combat the threats, especially among the network providers. As such expect to see network providers unveiling plans for automation expanding across all layers of the security architecture.
Virtual Private Networks (VPNs)
It is worth keeping in mind that the VPN market has grown exponentially over the past 10 years as both consumers and businesses seek to protect their data and secure their privacy, particularly in emerging countries. According to Statista in 2019 there were over 360 million Wi-Fi hotspots in the world many of which are vulnerable and unsecured hotspots. Ironically, the lowest number of global VPN users are in the US, UK (5%), Germany (6%) and Australia (4%) according to learn.g2.com. Yet these three countries are in the top ten for online shopping.
Connecting to any Wi-Fi network presents a potential privacy issue and exposes much of your data without your knowledge. Widespread use of fake Wi-Fi to fool users into connecting to a network that a hacker has complete control of is more commonplace than we might think. Driven by growing awareness about privacy concerns and a greater understanding about the need for cyber security we can certainly expect even greater VPN usage in the Western world during 2020. And among countries that censor online content usage will also continue to climb.
However, perhaps most markedly we may well see the emergence of VPNs offered to customers by popular online services. Facebook had a stab at this last year but unsurprisingly it sank without trace when it emerged that its Onavo Protect was actually collecting data even when a device was turned off. People are not so easily fooled anymore; they want genuine nailed down privacy and this will be the driving issue for growing VPN adoption in the coming year.
Browser-based attacks based on exploiting browser extensions were largely theoretical until a few years ago. But attackers are becoming increasingly sophisticated. A developer’s browser extension tool called SingleFile was recently used by attackers to obfuscate phishing attacks by copying the login pages of legitimate websites as part of a phishing campaign.
This is a single example but browser extensions are becoming a compelling target for attackers, because a lot of extensions have massive user bases. And they are updated automatically, which means that if a user has downloaded an innocuous extension, it can be updated to become malicious and the update would be pushed to the user without the user noticing anything amiss.
Greek researchers recently discovered an attack method called MarioNet which opens the door for creating giant botnets from users’ browsers. These can be used for in-browser crypto-mining, DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud and more.
Equally alarming eight Chrome and Firefox extensions were also recently discovered to be leaking user data, including personally identifiable information. This data included personal interests, tax returns, GPS location, travel itineraries, gender, genealogy, usernames, passwords, credit card information and a lot more. The data was being sent to a service that sold it to subscribers as ‘data jewels’.
The eight extensions had a total user count of millions. That said the extension user policies said they may collect user data, either personally or non-personally identifiable. Yet the scale of the data leak is alarming and for sure users had no idea about the extent and depth of the data leak.
At a more general level browser extension APIs are exploited to execute code inside the browser and steal sensitive information such as bookmarks, browsing history and user cookies. An attacker can also hijack a user’s active login sessions, access sensitive accounts, such as email inboxes and social media profiles. The extension APIs can also be used to trigger the download of malware and store them on a user’s device.
As can be seen browser-based attacks and data leaks of personal information are growing and consequently secure browsing that defends against browser attack methods and stops extensions downloading automatically will become ever more important in 2020.
Paul Lipman is the CEO of cybersecurity company, BullGuard.