2020 predictions from Christopher Kennedy, CISO and VP of Customer Success at AttackIQ on 2020 cyber security predictions including MITRE ATT&CK and the presidential elections.
2020 Election Security Insecurity:
Election security will be an open wound that can’t be healed in time for the 2020 election. There is still bad blood from the 2016 election which has created a social distrust of technology and there is not enough time to strengthen the integrity of the election system in such a way that the electorate can be confident in the outcome. This begs the question, will there be public faith and acceptance of the outcome of the 2020 election, and if not, what will happen? Public concern will serve as a springboard for the federal government as well as state/county election officials to enact real change and significant improvements to cybersecurity of election infrastructure before the 2024 election.
Fight The Power Against Technology:
We are just beginning to recognize the social dangers of rapidly-advancing and broadly-used technology in a highly connected society. Take new biometric technologies, as just one example. Advanced facial recognition capabilities are being used by governments around the world, and in response, consumers have begun to revolt by creating and donning an “opt out” cap that obstructs the wearer from being identified by facial recognition scanners to avoid physical tracking. In 2020 we’ll see a continued rejectionist movement, particularly among young people; further exploitation of various technologies; and a growing trend of avoiding social media. We will witness a strong movement of distrusting the government’s use of technology in the processes that put them in power, and in services intended to protect and support the public.
Defense Wins Championships:
New unfolding laws like the Hack Back Bill allow organizations to take a more proactive and near-offensive strategy in their incident response and defensive approaches. However, companies need to be careful to strike a delicate balance in investing in hack back techniques and understand there is unproven case law and legal ambiguity surrounding this approach. Companies must be aware of the full implications of this complicated bill and understand that having the right security policies, programs and tools in place to properly protect data is still the best line of defense. As Paul Bear Bryant says, “defense wins championships.” It is more important to have a thorough and measured security program in place that adequately protects your organization than it is to take advantage of now-potentially-legal offensive security concepts.
The Emergence Of MITRE ATT&CK:
As cybercriminals are always evolving and creating new attack methods, organizations will be at even greater risk in 2020. To keep up with new threats, MITRE ATT&CK will emerge as one of the most beneficial tools for organizations as it allows them to predict the next steps of an attack based on known threats and focus resources on thwarting specific phases of a likely attack. MITRE ATT&CK also recently partnered with several enterprises to create the Center for Threat-Informed Defense, a research group dedicated to advancing a shared understanding of adversary behavior. No one can predict what new attack methods will come in 2020, but companies will increasingly lean heavily on the MITRE ATT&CK framework to inform their cybersecurity programs and identify gaps in coverage or configurations in need of remediation.
Keep Your Coins, We Want Change:
In 2019, over 50 tech CEOs came together urging S. lawmakers to create a federal data privacy legislation. Why? Because of the continued regulatory sprawl across international, national and state standards. Managing cybersecurity should not be as complicated as adhering to the IRS tax code. Breaches continue to be a pervasive problem, and the complexities of applying various and overlapping regulations in a globally-connected world are not helping. To this end, we’ll see some consolidation of regulatory requirements and standards in 2020.
More Money Doesn’t Mean Less Problems:
Enterprise spending on cybersecurity will reach an all-time high in 2020. Today, companies spend an average of $18.4M on cybersecurity each year, and 58% plan on increasing their IT security budget in 2020. This increased spending is due to emerging cybersecurity threats, the need to support enterprise technical transformation, and C-suite and boards becoming more involved in their company’s cybersecurity strategy. What’s truly alarming is that 53% of IT experts admit they don’t know how well the cybersecurity tools they’ve deployed are working. Enterprises must have full visibility into their environments and be able to identify if tools are working as expected, if there are gaps and if any tools overlap or are misconfigured. British Airways and Marriot are both examples of why having visibility at all times is important with the companies receiving hefty fines of $230 million and $123 million, respectively for their data breaches. While cybersecurity insurance can help, it is not always enough. Companies should invest in a programmatic approach that includes automation which continues to validate that security is working as expected, at all times.
Rise of Mid-tier MSSPs:
In 2020, we will see a rise of the mid-tier MSSPs, as they are more focused on identifying the best tools to address specific cybersecurity challenges. The big channel partners on the other hand, are too focused on chasing money associated the sale of large, legacy providers that claim to “do it all.” Enterprises are increasingly frustrated with this approach and prefer partners with expertise on the latest, most effective security practices and solutions.