It seems as everyone as their dog is dishing out predictions, I thought it's about time I threw my hat into the ring.
Having been an analyst, a practitioner, a consultant, and a genius (according to my youngest) who better to enlighten you and help you navigate the next decade of cybersecurity threats as we enter 2020.
Anti-virus is not enough
With the rise of polymorphic threats and the explosion of unique malware variants, the industry is quickly realizing that traditional approaches to anti-virus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against today’s threats.
We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware.
Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2020.
Social Engineering as the Primary Attack Vector
More and more, attackers are going directly after the end-user, and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine.
Social engineering is already one of the primary attack vectors being used today, and we estimate that the number of attempted attacks using social engineering techniques is sure to increase in 2020.
Rogue Security Software Vendors Escalate Their Efforts
In 2020, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom.
A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. In these cases, users are technically getting the software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.
Social Networking Third-Party Applications Will be the Target of Fraud
With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow.
In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.
Mac and Mobile Malware Will Increase
The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck.
In recent years, we've seen Macs and smartphones targeted more by malware authors. As Mac and smartphones continue to increase in popularity in 2020, more attackers will devote time to creating malware to exploit these devices.
Specialized Malware
Highly specialized malware has been uncovered across the decade that was aimed at exploiting certain niche products such as ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited.
Expect this trend to continue in 2020, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.
Non-English Spam Will Increase
As fast connection continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, we estimate the levels of localized spam will exceed 50 percent of all spam.
Plot twist
You may have been nodding along to some of these predictions, and others may have left you wondering at some of the terms I've used. That's because all of these predictions are not from today, in fact they were made ten years ago in a blog post from Symantec.
Yes, that is right, after ten years, we can see that while some of the terminology has changed slightly, and there is a pervasiveness of cloud and IoT; the fundamental issues haven't changed a great deal.
Social engineering, unpatched software, and third party attacks remain just as much, if not more prevalent today as they were a decade ago.
So, for 2020, maybe the best advice I can give is to hit pause on looking forward at the horizon for some magical answer to all your threats - and focus on what's here right in front of you today.