Deepfake was a term coined in 2017 relating to fake videos being created by deep learning techniques. We expect deepfake to make considerable impact across all aspects of our lives in 2020 as their potential increases. Our prediction is fourfold:
- Ransomware authors will send targeted deepfakes to ransomware targets. Recipients will see realistic videos of themselves in compromising situations and will likely pay the ransom demand in order to avoid the threat of the video being released into the public domain.
- It is well known that Business Email Compromise/Business Email Spoofing has cost businesses billions of dollars as employees fall for the scams and send funds to accounts in control of cybercriminals. In 2020 deepfakes will be used to add a further degree of realism to the request to transfer money.
- We have already seen deepfakes in the political arena in 2019. With the 2020 United States presidential elections due in November 2020 we expect deepfakes to be leveraged as a tool to attempt to discredit candidates and push inaccurate political messages to voters via social media.
- We will see Deepfakes As A Service move to the fore in 2020 as deepfakes become widely adopted for both fun and malicious reasons
5G offers unprecedented data theft speeds
Fifth generation cellular network technology (5G) is now available in cities and countries around the world. As the roll-out of 5G continues into 2020 and beyond it will place faster data transfer capabilities into the hands of employees – employees who have access to corporate cloud applications on their managed (corporate-issued) and unmanaged (personal) devices.
Data transfer rates on 5G are more than 10 times faster than 4G. Imagine being able to download a 2 hour movie in less than one minute. The more reliable connectivity and lower latency will work in favor of determined employees wishing to transfer swathes of corporate data.
The anticipated proliferation of such devices will appeal to employees who will access and retrieve company data via their 5G-enabled, super-connected personal device rather than continue to use slow and patchy coffee shop Wi-Fi connections or tethering to their now outdated corporate-issued 4G-enabled phone.
Organizations will become “Cloud Smart” but remain “Cloud Dumb”
As we enter 2020 more and more organizations, especially government agencies, are moving to the Cloud as part of their digital transformation. We should expect to see greater and greater breaches of Public Cloud systems as a result.
This change will come about, in part, due to a shifting emphasis mandated by governments around the globe. A Cloud First policy has been in existence within the US government since 2011. Since 2013 the UK government has mandated that central government “should consider and fully evaluate potential cloud solutions first before considering any other option.” This year the US government adopted the 2019 Federal Cloud Computing Strategy (Cloud Smart) and the UK government is expected to reveal a new policy early next year. The US iteration of Cloud Smart typically includes security, procurement, and workforce components, but many organizations remain significantly challenged in these areas.
As organizations go from “Cloud First”, or “Cloud All”, to “Cloud Smart” they tend to remain “Cloud Dumb” as it relates to securing their systems in the Public Cloud. Typical Public Cloud vendor shared responsibility models state the cloud service providers are responsible for protecting infrastructure while the customer is responsible for protecting their data, monitoring access, managing configurations, observing anomalous user behaviors, monitoring system vulnerabilities and patching, and analyzing suspicious host and network activities. Attackers will have a renewed focus on Public Cloud accessible systems and data in 2020 and beyond due to the richness of the prize and ease of accessing it. We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous.
Organizations will mature in their approach to data/privacy protection legislation
Awareness around the need for data privacy and data protection has increased significantly over recent years mostly as a result of regulations such as GDPR and CCPA. Our prediction around this area is threefold.
From speaking to organizations around the globe we have seen an acceptance that maintaining an individual’s (customer’s) privacy and protecting their data can be a differentiator of a business’s service. We expect this trend to continue into 2020 and beyond.
Many businesses focused on the headline takeaways from such regulations – most notably that a data breach of personal data belonging to European citizens will result in large fines. In 2020 we shall see organizations explore the non-breach non-compliance implications of data privacy and protection regulations. This will invoke a move from a breach prevention approach to a more holistic principles-based approach. In review of the fines levied in 2019 we expect 2020 to be a case of “You ain’t seen nothing yet” in regards to the size and quantity of fines that Supervisory Authorities will bring to bear on offenders.
Currently many businesses are manually compliant to the regulations, in that, should they receive a high volume of Subject Access Requests under GDPR, for example, they may struggle to service that volume of requests in a timely fashion. Thus businesses will look to automate through adoption of suitable technology.
Move from Indicators of Compromise to Indicators of Behavior
Indicators of Compromise (IoC) is a term for artefacts that indicate potentially malicious activity. These could be the URL of malicious and phishing websites, email subjects used in a spear phishing campaign or IP addresses of prominent spam senders. IoC could also include network traffic using non-standard ports, suspicious registry setting changes and abnormal read/write volumes. IoC are threat-centric in nature and have been the staple of cybersecurity protection for decades. Organizations have reached a base level of hygiene offered by threat-centric approaches.
Indicators of Behavior (IoB) on the other hand are focused around the behavior of users and how users interact with data. Specifically the focus is on Indicators of Bad Behavior – as organizations recognise that the majority of employees turn up to work to do a good job and are low risk. By understanding how a user/employee/contractor/account usually behaves in relation to themselves, within a job role or within a peer group it is possible to identify the pre-cursor to behavior that may present a higher risk to the business, such as data theft “in progress”.
Our prediction is that 2020 will see a marked increase in the number of organizations recognising the need to enhance their IoC-based threat intelligence with the contextual insights of behavioral indicators. A shift to Indicators of Behavior will better protect their data in the modern network environments that support anytime, anywhere working. As such business’s cybersecurity strategies will shift from an outside-in approach (looking at how external attackers are seeking to penetrate a perimeter) to one of an inside-out approach (understanding the risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application.