Working at the rock face of cybersecurity – testing organisations’ defenses against cyber threats and managing the cleanup after an incident has occurred – gives you a useful perspective when it comes to predicting how the threat landscape will evolve. Yet my core prediction for the security challenges facing businesses in 2020 would be – more of the same.
This might seem strange given the dramatic evolutions we have seen in organisations’ security strategies over the past year. For example, we have seen many more businesses introducing multi-factor authentication (MFA). The main candidate has been email service providers, with the likes of Office 365 and G Suite lowering the barrier to entry when it comes to implementing MFA. This is good news for consumers, and certainly makes it harder for cybercriminals to break into victims’ email accounts – so it’s good news for businesses too.
Elliott Thompson is the Principal Security Consultant at SureCloud.
But cybercriminals, like the rest of us, tend not to abandon proven techniques and processes without good reason. The fact is that some of the most well-established infiltration and data extraction techniques are well-established precisely because they are so effective, and organisations are still scrabbling to keep up.
Social engineering and phishing offer access to the cloud
One example is social engineering and credential phishing techniques, which have been prominent in cybercriminals’ arsenal for years now – it’s just the infrastructure elements they can gain access to which have evolved. Over the past year, we have seen even the most initially reluctant organisations dip their toes in cloud computing services, such as Microsoft Azure and AWS waters – and remarkable levels of criminal success in gaining access to these cloud dashboards, usually through credential stuffing or phishing.
It might seem shocking that anyone with admin access to production environments would make such a mistake, but in larger organisations or those with an array of different accounts, it is far more common than it should be.
Ransomware has matured into a stable business model
Similarly, ransomware has truly become one of the most powerful and effective weapons that bad actors can deploy. We’ve seen fewer and fewer instances where ransomware’s poorly implemented cryptography can be exploited to unlock files for free. Likewise, we’ve seen fewer occurrences where an attacker takes over a large network and demands a small amount of money. Unfortunately, many threat actors are capitalising on incomplete disaster recovery service coverage across organisations.
It would be surprising, I think, if we don’t see a large, fully deployed BlueKeep-based malware campaign in 2020. This security vulnerability in Microsoft’s Remote Desktop Protocol, which enables remote code execution on the part of cybercriminals, could be the starting point for truly devastating attacks.
Machine learning is at criminals’ fingertips
Machine learning and AI are being genuinely leveraged by many endpoint security tools and applications, often around flagging unusual network traffic or user behavior logs. We’re likely to see machine learning applied to more novel security use cases in 2020, where the usual deviation analysis is less able to help.
That’s the good news. But just as machine learning is being harnessed in exciting ways by security professionals, it is also offering criminals rather more devious possibilities. It will be used more and more frequently when generating malicious content attempting to bypass the already-prevalent machine learning-powered filters. We are truly in a machine learning arms race – and unfortunately, there are still too many incidences where the so-called AI powering an apparent clever security tool is in fact just a series of nested ‘if’ statements. Security professionals need to take AI seriously and harness it properly – just as criminals are.
Timeless challenges, newer defenses
And beyond these more recent technical evolutions, the main security challenges facing both small and large organisations in 2020 are likely to follow three near-timeless classics:
The age-old challenge of preventing weak, shared, and similar credentials across our networks is of course still ongoing. But with the previously mentioned increase in multi-factor authentication use, this problem looks to be improving for identity management. One big recommendation now is to forget all the old password guidance that spawned the likes of Monday1? and Brazil2019! and instead implement the current NIST guidance of dropping the number, case and symbol requirements in favor of a much greater minimum length to encourage passphrases rather than passwords.
2. Inbound communications:
From malicious email attachments and phishing attempts to forged invoices and CEO fraud, the volume and scale of these attacks is trending upwards. Whilst new technologies on the perimeter are certainly helping to reduce the volume of malicious content that ends up in-front of our staff, an attacker only needs to win once. In 2020 I expect we’ll see a heavier automation of the email content generation rather than just the sending, with the attacker’s aim being to defeat the existing filtering systems.
3. Eroding perimeter:
Our network boundaries have been getting further blurred over the years, which looks set to increase into 2020. Even in small organisations, simply being able to list the third-party applications that are used by all staff members is likely to be a difficult prospect. In many cases, our information is spread across dozens of disparate systems hosted by different organisations, such as CRM and productivity software. From Slack to ZenDesk, Office 365 to AWS, accessing internal company resources often no longer requires being inside the corporate network. Compromised staff credentials used to mean an attacker rummaging through Outlook Web Access. Now it can mean full access to SharePoint, support tickets and their chat logs.
How can organisations best protect themselves?
Across the three main challenges of credentials, inbound communications and the eroding perimeter, a mixture of password analysis, phishing and remote-compromise engagements are essential. However, in line with more and more organisations migrating workloads to the cloud, it is also vital for those organisations to discuss at the procurement stage how those cloud services containing company resources and data are being handled. Enterprise security and risk postures now reach far beyond their own premises and network perimeters and reach into the cloud, and this demands a more collaborative approach to security than ever before.
Elliott Thompson is the Principal Security Consultant at SureCloud.
- We feature the best in cloud antivirus here.