This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
2019 has seen cybersecurity issues firmly take their place in the news, both for the technology industry and the general public. While organizations are increasingly aware of the importance of cybersecurity, most are struggling to define and implement the required security measures. From data breaches and IT security staff shortages to security automation and integration – let’s take a quick look at 10 cybersecurity trends that are likely to shape the cybersecurity landscape in 2020.
1. Data Breaches as the Top Cyberthreat
Data breaches continue to be reported as the biggest cybersecurity concern, and this is likely to continue for as long as personal data remains a valuable black market commodity. Ensuring data privacy, and especially the security of personal data, is likely to remain top of mind for organizations. In part, this is due to increasingly stringent privacy legislation, such as the European Union’s General Data Protection Regulation (GDPR), but organizations are also more and more aware of the negative consequences of a breach for their image. With web application flaws being a leading source of data breaches, ensuring web application security has become a top priority for all organizations.
2. The Cybersecurity Skills Gap
The demand for cybersecurity professionals continues to exceed supply, even though security teams have to deal with more threats than ever. With as many as two in three organizations worldwide reporting a shortage of IT security staff, automated security tools such as online vulnerability management solutions are fast becoming essential to maintaining a good security posture. Modern products can allow even a small team to efficiently secure multiple websites and web applications, providing a technological solution to pressing recruitment problems.
3. Cloud Security Issues
As business processes, infrastructure, and data are increasingly moved to the cloud, protecting information and critical infrastructure requires completely new approaches to enterprise security. Cloud-based threats will inevitably continue to grow, with organizations struggling to maintain control of critical data and ensure real-time threat intelligence. Improperly secured or configured data buckets increase the risk of major data breaches for organizations large and small, and unauthorized cloud services can all too easily be added by end-users. Organizations are discovering that manual security management is no longer feasible for large web application infrastructures, which is forcing them to rethink their approach to web application security.
4. Automation and Integration in Cybersecurity
Security professionals, developers, and engineers are all under pressure to do more with less, so automation and integration are essential across the board. By incorporating security into agile processes such as CI/CD and DevOps, organizations can effectively manage risk while maintaining the required pace and quality of development. Sprawling web applications combining multiple web services are increasingly hard to secure, and automated solutions are becoming a necessity to reduce the workload on understaffed teams.
5. A Growing Awareness of the Importance of Cybersecurity
With digital transformation ongoing in many organizations, awareness of cybersecurity challenges continues to grow not just for major enterprises but also for small businesses. More and more businesses are coming to realize that having an effective cybersecurity strategy and cyber incident response plan is a necessity, not a luxury. Information security training is becoming commonplace for all staff to improve cyber-hygiene and maintain a solid security posture on all levels of the organization. Security is also gaining a permanent place in the software development lifecycle, with SecDevOps/DevSecOps processes to integrate security at all stages of development.
6. Mobile Devices as a Major Cybersecurity Risk
The number of mobile devices used by employees continues to rise, as does the amount of business data stored on these devices. While the direct business impact of mobile malware is low, we can expect an increase in the number of data breaches related to mobile device use and misuse. Every device used to access company systems is yet another endpoint to secure, so one way of reducing risk is to provide access via a secure web application infrastructure with real-time vulnerability management.
7. Increased Impact of State-Sponsored Cyberattacks
Advanced persistent threats backed by nation-state actors are now a major part of the global security landscape. Cybercriminals unofficially supported by the state can execute DDoS attacks, cause high-profile data breaches, steal political and industrial secrets, spread misinformation, influence global opinion and events, and silence unfavorable voices. As political tensions grow, we can expect these activities to escalate – and maintaining security in the face of advanced, globally distributed attackers with access to zero-day exploits will require big business and government organizations to deploy equally advanced solutions to detect and eliminate known and emerging vulnerabilities.
8. Risks Related to IoT Devices
In the race to deliver new products and technologies, security is seldom the first consideration, so it’s no surprise that the booming IoT (Internet of Things) space has brought a wealth of security blunders. Hard-coded credentials, insecure wireless communication, unencrypted personal data, unverified firmware updates, vulnerable web interfaces – the list goes on. Compromised IoT devices such as routers and NAS servers can provide access to communications and data, serve as points of entry for further attacks, or act as DDoS attack drones, while home automation products and wearables can be used to steal personally identifiable information and other data useful to criminals.
9. AI on Both Sides of the Barricade
Advances in artificial intelligence (AI) are bringing machine learning technologies into more and more products in all market segments, including cybersecurity. Deep learning algorithms are being used for face detection, natural language processing, and threat detection. However, AI is also being weaponized by cybercriminals to develop increasingly sophisticated malware and attack methods, requiring organizations to deploy advanced heuristic solutions rather than relying on known vulnerability and attack signatures.
10. The Evergreen Phishing Threat
Phishing attacks remain an effective method of stealing credentials and identities, distributing malware, eliciting fraudulent payments, cryptojacking (cryptocurrency mining) and so on, and the threat is not going away any year soon. The same goes for ransomware attacks, which continue to provide a solid source of income for international cybercrime. Effective protection requires not just proper cybersecurity training for all employees and business partners, but also in-depth security and vulnerability management to prevent attackers from obtaining confidential information used in phishing attempts.
Your Information will be kept private.