5 min read
Opinions expressed by Entrepreneur contributors are their own.
You’re reading Entrepreneur India, an international franchise of Entrepreneur Media.
The year 2020 has inarguably been an unprecedented year for humanity. With a global pandemic upending people’s lives, the cyber world has been no less affected. On the upside, the virus-enforced digital transition in nearly all aspects of our lives has created massive momentum and scale for the uptake of cyber technologies. However, the downside is the increased opportunities this creates for unethical hackers and cyber criminals.
In this backdrop, how is the cyber security landscape going to unfold this year? In other words, what are the leading cyber security trends that are likely to dominate the market in 2020-21?
Shift to SASE security architecture
The single biggest trend that is likely to see traction, also partly due to COVID-19, is an accelerated shift to cloud technologies and the associated security systems and services, away from the LAN era—eventually culminating into what is called Secure Access Service Edge (SASE). With cloud as the cornerstone of remote work architecture, the traditional firewalls will not be enough. Companies will fortify their identity and access management (IAM) tools while employing automated monitoring and remediation capabilities with an eye on proactively countering any identity-related threats on the cloud. With cloud applications getting more dynamic, the cloud workload protection platforms will evolve to join with cloud security posture management (CSPM) for new-age security exigencies. According to Forbes, 83 per cent of organizational workload will migrate to the cloud in 2020. Marking another technology milestone, the always-on SASE will secure workers-on-the-move as well as cloud applications by routing traffic through a cloud-based security stack regardless of the location of users, applications and devices. Gartner estimates that by 2024, at least 40 per cent of enterprises will have clear-cut strategies to take to SASE.
ZTNA-based security to gain momentum
Then zero-trust network access technology (ZTNA) is going to reign supreme on the cybersecurity front in 2020. Premised on the principle that trust itself is vulnerability and network is always hostile, Zero Trust leverages network segmentation, restricts lateral movement, allows Layer 7 threat prevention, and ensures granular user-access control. Deploying dynamic microperimeter and segmentation gateway, the latter a next-generation firewall, ZTNA allows multiple and dynamic levels of access controls. Through continuous trust evaluation, it ensures that legitimate users and applications have access to the protection surface, which safeguards the most valuable data and assets. Since ZTNA ‘obscures’ applications from the internet, it rules out misuse of VPNs.
Extended detection and response (EDR) systems to be more widely used
EDR systems will attract attention this year improving on the erstwhile Endpoint Detection and response. An EDR security system monitors and collects activity data from endpoints to identify possible cyber security threats. As a proactive threat detection and response system, EDR affords higher visibility across networks, clouds and endpoints while combining data from multiple security products and implementing automation and analytics.
Rise of artificial intelligence (AI)
AI and machine learning are undoubtedly the new digital forces sweeping the planet. Over the years, the use of AI has crept to every sector and field, from banking, finance to retail and legal services. While machine learning and AI will increasingly power and shape the human decision-making going forward, AI-driven digital businesses will spur new security systems representing a new trend this year. At the same time, these systems would also have to pre-empt ‘foul’ use of AI itself by hackers who could weaponise these advanced technologies.
Another trend that is likely to gather force this year is security process automation, something pre-designed and pre-programmed to identify, investigate, triage, prioritise and remediate incoming threats. It also obviates the need for performing repetitive tasks based on pre-determined rules and blueprints.
Emergence of new cyber threats
Given the ubiquity of smartphones and their all-pervasive presence in our everyday lives, mobile apps are more than ever are likely to be objects of cyber attacks this year. With a mass of mandatory apps being installed on phones, there are several ways in which mobile phones could be attacked: phishing or more specifically SMiShing (through SMS), broken cryptography or weak encryption algorithms, network spoofing, inappropriate session handling entailing apps sharing session tokens with malicious actors, riskware causing data leakage and spyware.
Then health data security will attract increased attention this year. Particularly, with implanted devices and wearables gaining traction, hackers would use the Internet-of-Things (IoT) network to attack patients with the aim of extracting patient data.
The year 2020 will also likely see more frequent attacks on biometrics-based information in enterprises. Through spoofing or fake or copied biometric information related to facial recognition or fingerprints, hackers can highjack biometric systems and infiltrate into an organisation’s database breaching confidentiality of data and information.
With more and more enterprises opting for Cyberinsurance, hackers are likely to turn greater attention to this sector. If the companies would find it cheaper to use the insurance money to ‘pay off’ the attacker than to rebuild the network, they would in normal course prefer the former route further incentivising the hacker to mount more of such attacks, a cause of worry for governments and companies.
In sum, 2020 will turn out to be an exciting year from the standpoint of cyber security. As more and more devices get smarter entering our everyday lives, the cyber crooks would also ‘smarten up‘ and do everything in their power to stay ahead in the race – posing a challenge to cyber experts and authorities. Apart from those mentioned above, some other spheres that could attract the unsolicited attention of cyber criminals would be shipping, transport and logistics and even cryptocurrencies. At the same time, enterprises, devices and individuals must also guard themselves against possible misuse of drones.