The Changing Landscape of Cybersecurity in 2020 – Defending the Web Layer
By Atif Mushtaq, CEO & Founder, SlashNext (www.slashnext.com)
The phishing attack arena seems to get worse each year, as cyber criminals find new imaginative ways to target unsuspecting users. While it’s no surprise that phishing will be a top concern in 2020, security professionals should make sure to take a closer look at the new landscape, and don’t neglect to fully protect the web layer – meaning everything from pop ups, bad ads, malicious browser extensions, and multi-level page redirects.
The main issue is the real-time nature of these fast-moving threats, and how to stay ahead of them. In a study we conducted earlier in 2019, only 12% of respondents reported real-time operationalization of threat feeds for blocking, while 19% reported it took between 5-30 minutes and another 20% claimed 30-60 minutes to operationalize. These delays leave enterprises vulnerable to fast-moving phishing and social engineering attacks.
For instance, credential stealing sites such as fake login pages were declared by respondents as the most dangerous phishing type for an enterprise, followed by malware sites hosting rogue browser extensions and apps, scareware and sites hosting weaponized docs on the other end. We found that even large companies with multi-layer security controls and multiple threat feeds lack safeguards to adequately protect their employees from fast-moving phishing attacks that employ links to malicious sites.
With these concerns in mind, here are some key areas where we see the threat landscape evolving in 2020, and where security pros should concentrate their efforts to improve and adapt their defenses.
Encryption changing things. With expanded use of DNS over HTTPS (DoH) and adoption of TLS 1.3, the Internet starts going “dark”. While a boon to user privacy and security, greater encryption blinds many security controls which rely on inspecting network traffic. This will drive greater interest in endpoint security technologies which can survive the move to encrypted traffic. Also note that greater encryption will deprive ISPs and related service and app providers of user browsing data, which is often used for ad targeting or monetized and used in other ways.
ML/AI. Many cybersecurity providers are already using (or falsely claiming to use) machine learning algorithms and AI to improve cyber threat detection and response. Of course, cybercriminals are also exploring ways to leverage ML/AI to come up with better attacks and to find vulnerabilities. ML/AI use in cybersecurity is rapidly maturing, and 2020 may witness some real breakthroughs in employing AI for cyber defense, and unfortunately, cyber-attacks as well.
Security Automation. There’s a huge shortage of skilled cybersecurity personnel, several million worldwide according to some reports. To make do with too few skilled resources, more companies are exploring and expanding security automation initiatives. In recent years, a whole market has emerged for Security Orchestration Automated Response (SOAR) platforms. These SOAR platforms enable teams to orchestrate and automate security actions to get more done in less time and with less manual effort. In 2020, look for greater adoption of SOAR platforms and automated playbooks, as well as for SIEM and Threat Intelligence Platform vendors to add more SOAR-type capabilities.
Human Factor. As cyber defenses generally continue to improve, the human attack surface will see even greater exploitation. In 2020, look for an increase in social engineering and phishing attacks. Phishing has become much larger than an email security problem. Attack vectors have expanded to mobile, social media, messaging apps, ads, and more, and enterprise security guards are largely absent in these other attack vectors. Solutions that can help detect and block these elusive social engineering attacks will see greater adoption as part of multi-layered defense strategies.
The need to step up current security protocols now more than ever is that security is becoming a regulatory issue. While security breaches have always entailed serious financial, reputational, and other consequences, new regulations like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) mean that data breach consequences are that much more severe. What’s more, the GDPR requires reporting of a data breach within 72 hours. Organizations that do not have the capabilities to detect that they have been breached can run afoul of these regulations.
About the Author
Atif Mushtaq is CEO of SlashNext, and has spent most of his career on the front lines of the war against cybercrime. Before founding SlashNext he spent nine years as a senior scientist at FireEye, where he was one of the main architects of FireEye’s core malware detection system. Mushtaq has worked with law enforcement and other global agencies to take down some of the world’s biggest malware networks.