In the year ahead, organisations of all sizes must prepare for the unknown, so they have the flexibility to withstand unexpected, high-impact cybersecurity events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since new attacks will impact both shareholder value and business reputation.
After reviewing the current threat landscape, there are three dominant security threats that businesses need to prepare for in 2020. These include, but are not limited to:
- The Race for Technology Dominance
- Third Parties, Internet of Things (IoT) and the Cloud
The Race for Technology Dominance – Trade and Government
Technology has changed the world in which we live. Old norms are changing, and the next industrial revolution will be entirely technology-driven and technology-dependent. In short, technology will enable innovative digital business models and society will be critically dependent on technology to function. Intellectual property will be targeted as the battle for dominance rages.
“The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies.”
Evidence of fracturing geopolitical relationships started to emerge in 2018 demonstrated by the US and China trade war and the UK Brexit. In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize. This race to develop strategically important next-generation technology will drive an intense nation-state backed increase in espionage. The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies. The UK’s exclusion from the EU Galileo satellite system, as a result of the anticipated Brexit, is one example.
Third Parties, IoT and the Cloud – The Emerging Threat Landscape
A complex interconnection of digitally connected devices and superfast networks will prove to be a security concern as modern life becomes entirely dependent on technology. Highly sophisticated and extended supply chains present new risks to corporate data as it is necessarily shared with third-party providers. IoT devices are often part of a wider implementation that is key to the overall functionality.
“The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.”
Cybercrime – Criminals, Nation States and the Insider
Criminal organisations have a massive resource pool available to them and there is evidence that nation-states are outsourcing as a means of establishing deniability. Nation-states have fought for supremacy throughout history, and more recently, this has involved targeted espionage on nuclear, space, information and now smart technology. Industrial espionage is not new and commercial organisations developing strategically important technologies will be systematically targeted as national and commercial interests blur. Targeted organisations should expect to see sustained and well-funded attacks involving a range of techniques such as zero-day exploits, DDoS attacks and advanced persistent threats.