BOAZ GORODISSKY is a 30-year veteran of the Israeli Intelligence Community, most recently serving as Head of the Technology. In this role, he re-organized and headed technology divisions overseeing thousands of engineers and a large-scale budget. Mr. Gorodissky began his career as a software engineer and then founded the first offensive cyber department. Mr. Gorodissky holds a B.Sc. in mathematics and computer science and an M.Sc. in computer science from the university of Tel-Aviv.
The years come and go, but one thing seems to stay the same for CISOs: Attackers are always growing smarter, more creative and more aggressive, and environments are always growing more complex. Put those two things together, and you begin to understand the scope of the challenge facing today’s security teams. To help you better meet the most pressing security challenges of 2020, let’s take a closer look at seven predictions for the coming year.
PROTECTING YOUR ‘CROWN JEWELS’ WILL BECOME A MUCH MORE CHALLENGING MISSION
Your security environments will grow much more complex, featuring more infrastructure, more hardware, more software, more devices to secure, more user roles and permissions, and even more punitive regulations. Many of the security methods and techniques that have been effective in the past will no longer be helpful to protect your most critical assets. To go with that, as systems get more interconnected, the enterprise perimeter will continue to shift, for users connect from anywhere to data and applications delivered from anywhere.
THE DEFENDER’S MISSION WILL OUTGROW THAT OF THE ATTACKER
As the attack surface expands, the number and severity of risks will also multiply. With the potential payoff from cyberattacks on organizations becoming ever more lucrative, attackers will throw everything they have at defenders. Greater resources will be deployed to attack the infrastructure, including APTs. Attackers will be significantly more aggressive (and creative) in their attempts to target key assets. In short, in this asymmetrical battleground, there will be more and better prizes, so more resources will be deployed to conquer them.
THE SHORTAGE OF HUMAN EXPERTS WILL SKYROCKET
The lack of enough cyber human experts will be bigger, and the needs will be higher than the ability to supply these needs. In order to overcome this situation, you need automation to empower the ability of the human experts with machines. In other words, the shift away from human domain experts and toward automated solutions will accelerate dramatically in 2020. Those domain experts who remain, meanwhile, will need an ever-evolving set of skills to handle the fresh challenges and more complex scenarios created by new technologies and expanding infrastructure.
CLOUD SECURITY CONCERNS WILL BECOME EVEN MORE CRITICAL
As cloud migration continues to accelerate, security issues are growing in parallel. Many organizations are placing pressure on their security teams to work through cloud security issues on their preferred cloud migration timeline. Understanding the risks and challenges of securing and managing assets within the cloud is going to be a crucial task for security teams in 2020. And this task won’t be easy — cloud security is exceedingly complex because there is so much unexplored terrain. The recent Capital One breach, which exposed more than 100 million accounts, was the result of a simple server misconfiguration. That such a simple attack can wreak such havoc merely emphasizes the scope of the problem.
LOW-COST CYBER WARFARE WILL ESCALATE
Governments and non-state actors have increasingly turned toward asymmetrical cyber-warfare to accomplish strategic goals. Why? It’s relatively inexpensive, it can trigger profound repercussions, it’s quiet and it’s very difficult to prevent. In 2019, we saw the Trump administration allegedly deploy cyber-warfare in response to an Iranian military action against Saudi Arabia. Expect more significant conflagrations to occur in 2020.
MISINFORMATION WARFARE WILL TARGET ORGANIZATIONS’ REPUTATION
Fake news and misinformation spread via social media are now an entrenched political practice. In 2020, we can expect these attacks to migrate from the realm of politics into the corporate sector. Rather than dealing with pure ransomware attacks, organizations will have their reputations targeted via coordinated fake news and social media disinformation campaigns.
COUNTDOWN TO A MASSIVE CYBER TERROR ATTACK TO INFRASTRUCTURE
This prediction may be somewhat apocalyptic, but we could see at least one massive civil infrastructure attack in 2020. Disruption of physical infrastructure by a nation-state on this scale would be a considerable escalation, but given the trend toward greater and more impactful cyber-warfare attacks, we unfortunately can’t rule this out. And more, there is a very real threat that the technology will fall into the wrong hands, of terror groups, with a great chance they will try to use these sophisticated tools. However, unlike nations, they will definitely be less careful, with no ethical concerns or limitations.