Gatefy's cybersecurity predictions for 2020

Updated at: Jan 17, 2020
By Gatefy

Top cybersecurity predictions for 2020.

We talked to Gatefy's team of cybersecurity experts to create a prediction of events and threats that are most likely to impact 2020. You can check the result below. At first, we anticipate that some methods and threats already known and widely used by digital intruders are still on the rise. In addition, our team points out that the increasing migration to cloud platforms will probably increase the number of data breaches.

9 top cybersecurity predictions for 2020

1. Sophisticated attacks based on machine learning and big data

Machine learning and big data are indispensable components when it comes to protection and security. But increasingly these technologies have been used in attacks and scams. In 2020, we can expect an increase in the number of smart and sophisticated threats.

In practice, machine learning and big data will be widely used as tools for collecting target information, identifying vulnerabilities and evading barriers and security solutions.

2. Targeted attacks using ransomware

Ransomware attacks have long been at the top of the list as one of the world's top cyber threats. This year, they’re expected to continue increasing. The difference is that ransomware attacks have become increasingly targeted, more personalized. We can say that attackers are spending more time studying their targets and planning their attacks.

It means that this combination of ransomware, social engineering and spear phishing will do even more damage in 2020. By the way, Europol has already pointed this out in its latest report.

3. Targeted phishing scams and BEC

Targeted phishing or spear phishing will remain a trend in 2020 as it is more effective and profitable than many types of scams. According to our team, this type of scam will evolve further in terms of techniques and methods, integrating different channels. Imagine that a scam starts with a phone call and ends up with a malicious email requesting a wire transfer.

To further illustrate, see as an example Business Email Compromise (BEC) attacks, which is a type of phishing aimed at a specific target within the company. In recent years, the FBI has pointed to BEC as the digital threat that most causes financial damage to companies. Unfortunately, this situation is going to get worse.

4. Cybercrime as a service or CaaS

The term SaaS (Software as a Service) is already widespread. But what is likely to gain even more momentum this year is Cybercrime as a Service (CaaS), which are malicious kits marketed on the dark web and ready for use.

The big problem with CaaS is that it empowers cybercrime by providing malicious tools almost automatically. This speeds attackers' operations while still allowing non-technical criminals to gain access to super sophisticated mechanisms and threats such as ransomware, spear phishing, and DDoS.

5. Supply chain attacks

In our team's opinion, the number of supply chain attacks will continue to increase. The reason is logical. By attacking the most vulnerable partners and suppliers, criminals increase their chances of success.

Imagine the damage a cybercriminal causes inside a company, for example, by replacing a legitimate software with a similar and malicious product. Thereby, he can gain access to confidential information and even infect the company with some form of malware.

6. Cloud computing misconfiguration

The cloud computing market is huge and just growing. Of course, there are numerous advantages of cloud computing, such as lower maintenance costs and faster deployment. However, the security of data and information in the cloud will be a concern and a much more discussed issue in 2020.

The main reason is cloud computing misconfiguration, the human factor or error. While the cloud ensures flexibility and ease, it also opens vulnerabilities and gaps caused by human error. In this sense, the wrong configuration of infrastructures can and will be determinant for data leaks to happen.

7. Malicious mobile apps

Many security reports already point out to the immense variety of scams targeting smartphones. The explanation is simple. We use smartphones for everything, whether to keep confidential information, to protect it, or to pay a bill. Within this context, the biggest danger is malicious apps.

Apple and Google have been working to block and ban malicious apps. But in the opinion of our security team, this is almost an endless war. In 2020, hackers and malicious app developers will continue to infiltrate stores through new methods and tactics.

8. Cyberwarfare

The political and technological tension that drives countries, organizations, and businesses will be even bigger in 2020. The result will be more cyber espionage campaigns and attacks, ie cyberwarfare. The U.S., Russia, China, and North Korea will probably once again be among the main actors in this war.

In this scenario, it's crucial to note that there will be a presidential election in the United States this year. Do you remember the case involving leaked Democratic Party emails and information in the last election?

9. Deepfake technology

To close our list, as we mentioned the U.S. election, let's talk about deepfakes. Deepfakes, with its highly believable video, image or audio counterfeits, will create a new level of scams and threats this year. In fact, there is already news about cybercriminals using artificial intelligence to create voice and manipulate employees and businesses.

Protection requires prevention and visibility

The sophistication of the attacks will require more engagement and attention in 2020. The combination of different security solutions that can act on different fronts and levels of protection will remain decisive in fighting threats. In other words, you need to be aware and prepared to face any challenge.

Having this in mind, adopting solutions that use artificial intelligence and machine learning will be crucial to preventing, monitoring and detecting threats. Another key point is to think about visibility and control over systems and information flow. Finally, investing in information security education and awareness, especially in the case of companies, is another indispensable factor.