As we enter the New Year, one thing is certain: cyber attacks aren’t going anywhere. Enterprise companies have been tasked with defending their networks from unyielding cyber crooks who want a piece of the pie for themselves. What’s on the horizon for enterprise security threats in 2020? We’ve got a few predictions.
Deep Fake technology can create fake but incredibly realistic images, text, and videos. Computers can rapidly process numerous facial biometrics, and mathematically build or classify human features, to mimic a person or group of individuals for public manipulation. Bloomberg reports the tech is becoming so sophisticated, detecting a DeepFake video from a real one, is getting harder and harder to differentiate for viewers.
While the technical benefits are impressive, underlying flaws inherent in all types of Deep Fake models represent a rapidly growing security weakness, which cyber criminals will exploit. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and educate themselves on the risks as well as hardening systems that require/use facial recognition.
API and Cloud vulnerabilities
An application programming interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. APIs are an essential tool in cloud environments, acting as a service gateway to enable direct and indirect cloud software and infrastructure services to cloud users.
A recent study showed more than three in four organizations treat API security differently than web app security, indicating API security readiness lags behind other aspects of application security. The study also reported that more than two-thirds of organizations expose APIs to the public to enable partners and external developers to tap into their software platforms and app ecosystems. Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams.
With the rollout of 5G continuing in 2020, we will see an increase in the volume and speed of data theft. The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, shows that larger enterprises are not prepared for the security implications of 5G. The top cyber security concerns that came back in this report were:
- Larger attack surface due to the massive increase in connectivity
- Greater number of devices accessing the network
- The extension of security policies
- Authentication of a larger number and wider variety of devices.
As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats.
Ransomware attacks evolve
Ah, ransomware, seemingly every hacker’s favorite extortion tool. According to McAfee Labs 2020 Threat Prediction Report, the increase of targeted ransomware has created a growing demand for compromised company networks. This demand is met by criminals who specialize in penetrating company networks and sell complete network access in one go.
“I expect that the ransomware used will continue to become more advanced. I am concerned that some threats have just become more stealthy, or are working toward that, and that readily available ransomware will enable even novice criminals to maintain stealth. Organizations are spending more resources to defend against ransomware, which might drive out a few of the lesser players, but any organization with resources will still see ransomware attacks happen as a fast and easy way for financial gain, so hackers will continue to pursue advancements.” ~ Karl Gosset, VP of Content Development at Circadence
It’s clear that the threat landscape will continue to grow and become more sophisticated in the coming year, which means it’s time for businesses to step up their security game.
Circadence believes that the best way to do this is through cyber learning games themselves! Our flagship product, Project Ares, delivers real-world attack scenarios in a safe, online range environment and allows users to practice and hone their cyber skills through the use of games. With missions specific to enterprise threats, such as Operation Crimson Wolf and Operation Desert Whale, Project Ares will ready your organization for any looming threats like these. By using a gamified cyber learning platform like this for your security teams in 2020, you can readily pop some champagne and dance the night away, knowing your enterprise is better protected in the new year.