Cybersecurity Predictions 2020 Forescout Research Labs

Industrial companies will continue to shift toward artificial intelligence solutions for analysis of cybersecurity data. This is part of a broader trend of companies shifting towards tools that can efficiently and effectively automate tasks, such as workforce challenges, costs, and security needs. AI and machine learning tools will leverage data – the new oil in cybersecurity – to augment human decision making.

Industrial companies are looking for ways to better protect their critical infrastructure devices, the vulnerability of which have become more apparent in the past years given the growing number and increasing severity of attacks on power utilities and manufacturing plants. CISOs are hungry for tools that can help them with this problem and AI has the potential to flag anomalous activity that could point to an attack and analyze sensor data for more effective responses to security threats and even predictive maintenance needs. This is important because downtime in critical infrastructure environments can be catastrophic. AI is far from a silver bullet, requires extensive expertise and is still largely in early technical innings, but demand for it will grow in 2020 and beyond.

The market for 5G infrastructure technology is expected to reach $4.2 billion and two-thirds of companies intend to deploy 5G in 2020, according to Gartner. 5G technologies allow businesses to replace existing networks with a lower latency, higher bandwidth alternative, letting them connect more types of devices and enhanced capabilities around technologies like AI, edge computing and automation. This presents a significant opportunity for companies to mature their technology posture.

As adoption spreads, so do potential security threats from these devices. Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices. Further complicating that paradigm is the fact that devices leveraging 5G could potentially bypass some traditional cybersecurity technologies by connecting directly to cellular networks. It’s unclear if this changing risk paradigm will result in an attack or breach in 2020 due to the newness of the technology, but regardless, companies will have to consider changing their security strategies or leave a growing group of devices without adequate protection

The federal government will continue to evolve mechanisms for evaluating the cyber postures of departments, agencies, and government contractors. As part of this, Federal Information Technology Acquisition Reform Act (FITARA) will phase out to Agency-Wide Adaptive Risk Enumeration (AWARE) and NIST 800-171 will phase out to Cybersecurity Maturity Model Certification (CMMC).

The federal government will also continue to mature its capabilities to provide guidance and assistance to key sectors, especially the power sector, through programs from the Department of Energy/Office of Cybersecurity, Energy Security, and Emergency Response (DOE/CESER) and Department of Homeland Security (DHS). Through this, it will put pressure on the power and healthcare sectors to improve, with calls for more robust regulation of health delivery organizations and calls for North American Electric Reliability Corporation critical infrastructure protection (NERC CIP) to be reimagined.

In 2020, disruptionware will increasingly intersect with connected systems and rogue devices in building automation and operational technology (OT) systems. These disruptionware attacks include ransomware, but also reach more broadly to include disk-wiping malware and similarly disruptive malicious code. In recent research, Forescout noted the rise of disruptionware across the industry, particularly manufacturing that relies heavily on OT technology. These attacks are incredibly impactful on business. Companies affected by LockerGoga in 2019 – including U.S. chemical companies Hexion and Momentive – were forced to replace entire systems infected with the malware. Other companies hit by the NotPetya ransomware, including Spanish food distributor Mondelez and Danish shipping firm Maersk, estimated their losses to be $100 million and $300 million from the attacks, respectively.

We expect to see many more of these attacks in 2020. We also believe there will be at least one big attack on a major energy or manufacturing company that will severely disrupt the company’s operations. This event will serve as yet another wake-up call to CISOs to reconsider the IT/OT convergence inside their own companies, evaluate technologies like network segmentation, which will allow them to protect these systems. It will also serve as a wake-up call to federal and state regulators, who will put more pressure on power, manufacturing and healthcare sectors with more robust regulation.

CISOs have increasingly assumed responsibility for securing OT networks as those networks converge with IT networks. To date, that trend of IT-OT convergence has largely been a technical one. Networks for IT and OT have increasingly overlapped, with 84% of organizations already adopting or planning to adopt an IT-OT convergence strategy in 2019, according to SANS.

This trend will expand in 2020 to become a cultural one too. As CISOs increasingly assume responsibility for securing OT networks–previously relegated to teams running those networks–many more will choose to combine the IT and OT security teams into one cohesive organization. This will require not only a cultural shift as the teams come together, but also new skills and training for IT, OT, and hybrid IT-OT teams. It will also mean the creation of a roadmap for how IT and OT will work more closely.

Some CISOs may also choose to further combine the security teams with the network or other teams inside of the organization in an effort to create even more efficiencies. A few organizations have already started doing this, with the idea that security will be more integrated throughout the enterprise.

Hospitals will finally start to shift how they procure Internet of Things (IoT) medical devices in 2020. This will happen in recognition of the attacks these organizations have seen in the past few years. While security will not always outweigh other factors, like cost, licensing, support, or type of device, it will increasingly become a consideration in the purchasing and procurement process. This is an important consideration as the number of IoT devices in healthcare rises by an anticipated 2 to 3x.

There will also be increasing budget available and projects more commonplace to secure devices that cannot be updated or replaced, as doing so is expensive. Overall, in both cases, healthcare organizations will move up the maturity model for cybersecurity in 2020, and those that do not follow this trend, particularly small and medium size organizations, will continue to face devastating cybersecurity threats.

Windows 7 is going to “end of life” on January 14, meaning Microsoft will no longer support or regularly update the system with fixes when a security vulnerability is found. History will repeat itself in 2020, with at least one major attack leveraging the vulnerability to affect companies around the world, similar to what we saw with the end of life of Windows XP. WannaCry is one example of what kind of devastating effects an unpatched, out-of-date operating system can have. The attack leveraged the EternalBlue Windows vulnerability as an entry point, then spread laterally across organizations. Microsoft had issued a patch for this vulnerability, but organizations that hadn’t applied it or were running out of date operating systems, like Windows XP, were still vulnerable.

There are multiple reasons organizations could choose not to upgrade, even if the operating system poses a security risk. For example, the device may be running critical software that won’t work appropriately on a more recent version of Windows, like Windows 10. But those who do not, or do not take other appropriate mitigating measures like network segmentation, will be putting themselves at increasing risk over time.

Financial services companies have been accelerating their adoption of cloud technologies as part of digital transformation strategies. But this migration from the data center to the cloud also can result in increasing cybersecurity challenges, driven by factors like misconfigurations in networking devices and business application servers that lead to exposed critical data. This is particularly concerning as financial services companies migrate more of their critical business applications and workloads to the cloud.

We predict that this acceleration in cloud migration will result in a massive data breach in 2020, the size of which could be as significant as Equifax, given the amount of data these companies hold and their increased willingness to migrate critical data and applications to the cloud.