Cybersecurity Predictions 2020 Forescout Research Labs

It’s that time of year again, where we sit down as a team and discuss what trends we expect to accelerate and what new ones will emerge in the next 12 months. What struck us this year as we narrowed down more than 50 predictions to our final eight was just how quickly the cybersecurity industry is changing. Threats and attackers are becoming more sophisticated and continue to wreak havoc on businesses in every size and industry, with no signs of deceleration.

While we can’t put everything that we think will happen in 2020 on this list, we have chosen a few that we think are particularly impactful. The predictions we chose focused on topics we believe are bold and timely, as well as rooted in the trends our customers and researchers saw take place this past year.

1. Industrial Companies Will Continue to Shift Toward Artificial Intelligence Solutions for Analysis of Cybersecurity Data.

Industrial companies will continue to shift toward artificial intelligence solutions for analysis of cybersecurity data. This is part of a broader trend of companies shifting towards tools that can efficiently and effectively automate tasks, such as workforce challenges, costs, and security needs. AI and machine learning tools will leverage data – the new oil in cybersecurity – to augment human decision making.

Industrial companies are looking for ways to better protect their critical infrastructure devices, the vulnerability of which have become more apparent in the past years given the growing number and increasing severity of attacks on power utilities and manufacturing plants. CISOs are hungry for tools that can help them with this problem and AI has the potential to flag anomalous activity that could point to an attack and analyze sensor data for more effective responses to security threats and even predictive maintenance needs. This is important because downtime in critical infrastructure environments can be catastrophic. AI is far from a silver bullet, requires extensive expertise and is still largely in early technical innings, but demand for it will grow in 2020 and beyond.


2. Companies Will Reach a Critical Mass of 5g Devices in 2020, Forcing Them to Reevaluate Their Risk Paradigm for Connected Devices.

The market for 5G infrastructure technology is expected to reach $4.2 billion and two-thirds of companies intend to deploy 5G in 2020, according to Gartner. 5G technologies allow businesses to replace existing networks with a lower latency, higher bandwidth alternative, letting them connect more types of devices and enhanced capabilities around technologies like AI, edge computing and automation. This presents a significant opportunity for companies to mature their technology posture.

As adoption spreads, so do potential security threats from these devices. Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices. Further complicating that paradigm is the fact that devices leveraging 5G could potentially bypass some traditional cybersecurity technologies by connecting directly to cellular networks. It’s unclear if this changing risk paradigm will result in an attack or breach in 2020 due to the newness of the technology, but regardless, companies will have to consider changing their security strategies or leave a growing group of devices without adequate protection


3. The Federal Government Will Continue to Evolve Mechanisms for Evaluating the Cyber Postures of Departments, Agencies, and Government Contractors.

The federal government will continue to evolve mechanisms for evaluating the cyber postures of departments, agencies, and government contractors. As part of this, Federal Information Technology Acquisition Reform Act (FITARA) will phase out to Agency-Wide Adaptive Risk Enumeration (AWARE) and NIST 800-171 will phase out to Cybersecurity Maturity Model Certification (CMMC).

The federal government will also continue to mature its capabilities to provide guidance and assistance to key sectors, especially the power sector, through programs from the Department of Energy/Office of Cybersecurity, Energy Security, and Emergency Response (DOE/CESER) and Department of Homeland Security (DHS). Through this, it will put pressure on the power and healthcare sectors to improve, with calls for more robust regulation of health delivery organizations and calls for North American Electric Reliability Corporation critical infrastructure protection (NERC CIP) to be reimagined.


4. In 2020, Disruptionware Will Increasingly Intersect With Connected Systems and Rogue Devices in Building Automation and Operational Technology (ot) Systems.

In 2020, disruptionware will increasingly intersect with connected systems and rogue devices in building automation and operational technology (OT) systems. These disruptionware attacks include ransomware, but also reach more broadly to include disk-wiping malware and similarly disruptive malicious code. In recent research, Forescout noted the rise of disruptionware across the industry, particularly manufacturing that relies heavily on OT technology. These attacks are incredibly impactful on business. Companies affected by LockerGoga in 2019 – including U.S. chemical companies Hexion and Momentive – were forced to replace entire systems infected with the malware. Other companies hit by the NotPetya ransomware, including Spanish food distributor Mondelez and Danish shipping firm Maersk, estimated their losses to be $100 million and $300 million from the attacks, respectively.

We expect to see many more of these attacks in 2020. We also believe there will be at least one big attack on a major energy or manufacturing company that will severely disrupt the company’s operations. This event will serve as yet another wake-up call to CISOs to reconsider the IT/OT convergence inside their own companies, evaluate technologies like network segmentation, which will allow them to protect these systems. It will also serve as a wake-up call to federal and state regulators, who will put more pressure on power, manufacturing and healthcare sectors with more robust regulation.


5. Cisos Have Increasingly Assumed Responsibility for Securing ot Networks. This Trend Will Expand Further in 2020 to Impact More Areas of the Organization.

CISOs have increasingly assumed responsibility for securing OT networks as those networks converge with IT networks. To date, that trend of IT-OT convergence has largely been a technical one. Networks for IT and OT have increasingly overlapped, with 84% of organizations already adopting or planning to adopt an IT-OT convergence strategy in 2019, according to SANS.

This trend will expand in 2020 to become a cultural one too. As CISOs increasingly assume responsibility for securing OT networks–previously relegated to teams running those networks–many more will choose to combine the IT and OT security teams into one cohesive organization. This will require not only a cultural shift as the teams come together, but also new skills and training for IT, OT, and hybrid IT-OT teams. It will also mean the creation of a roadmap for how IT and OT will work more closely.

Some CISOs may also choose to further combine the security teams with the network or other teams inside of the organization in an effort to create even more efficiencies. A few organizations have already started doing this, with the idea that security will be more integrated throughout the enterprise.


6. Hospitals Will Finally Start to Shift how They Procure Internet of Things (iot) Medical Devices In 2020.

Hospitals will finally start to shift how they procure Internet of Things (IoT) medical devices in 2020. This will happen in recognition of the attacks these organizations have seen in the past few years. While security will not always outweigh other factors, like cost, licensing, support, or type of device, it will increasingly become a consideration in the purchasing and procurement process. This is an important consideration as the number of IoT devices in healthcare rises by an anticipated 2 to 3x.

There will also be increasing budget available and projects more commonplace to secure devices that cannot be updated or replaced, as doing so is expensive. Overall, in both cases, healthcare organizations will move up the maturity model for cybersecurity in 2020, and those that do not follow this trend, particularly small and medium size organizations, will continue to face devastating cybersecurity threats.


7. As we saw With Windows XP, we Will see at Least one Major Attack in 2020 Leveraging Unpatched Vulnerabilities in Windows 7, Which Will go end of Life on January 14, 2020.

Windows 7 is going to “end of life” on January 14, meaning Microsoft will no longer support or regularly update the system with fixes when a security vulnerability is found. History will repeat itself in 2020, with at least one major attack leveraging the vulnerability to affect companies around the world, similar to what we saw with the end of life of Windows XP. WannaCry is one example of what kind of devastating effects an unpatched, out-of-date operating system can have. The attack leveraged the EternalBlue Windows vulnerability as an entry point, then spread laterally across organizations. Microsoft had issued a patch for this vulnerability, but organizations that hadn’t applied it or were running out of date operating systems, like Windows XP, were still vulnerable.

There are multiple reasons organizations could choose not to upgrade, even if the operating system poses a security risk. For example, the device may be running critical software that won’t work appropriately on a more recent version of Windows, like Windows 10. But those who do not, or do not take other appropriate mitigating measures like network segmentation, will be putting themselves at increasing risk over time.


8. Financial Services Companies are Accelerating Their Adoption of Cloud Technologies. While Important in Digital Transformation Strategies, There Will be Increasing Security Implications In 2020.

Financial services companies have been accelerating their adoption of cloud technologies as part of digital transformation strategies. But this migration from the data center to the cloud also can result in increasing cybersecurity challenges, driven by factors like misconfigurations in networking devices and business application servers that lead to exposed critical data. This is particularly concerning as financial services companies migrate more of their critical business applications and workloads to the cloud.

We predict that this acceleration in cloud migration will result in a massive data breach in 2020, the size of which could be as significant as Equifax, given the amount of data these companies hold and their increased willingness to migrate critical data and applications to the cloud.


Conclusion

What these trends all have in common is that they will require companies to be more strategic when it comes to advancing their security controls in 2020. Companies in every industry will need to get ahead of emerging and growing technologies – like 5G, AI, and the cloud – and consider how their existing technologies may pose new threats in today’s cybersecurity landscape. To do that, they should reflect on how their existing tools fit these trends and others that might affect them in 2020 and, if needed, adapt strategically and consider new technologies that can help protect against an attack or limit its impact.

The good news is that, while all signs point to attackers growing stronger and more sophisticated, the cybersecurity industry is also becoming more robust. Innovation is at an all-time high and customers are the benefactors of that. Together, we can strategically tackle this challenge and emerge from 2020 stronger than ever.