Cybersäkerhetsprognos 2020

Vi kommer drabbas av en epidemi av allt mer sofistikerad skadlig kod och attackmålen kommer vidgas till att omfatta mediehus, skolor och forskningsinstitutioner. Det är några av de dystra förutsägelser för 2020 som ges av Morgan Wright, Chief Security Advisor, SentinelOne.

Läs mer här (på engelska)

The Ransomware Epidemic

Not only will it continue, the symptoms will get worse. Attacks will become more sophisticated and attack frequency and associated ransom demands will increase for several reasons.

First, attackers have grown to understand the profile of an easy target, which has proved for now to be municipalities and local government organizations. These targets hold limited resources, are slow to patch, utilize legacy defense solutions and employ yesterday’s technology and best practices in an attempt to solve tomorrow’s problems.

The most effective way to combat a ransomware attack is not to get hit in the first place, which can only be achieved through closing the gap on attacker sophistication and modernizing defenses. Unfortunately, bureaucratic budgeting and procurement processes will make it impossible for government agencies and towns to keep up with today’s attackers. Public sector budgets for the following year are typically allocated by July 1st, which means that public sector organizations will firmly remain 18-24 months behind the security curve. Additional funding to replace outdated legacy systems will not be available in the short-term.

Second, ransomware is a profit-driven business and its a bull market. Following Baltimore where a demand of $76,000 was not met resulting in damages of more than $18M, a trend of municipalities forgoing advice of the FBI to not pay attackers has emerged. This trend will likely continue as cyber insurance which was once considered a nice-to-have is now a necessity and paying attackers out under claims is far more appealing than damages totaling eight figures.

The Next Ransomware Attacker Jackpot

We’ve seen countless attacks on public school districts and higher ed providers in 2019 which will likely continue, but I expect research institutes to increasingly be in the crosshairs in the coming year. Research institutes hold tremendous amounts of sensitive data that can be criminally monetized and are notorious for disproportionate resource spending. Attackers will use automation to find vulnerabilities and exploit those who are spending on non-security personnel and neglecting security technology.

Hospitality is another industry I expect to be targeted more frequently in 2020. Because of its reliance on point-of-sale equipment and excess spending on advanced analytics to make the customer experience more personalized opposed to defense investments, attacker points of entry are susceptible.

Other industries include TV stations and media outlets, logistics/shipping/transportation, and the energy grid and utilities. Just imagine how quickly an energy or utility company will lean on its insurance policy if people do not have access to power or water. Currently, the U.S. energy grid is a fragmented structure, making a nation-wide attack extremely difficult to carry out.  However, if the consolidation trend continues, I expect targeted ransomware attacks. Albeit not ransomware, only weeks ago we saw the first-ever cyberattack successfully disrupt operations for a U.S. energy provider and just look at what Russia did to Ukraine in 2015. Where money is to be made ransomware will follow.

Federal Cybersecurity Legislation

State legislatures have made their wishes for new, federal cybersecurity legislation well known in 2019, but this is not a solution to an immediate problem. Congress has repeatedly shown a lack of experience and know-how in matters of cybersecurity and the process of putting new legislation into effect is far too slow to provide timely assistance (litigation -> regulation -> legislation). Historically, we haven’t elected our public officials based on their cybersecurity knowledge (but this may soon change). 

What government organizations must do is better utilize resources currently at their disposal, such as the Multi-State Information Sharing and Analysis Center (MS-ISAC), Elections Infrastructure ISAC (EI-ISAC), Electronic Crimes Task Force (ECTF), High Technology Crime Investigation Association (HTCIA) and Department of Homeland Security (DHS). These organizations are comprised of highly qualified, highly experienced individuals and government organizations at all levels are not taking sufficient advantage of these no-cost resources.

Election Hacking

What happens in 2020 is not going to be what happened in 2016. Social media will always be used for good and bad, but I expect 2020 election security to be a two-front war with motivation determining the adversary. According to the Director of National Intelligence (DNI), ransomware is the single biggest threat for the next election

The new enemy will be criminal groups due to the significant amount of money on the table. To elicit payment all they must do is create the perception the election has lost its integrity. Widespread infection is not necessary. If a single swing state voting registration database can be compromised or the counting process can be affected, national and even global gridlock over a “hacked” election will ensue. Democracy depends on a peaceful transition of power. Attackers understand a few bitcoin will be a small price to pay to avoid the chaos and will look to cash in.

Om SentinelOne

SentinelOne levererar autonomt endpointskydd genom en enda agent som automatiskt förhindrar, detekterar och spårar alla attacker oberoende var ifrån de kommer. S1-plattformen är konstruerad så att den är extremt enkel att använda. Dessutom sparar kunderna tid genom att tillämpa plattformens AI som automatiskt eliminerar hot i realtid både lokalt och i molnet. Det är den enda lösning som ger fullständig synlighet över nätverk direkt från slutpunkten.

För mer information besök sentinelone.com eller följ oss på @SentinelOne, LinkedIn eller Facebook.

Taggar: