coming years organizations will experience growing disruption as threats from
the digital world have an impact on the physical. Invasive technologies will be
adopted across both industry and consumer markets, creating an increasingly
turbulent and unpredictable security environment. The requirement for a
flexible approach to security and increased resilience will be crucial as a
hybrid threat environment emerges.
of threats will be felt on an unprecedented scale as aging and neglected infrastructure
is attacked and disrupted due to vulnerabilities in the underlying technology.
Mismanagement of connected assets will provide attackers with opportunities to
Businesses of all sizes must prepare for the unknown, so they
have the flexibility to withstand unexpected and high impact security events.
To take advantage of emerging trends in both technology and cyberspace,
businesses need to manage risks in ways beyond those traditionally handled by
the information security function, since new attacks will most certainly impact
both shareholder value and business reputation.
After reviewing the current threat landscape, there are
three dominant security threats that businesses need to prepare for in 2020.
These include, but are not limited to:
- The Race for Technology Dominance
- Third Parties, Internet of Things (IoT) and the
Cloud – The Emerging Threat Landscape
- Cybercrime – Criminals, Nation States and the
An overview for
each of these areas can be found below:
for Technology Dominance
has changed the world in which we live. Old norms are changing, and the
next industrial revolution will be entirely technology driven and technology
dependent. In short, technology will enable innovative digital business
models and society will be critically dependent on technology to
function. Intellectual property will be targeted as the battle for
fracturing geopolitical relationships started to emerge in 2018 demonstrated by
the US and China trade war and the UK Brexit. In 2020, the US and China will
increase restrictions and protectionist measures in pursuit of technology
leadership leading to a heightened digital cold war in which data is the
prize. This race to develop strategically important next generation
technology will drive an intense nation-state backed increase in espionage. The
ensuing knee jerk reaction of a global retreat into protectionism, increased
trade tariffs and embargos will dramatically reduce the opportunity to
collaborate on the development of new technologies. The UK’s exclusion
from the EU Galileo satellite system, as a result of the anticipated Brexit, is
regulations and international agreements will not be able to fully address the
issues powered by advances in technology and their impact on society.
Regulatory tit for tat battles will manifest across nation states and, rather
than encourage innovation, is likely to stifle and constrain new developments,
pushing up costs and increasing the complexity of trade for multinational
Parties, IoT and the Cloud – The Emerging Threat Landscape
interconnection of digitally connected devices and superfast networks will
prove to be a security concern as modern life becomes entirely dependent on
technology. Highly sophisticated and extended supply chains present new risks
to corporate data as it is necessarily shared with third party providers. IoT
devices are often part of a wider implementation that is key to the overall
exist in isolation, and it is the internet component of the IoT that reflects
that dependency. For a home or commercial office to be truly ‘smart’, multiple
devices need to work in cooperation. For a factory to be ‘smart’, multiple
devices need to operate and function as an intelligent whole. However,
this interconnectivity presents several security challenges, not least in the
overlap of consumer and operational/industrial technology.
since so much of our critical data is now held in the cloud, opening an
opportunity for cyber criminals and nation states to sabotage the cloud, aiming
to disrupt economies and take down critical infrastructure through physical
attacks and operating vulnerabilities across the supply chain.
– Criminals, Nation States and the Insider
organizations have a massive resource pool available to them and there is
evidence that nation states are outsourcing as a means of establishing
deniability. Nation states have fought for supremacy throughout history, and
more recently, this has involved targeted espionage on nuclear, space,
information and now smart technology. Industrial espionage is not new and
commercial organizations developing strategically important technologies will
be systematically targeted as national and commercial interests blur.
Targeted organizations should expect to see sustained and well-funded attacks
involving a range of techniques such as zero-day exploits, DDoS attacks and
advanced persistent threats.
the insider threat is one of the greatest drivers of security risks that
organizations face as a malicious insider utilizes credentials to gain access
to a given organization’s critical assets. Many organizations are challenged to
detect internal nefarious acts, often due to limited access controls and the
ability to detect unusual activity once someone is already inside their
from malicious insider activity is an increasing concern, especially for
financial institutions, and will continue to be so in 2020.
A Continued Need to Involve the Board
world’s businesses, governments, and economies grow more interdependent,
knowing how to build resilient organizations and nimble incident response will
be vital to more than cyber security. We no longer hide behind impenetrable
walls. We operate as part of an interconnected whole. The strength to absorb
the blows and forge ahead is essential to competitive advantage and growth, in
cyberspace and beyond.
technologies emerge, organizations need to adapt to the changing norms and
values of society. Information security teams will need to consider the
suitability of implementing evolving or poorly secured technology within the
organization. Failure to protect against pervasive attacks will leave
operations exposed to significant negative financial impacts and damage to
requirement to maintain, improve and harden infrastructure to withstand the
threats posed by people, technology and the elements will become an operational
necessity. Abandoned, unsupported and forgotten assets will increasingly pose a
hidden risk to organisations. While new architectural approaches may seem
tempting, failure to maintain oversight of these new network ecosystems will
organizations rely on trust – and in the digital world, innovative technologies
can be misused to erode that trust and digitally naive employees can be
exploited, endangering the relationships between organizations and their key
The executive team sitting at the top of an organization has
the clearest, broadest view. A serious, shared commitment to common values and
strategies is at the heart of a good working relationship between the C-suite
and the board. Without sincere, ongoing collaboration, complex challenges like
cyber security will be unmanageable. Covering all the bases—defense, risk
management, prevention, detection, remediation, and incident response—is better
achieved when leaders contribute from their expertise and use their unique
vantage point to help set priorities and keep security efforts aligned with
Today, the stakes are higher than ever before. High level
corporate secrets and critical infrastructure are constantly under attack and
organizations need to be aware of the emerging threats that have shifted in the
past year, as well as those that they should prepare for in the coming year.
Incidents will happen as it is impossible to avoid every breach. But you can
commit to building a mature, realistic, broad-based, collaborative approach to
cyber security and resilience. Maturing your organization’s ability to detect
intrusions quickly and respond expeditiously will be of the highest importance.
When digital and physical worlds collide, only
organizations that take decisive action will thrive.
About the AuthorSteve Durbin is
Managing Director of the Information Security Forum (ISF).