Cybersecurity in 2020- What to expect?
By Ashish Chhatani - Jan 06, 2020
Well, the last decade played vital role in Cybersecurity. The events like wanna cry, spectre, meltdown, dirty cow and many more were proved as an eye opener for the organisations which took cyber security lightly. So many data breaches and hacks took place and badly impacted the organisations revenue as well as respect. These so called hacks led and opened the door for complicates like GDPR, FedRamp, SOC2, PCI DSS to make sure the standards are in place to protect the data very well-be it organisational or customers’.
The other huge transformation was Cloud computing. With the likes of AWS, Azure, GCP-the cloud has become one stop solution to store the significant amount of data and increase the efficiency along with scalability. Any new emerging tech comes with its own pros and cons. Cloud was no different. FedRamp was introduced specifically for the organisations dealing with cloud data. As the cloud computing saw the incredible rise, hackers were no behind to penetrate and breach it. So, these were some of the major highlights of the last decade. Let’s talk about what can we expect from the first year of this decade.
Security will head towards more transparency- Cloud Security being the Critical one!
As mentioned earlier, Cloud has become the adopted tech loved by everyone, it will continue its dominance in this year as well be it legacy colocation tools or deployment tools. The services will keep continuing migration to clouds for better management of data. Due to this, new horizon of security will emerge. The focus will be more on Identity and Access Management, monitoring, advance threat detection using proactive scanning in order to support effective management and transformation of services.
The cloud security is absolutely necessary and there are several reasons of it. The cloud computing is going to be the key factor of organisations’ driving force. The public cloud service market estimation is expected to be around $250B by the end of this year. The DevSecOps is already on the verge of evolution but sadly as per the reports-most of the organisations have failed to incorporate CI/CD into their application security pipeline. So the ballon of DevSecOps will still fly high but at the ground level the first ask is to complete the CI/CD integration with security in focus.
The DevOps teams need to pull up the sleeves and do this thing at the earliest. On-prem security processes don’t suit the cloud, but legacy thinking will continue to be transferred to the cloud in 2020, creating critical cybersecurity problems for organisations. Cloud customers need to be aware and more cautious with the threats that are on their way. All the threat detection, prevention and response mechanism needs to be in place to assure there are no adverse impacts and unwanted series of events.
Finance, Healthcare and Government sectors will remain favourites for the hacker
As per the reports and past trends, last decade the healthcare sector witnessed the most data breaches- 2546 data breaches which exposed ~190M records. That’s huge! Isn’t that? Finance and Government sector is no far behind. They were also the prime victims of the data breaches. Who does not know the famous Atlanta incident that had 1500-200 security vulnerabilities in the city systems. An absolute bizarre!
API security in focus
If there was something which grew exponentially in the last decade- it was APIs. APIs played a role of game changer in scrapping the traditional mindset of building apps with waterfall approach and single way. The rise of micro service architecture was all thanks to APIs where the dev teams can build the application blocks separately and interconnect them using APIs. The consumption of APIs and its market is just mind boggling. SOAP, Swagger and thousands of more APIs made developers lives easy. But at the same time, the hackers don’t stop chasing them as well. They are always there to leverage it at the best possible way. The recently exposed Starbucks API incident is just a small one but APIs are on hackers’ radar without any doubt. Lately, OWASP Top 10 was released specifically for APIs. That shows the APIs are being and going to be the target. So implementation of best policies and standards for APIs will be on point for the companies to keep the hackers at the bay.
Crypto will spread its wings- be it crypto currency or the crimes associated to it
The latest report suggested that the crypto market has reached $253M. This clearly speaks that the crypto crimewave is going to take place and that is inevitable. The crypto mining and the demands of ransom will come into light as the year will progress. The organisations need to form the teams and create the plans to tackle the unwanted events like these. Though this will eat up some budget but its good for the own sake. There were organisations which didn’t even know they were the victims of Crypto crimes. This shows the lack of programs, policies, skills and more importantly awareness of it. So it's high time and there’s already a red flag about crypto crimes.
More compliances can be introduced
With the growing techs, it was need of an hour to tackle the challenges associated with it. The data breaches were always in limelight for entire decade be it Facebook- Cambridge Analytica fiasco or Sony pictures hack. Every now and then-it was customer who was getting impacted by the mistakes of the big tech giants. The confidential information of the customers were exposed so many times and in huge numbers carelessly. This is where the compliances came into the picture. There were already some compliances introduced but GDPR changed the game. GDPR gained the headlines and became the most popular of many compliances with provision of protecting the data of customers and getting consent of the them. It was introduced in 2016 and since then companies have been more cautious about handling the customer records. The fines are so big that the organisations are left with no option but to obey and respect it. There will be no surprise if any new compliance like GDPR gets introduced by the various governments amidst the USA-Iran war diary. If the countries are at war, cyber attacks have become the strongest weapons to use.