Security trends in 2020 will be driven by how innovative and lucrative the cybercrime industry is becoming. This is especially critical if you’re a founder or senior executive of a small business or startup. We’re not suggesting you should pivot your company in that direction — however, we do recommend that you stay aware of that major security trend throughout 2020.
A growing cybercrime industry will increasingly target small to medium businesses and startups as both targets offer opportunity and lower defenses. More small businesses and startups will be forced to carve out a budget for security, while large enterprises increase the size of their security budgets and teams.
With that context in mind, these are our top 5 security trends for 2020.
SMBs continue to be a prime target for criminal hackers attacking the supply chain of large businesses. This trend is going to be no less accurate for our predicted security trends of 2020.
A supply chain attack is really about criminal hackers exploiting the trust relationship between a supplier or vendor and an enterprise customer. Supply chain attacks often include activities such as social engineering operations and phishing campaigns.
These supply chain attacks will prove one of the most effective methods for establishing a foothold for targeting large enterprises. These criminal entities realize that due to their size and resources, SMBs and startups often do not have the resources to allocate a substantial number of resources and personnel on security initiatives. In addition, they often find security to be too daunting of a task at their size, or that they don’t know where to start.
SMBs, to some degree or another, are nearly always part of the supply chain in the industries that would be the target for Climate Crisis Hacktivism as well (more on that trend below), resulting in them being a target themselves. It is best practice to have a deep understanding of your security and privacy commitments to your enterprise customers. You want to know what their expectations are of you currently and moving forward.
It’s best to have security professionals review your vendor security questionnaires and any due diligence requirements coming from your enterprise customers. Have them help you come up with an action plan to ensure you aren’t missing some critical pieces to your security and privacy programs.
We are moving into another year of businesses and their workspaces increasingly using data-driven building automation technology and “Smart Office” technology. Our work is more connected, more productive, and more creative. Business trends show us using building automation systems and Smart Office technology to lower costs, lower energy consumption, and lower the number of menial tasks that humans have. We can focus on more complex, creative tasks now (what humans do better than machines).
However, that means your entire office could get pwned.
The IoT and OT devices used in building automation systems and smart office technology sometimes tend to overlook security. Criminal hackers consistently find new and innovative methods of stealing information. Security researchers have even discovered a method of remotely exploiting embedded devices that don’t connect to the internet to bug offices.
As building developers see the cost savings to automating many of the operations of the building, most new developments are coming with a slew of building automation systems. These control everything from HVAC and plumbing to elevators and security systems. Businesses are also seeing the productivity and brand cultivation benefits of having trendy Smart Offices where you can book conference rooms or change the HVAC settings through an app.
This security trend is not going away. The Smart Office market is expected to see revenues of $46.11 billion USD by 2023. For that reason, it should be on everyone’s list, nearly every year moving forward.
SMBs and startups should consider and identify the risks relating to their workspace, how they use Smart Office technology, and building automation systems in the offices they occupy.
Although research from the University of California, San Diego suggests that while there are many hacker-for-hire services advertised as available on the dark web today, most are fake or fraudulent. But we expect that with advances in malware-as-a-service (another trend that made our list) and the ability to evade consequences, they will be more and more incentivized to recruit criminal hackers with growing ease and accessibility.
This could mean a surge of skilled cybercriminals, offered much like consultants, as an upsell to MaaS subscriptions. There will likely be a demand to accompany the supply because the entities orchestrating cybercrime operations will see its value on the likelihood that they succeed in their goal.
This comparison may reflect what we have seen in recent years with many SaaS and software companies offering consultants or contractors. Hired help improves success throughout the lifecycle from onboarding of the product to the implementation and utilization of the product.
Hacktivism throughout the years has reflected itself in the significant issues of the time. While reports from IBM show that “hacktivism” from so-called activist hackers has decreased 95 percent since 2015, we expect this security trend to shift as the widespread public concern of a global Climate Crisis increases.
This Climate Crisis has definitely been at the forefront of media coverage in 2019. We foresee there to follow a surge and increase in hacktivism targeting industries that appear (or could be assumed) to have a significant carbon footprint such as mining, petrochemical, and nonrenewable energy industries. Many of the companies operating in these industries would have their crucial infrastructure as a target, including ICS/SCADA systems, which are essential to how nonrenewable energy sources are extracted, refined, transported, and sold to the customer.
As this brand of hacktivism grows, we anticipate a flux of opportunists looking to profit from this brand of hacktivism as well. These opportunists may come in the form of malware-as-a-service or MaaS providers, digital mercenaries, and more organized criminal elements trying to stake their claim in the cybercrime industry.
This anticipated trend may see some fallout to SMBs and startups attempting to break into prospective enterprise customers, as the requirements around due diligence may require additional considerations. We also see the capability of SMBs and startups to identify and treat their risks so they can “get ahead of the eight ball” in 2020.
As a potential Climate Crisis Hacktivism trend rises, we may see along with it, a large scale increase of production, sale, and use of malware-as-a-service on the dark web. As well as increased innovation to fill the demand, ongoing maintenance, and overall malware lifecycle.
The more this security trend proves to be lucrative, the more we’ll see these MaaS providers expand operations and find new and ingenious ways of evading consequences. As this MaaS revolution achieves increased success and scale, just as in legitimate business, there will be an influx of proverbial “panhandlers.” In the same way we saw in the gold rush, opportunists will attempt to pan out their pot of gold in the cybercrime klondike.
This MaaS innovation and explosion could, unfortunately, mean that acquiring and leveraging tools to commit cybercrime will become more accessible than ever. SMBs and startups could become more so the targets of opportunity for cybercriminals. I would recommend SMBs and startups begin leveraging approachable and powerful security frameworks such as the Center for Internet Security’s CIS Controls to harden their security.
With these security trends expected to target SMBs and startups in 2020, you will not be alone in the fight. We anticipate that cybercrime task forces at the local, state and federal levels will grow in resources and prevalence to combat these trends. We also expect consulting firms and vendors to offer products and services at a competitive price point to better serve you.
Increasing availability for innovative products and services to companies like yours will be an essential piece of the puzzle in resisting the cybercrime industry as a society.
A final note: If you’re working on improving information security at your company, we have tons of resources available here on our blog, video pages, and YouTube channel. If you don’t know where to start with improving security at your business, we always recommend updating your information security policies. Also, you can use our free app to automatically generate custom policies for your business and much more.