Making cybersecurity predictions is fun, but not necessarily helpful to security professionals who must decide which threats for which they should be the most prepared. “You can’t really make a good prediction about what the future’s going to hold because it’s always the stuff that comes out of left field that really becomes the problem,” says Chad Seaman, senior engineer on Akamai’s security intelligence response team.
If your biggest threat for 2020 is something new and unpredictable, how can you best focus your efforts in the coming year? Start by looking at how this year’s biggest threats are likely to change in 2020 in terms of scale and tactics.
CSO has reviewed the leading research on the most common, significant threats of 2019 and asked those researchers for their advice on where those threats will trend and how organizations might adjust their defenses against them in 2020. Here’s what we learned.
Malware infections of devices
Protecting endpoints has continued to be a battle for organizations. About half of all organizations suffered a malware infection on company-owned devices in 2019, according to Kaspersky’s IT Security Economics in 2019 report. Half also saw malware infections on employee-owned devices.
For the enterprise, malware infections on company devices was the most expensive incident cited on the Kaspersky report with an average cost per incident of $2.73 million. That number was significantly less for SMBs at $117,000.
What to expect in 2020: Dmitry Galov, security researcher at Kaspersky, sees the risk from employee-owned devices increasing in 2020. He sees a greater willingness for companies to allow employees to use their own devices to cut costs, enable remote work, and increase employee satisfaction. As a result, attackers will target personal devices as a way to bypass corporate defenses. “By default, users’ personal devices tend to be less protected than corporate devices as the average users seldom apply additional measures to protect their phones and computers from potential threats,” he says. “As long as this trend continues, company and employee-owned device infections will arise. This vector of attack remains attractive because the attacker no longer needs to target corporate accounts (for instance, with phishing emails sent to corporate mail).“