Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Thycotic’s Cyber Security Predictions and Trends for 2020

Written by Joseph Carson

December 12th, 2019

Which cyber security predictions or trends do you think will become reality?

2019 has been an exciting and interesting year for those of us with an interest in cyber security.  The topic is top of mind for governments and business leaders around the world as they wrestle with the ever-evolving challenge of reducing cyber-attack risks.

It’s become more apparent to us how AI (Artificial Intelligence), Machine Learning and Blockchain impact the industry and concerns have been raised around the potential weaponizing of some of these technologies. In fact, some experts are raising alarms; if we do not embrace these technologies with responsibility we could  face catastrophic events. Governments have  put together working groups to create strategies on acceptable use, limitations and innovative ways to apply AI within their countries.

Thycotic participated as a special subject matter delegate at the Tallinn Digital Summit, focusing on the present and future of AI. The conference brought together political leaders, policy innovators, thought-leaders and entrepreneurs, and the tech-community highlighted the most impactful matters of digital transformation and tackled questions about the implications on economies, societies and governments. Events like this help shape future policies related to disruptive technologies.

Joseph Carson
Thycotic’s Joseph Carson – Panelist on Law Enforcement use of AI and Building Trust

Based on Thycotic’s continuous research in 2019 and its participation in many global events, here are my cyber security predictions for 2020 and beyond.

#1 Prediction: Deepfakes will take Identity Theft to a new level

In the past cyber-criminals stole users’ credentials and passwords, but now deepfakes enable them to steal digital identities too: your digital face and your voice. This means that when you’re speaking to someone online you have no guarantee that it is the actual person you think it is.  Deepfakes are changing the cyber security landscape and we must innovate to reduce the risks that come with them.  In 2020 Digital Identity Theft may result in the complete takeover of your digital persona, not just your online accounts.

#2 Prediction: We’ll move beyond Zero Trust into Building Trust, with PAM still a CISO priority

Zero Trust has trended in cyber security for the past few years, but in 2020 we will move beyond Zero Trust. Zero Trust on its own is not a strategy but a step in the process of establishing trust within an ever-changing business network. Risk Frameworks and Trust Models will become the new focus, with Zero Trust merely a starting point to building trust. It will be the baseline while Risk Frameworks and Trust Models will define how businesses reduce their risk from cyber-attacks and determine which security controls they must prioritize.

This is why, for the second year in a row, Gartner named Privileged Access Management as the project every CISO must prioritize, and I predict that PAM will be a top CISO project again in 2020.

Related Reading: Can PAM Coexist with the Zero Trust Security Model?

#3 Prediction: Biometrics will not be used for Security but more as an Identifier

The future of biometric data will become a digital and physical verification identifier and will be used less for security purposes. It is important to note that identifier and security are not the same. In reality, what biometrics replace is the username or email address but not passwords. Many people assume that biometrics are a security control. But with data breaches being rampant in 2019, and with it becoming clear that biometrics alone are not an effective replacement for a combination username/password, biometrics will be used as an identifier combined with another security control such as a PIN, Multi-factor Authentication or Privileged Access Security.

#4 Prediction: Privileged Access will become critical to securing IoT 

I think we sometimes like trends and buzzwords too much. We tend to hype certain things when they’re new and interesting. For example, the Internet of Things—but it’s nothing new. It’s something that’s been around ever since computers got connected together.

What has changed are the type of functions of the devices that get connected; the tasks they carry out. Whereas in the past it was computers that had the ability to be programmed or changed to carry different functions—whether it be a web application or some type of financial application—today’s devices and hardware are carrying out more specific functions. More targeted, simple tasks.

Don’t look at an IoT device as an IoT device. Look at what its function is. Look at its role in the network

We tend to view IoT the wrong way from a security perspective too. We perceive these devices as being vulnerable and very high risk. But in fact, most IoT devices are very low risk. What we need to understand is this: don’t look at an IoT device as an IoT device. Look at what its function is. Is it a data processor? Is it a data collector? Is it a data correlator? Look at its actual role in the network from a security perspective. Could it potentially attack the network? Is it something that could have data poisoning, or can the data that it’s generating be manipulated? Is it providing an access point for an attacker to gain access to the network?

This is why both Privileged Access Management and Encryption will become a priority for protecting and securing IoT devices in 2020.

#5 Prediction: The 6th Day will move closer to becoming reality

Biometric deepfakes combined with DNA paint a picture of a scary future that is not too far from reality.

It’s a future where I can imagine the movie “The 6th Day” becoming a reality—your  biometric data combines with your DNA to allow companies to start creating clones of you without your consent or knowledge.  Would you be ok with that? Because this reality starts with your biometric data.  Think twice about how much of your digital footprint you want to make available publicly. Is your biometric data available along with your digital online footprint of videos and pictures? Have you given up your DNA to find your long-lost family or to discover where your ancestral origins are? Then you might find you’re closer to having a digital clone. Perhaps they will work for you and make you a second income, or maybe they will replace you entirely!

6th Day

Some of these predictions are almost a reality while others may still be off in the future. Which ones do you think will come true in 2020?

Feel free to leave your comments or your predictions, or expand on mine.