This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation. What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)? The webinar covers: • Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback • Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020 • CISO project priorities from Washington State and the State of Illinois • Panel discussion of privacy actions and CCPA implementation nationwide Date: February 19, 2019 Recorded webinar: https://youtu.be/QN35YHEA_4E

2. Agenda
• Top security predictions for 2020 from global
security vendors – along with CISO
reactions and feedback
• Security trends (in specific areas such as
ransomware) seen at the end of 2019 and in
the first weeks of 2020
• CISO project priorities from Washington
State and the State of Illinois
• Panel discussion of privacy actions and
CCPA implementation nationwide
• Q/A from the live audience

3. 3
2018 Predictions – Code Word: Privacy

4. Top Cyber Threats 2019
4
ALMOST EVERYONE
AGREES…
• More big data breaches coming
• Bad actors are still in the lead – by a substantial margin
• IoT is bringing (not so smart) security needs to ‘smart everything’
• Explosion of data collection – much wider surface
• More infrastructure vulnerabilities will cause outages
• Very few Cyber 9/11 or Cyber Pearl Harbor ‘dire’ predictions
Govtech.com lohrmann on cybersecirity

5. 5
SOME
DISAGREEMENTS…
• Will Artificial Intelligence (AI) really help this year in cyber?
• Biggest threats cloud v mobile v critical infrastructure
• Sectors to be hardest hit (is it hospitals’ turn?)
• What do we even name predictions, trends, forecasts, threats?
Top Cyber Threats 2019

6. Year End Recap Affects New Year Predictions 2020
INDUSTRY TRENDS 2020:
- Following year often extends current
activity example ransomware predictions
for 2020
- Cloud – Mobile – AI – Drones – IoT -
Autonomous and Other Tech Always
Surface – Tip: Watch Source Link
- DeepFakes & Election 2020 Top New
Items
- Everyone Says More Huge Data Breaches
- Bad Actors Still Way Out Front
- Many Predict Criminal Use of New Tech
Will Drive Necessary Cyber Tool Upgrades
(That is: Need AI to Fight AI – or growing
cyber arms race with more players)

7. 7
Where Next? 2020 and Beyond

8. 8
#1 - Trend Micro Predictions
Highlights:
Complex (these are only small excerpts):
 Attackers will outpace incomplete and hurried patches.
 Cybercriminals will turn to blockchain platforms for their transactions
in the underground.
 Banking systems will be in the crosshairs with open banking and
ATM malware.
 Deepfakes will be the next frontier for enterprise fraud.
Exposed:
 Cybercriminals will home in on IoT devices for espionage and
extortion.
 Critical infrastructures will be plagued by more attacks and
production downtimes.
Misconfigured:
 Vulnerabilities in container components will be top security concerns
for DevOps teams.
 Serverless platforms will introduce an attack surface for
misconfiguration and vulnerable codes.
 User misconfigurations and unsecure third-party involvement will
compound risks in cloud platforms.
Defensible:
 Predictive and behavioral detection will be crucial against persistent
and fileless threats.
 Threat intelligence will need to be augmented with security analytics
expertise for protection across security layers.
Example on deepfakes:
“News of cybercriminals using an AI-generated voice
in social engineering surfaced in 2019. An energy
company was reportedly defrauded of US$243,000
by scammers who used AI to mimic the voice of the
firm’s CEO. More attempts will exploit the technology,
using deepfakes of decision-makers to deceive an
employee into transferring funds or making critical
decisions.”
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020

9. 9
#2 - FireEye Predictions
Highlights:
- Big Picture – We are all targets. (If you work with a high
value target, you are also a high-value target.)
- Ransomware Tactics Evolving - In 2020, defenders need to be
looking out for new techniques involving ransomware. What
we’ve been seeing in the underground is threat actors
advertising their access to organizations, no matter what
industry, and trying to find partners who have ransomware
that they can deploy deep in those networks in a very
customized fashion. ….
Steven Booth the FireEye CSO leads with: “Proof of
Compliance” - In 2020 there will be a broadening push on
providers to offer more proof of compliance to industry
regulations and customer requirements, with clear ways for their
customers to validate that vendors are doing what they say they
are doing.
Overall, the FireEye's prediction report addresses these topics:
- How increasing use of the cloud continues to change security
- The skills gap and thinking outside the box when it comes to
staffing
- Threats such as ransomware and weak spots such as supply
chain
- Cyber activity during the upcoming U.S. elections
https://www.fireeye.com/current-threats/annual-threat-report/cyber-security-predictions.html
- How organizations and vendors need to start thinking about security
- The emerging role of the general counsel
- The continued evolution of information operations
- Geopolitics as a driver of cyber activity
- Increasingly sophisticated cyber criminal operations

10. 10
#3 – WatchGuard Technologies Predictions
Highlights:
Here are WatchGuard’s main predictions:
 Ransomware Targets the Cloud
 GDPR Comes to the USA
 Voter Registration Systems Targeted During
2020 Elections
 The CyberSecurity Skills Gap Widens
 During 2020, 25% of All Breaches Will Happen
Outside the Perimeter
 Attackers Will Find New Vulnerabilities in 5G /
WiFi Handover
 Multi-Factor Authentication (MFA) Will Become
Standard For Midsized Companies
https://www.watchguard.com/wgrd-resource-center/predictions-2020

11. 11
2020 Security Prediction Awards
 Top Security Industry Predictions Report - The New Norm:
Trend Micro Security Predictions for 2020 - Trend Micro (for
third year in a row.)
 Individual Prediction that is Most Unique, Different and
Insightful – “The unknown is the biggest cyber threat
businesses will face.” Bugcrowd
 Individual Prediction that is Most Creative — “Deepfakes-As-
A-Service emerges.” ForcePoint
 Individual Prediction that is Newest & Specific (2 Tie)—
“False flag attacks reach a whole new level. Explanation: This
will develop further, with threat actors seeking not only to avoid
attribution but also to actively lay the blame on someone else.
Commodity malware, scripts, publicly available security tools or
administrator software, mixed with a couple of false flags, where
security researchers are hungry for any small clue, might be
enough to divert authorship to someone else.” Kaspersky
Also – “REAL ID will cause real chaos: As the October 2020
deadline looms, REAL ID will catch several states off guard.”
Varonis

12. 12
2020 Security Prediction Awards
 Individual Prediction that is Most Scary (yet
practical) — “Hackers will find new low-hanging fruit in
the cloud. The most advanced (and potentially
devastating) cloud attacks will occur at machine speed in
2020.” Splunk
 Individual Prediction that is Most Common and
Likely — (3 Tie) – More Targeted Ransomware &
Deepfakes cause (myriad) problems & various election
hacks and misinformation campaigns will emerge
(Numerous)
 Topic of Most Disagreement Among Security
Companies — Cloud –vs- mobile threats will take the
lead – multiple companies on both sides. (Numerous –
but more say cloud over mobile malware)
 Best Overall Advice in Predictions Report — “We are
all targets. If you work with a high value target, you are
also a high-value target.” FireEye

13. 13
• Protect State of Illinois Information
and Systems
• Reduce Cyber Risk
• Increase Cybersecurity Capabilities
• Enterprise Approach to
Cybersecurity
• A Cyber Secure Illinois
Illinois Cyber Projects
Adam Ford - CISO

14. 14
• Establish contextual risk analysis
practices
• Improve vulnerability management
capabilities
• Education
• Enable security champions
• Governance
Washington State Cyber Projects
Vinod Brahmapuram - CISO

15. 15
Question for CISOs:
• What is your state doing on CCPA?
• What else is happening on privacy?
Privacy and the California
Consumer Privacy Act (CCPA)

16. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity
Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-
iec-27032
www.pecb.com/events

18. THANK YOU
?
dlohrmann@securitymentor.com linkedin.com/in/vinod-brahmapuram
vinod.brahmapuram@ocs.wa.gov
Adam.Ford@Illinois.gov
linkedin.com/in/danlohrmann
linkedin.com/in/adam-r-ford