Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 18

Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation

3

Share

Download to read offline

This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.

What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?

The webinar covers:

• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide

Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E


Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation

  1. 1. Agenda • Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback • Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020 • CISO project priorities from Washington State and the State of Illinois • Panel discussion of privacy actions and CCPA implementation nationwide • Q/A from the live audience
  2. 2. 3 2018 Predictions – Code Word: Privacy
  3. 3. Top Cyber Threats 2019 4 ALMOST EVERYONE AGREES… • More big data breaches coming • Bad actors are still in the lead – by a substantial margin • IoT is bringing (not so smart) security needs to ‘smart everything’ • Explosion of data collection – much wider surface • More infrastructure vulnerabilities will cause outages • Very few Cyber 9/11 or Cyber Pearl Harbor ‘dire’ predictions Govtech.com lohrmann on cybersecirity
  4. 4. 5 SOME DISAGREEMENTS… • Will Artificial Intelligence (AI) really help this year in cyber? • Biggest threats cloud v mobile v critical infrastructure • Sectors to be hardest hit (is it hospitals’ turn?) • What do we even name predictions, trends, forecasts, threats? Top Cyber Threats 2019
  5. 5. Year End Recap Affects New Year Predictions 2020 INDUSTRY TRENDS 2020: - Following year often extends current activity example ransomware predictions for 2020 - Cloud – Mobile – AI – Drones – IoT - Autonomous and Other Tech Always Surface – Tip: Watch Source Link - DeepFakes & Election 2020 Top New Items - Everyone Says More Huge Data Breaches - Bad Actors Still Way Out Front - Many Predict Criminal Use of New Tech Will Drive Necessary Cyber Tool Upgrades (That is: Need AI to Fight AI – or growing cyber arms race with more players)
  6. 6. 7 Where Next? 2020 and Beyond
  7. 7. 8 #1 - Trend Micro Predictions Highlights: Complex (these are only small excerpts):  Attackers will outpace incomplete and hurried patches.  Cybercriminals will turn to blockchain platforms for their transactions in the underground.  Banking systems will be in the crosshairs with open banking and ATM malware.  Deepfakes will be the next frontier for enterprise fraud. Exposed:  Cybercriminals will home in on IoT devices for espionage and extortion.  Critical infrastructures will be plagued by more attacks and production downtimes. Misconfigured:  Vulnerabilities in container components will be top security concerns for DevOps teams.  Serverless platforms will introduce an attack surface for misconfiguration and vulnerable codes.  User misconfigurations and unsecure third-party involvement will compound risks in cloud platforms. Defensible:  Predictive and behavioral detection will be crucial against persistent and fileless threats.  Threat intelligence will need to be augmented with security analytics expertise for protection across security layers. Example on deepfakes: “News of cybercriminals using an AI-generated voice in social engineering surfaced in 2019. An energy company was reportedly defrauded of US$243,000 by scammers who used AI to mimic the voice of the firm’s CEO. More attempts will exploit the technology, using deepfakes of decision-makers to deceive an employee into transferring funds or making critical decisions.” https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020
  8. 8. 9 #2 - FireEye Predictions Highlights: - Big Picture – We are all targets. (If you work with a high value target, you are also a high-value target.) - Ransomware Tactics Evolving - In 2020, defenders need to be looking out for new techniques involving ransomware. What we’ve been seeing in the underground is threat actors advertising their access to organizations, no matter what industry, and trying to find partners who have ransomware that they can deploy deep in those networks in a very customized fashion. …. Steven Booth the FireEye CSO leads with: “Proof of Compliance” - In 2020 there will be a broadening push on providers to offer more proof of compliance to industry regulations and customer requirements, with clear ways for their customers to validate that vendors are doing what they say they are doing. Overall, the FireEye's prediction report addresses these topics: - How increasing use of the cloud continues to change security - The skills gap and thinking outside the box when it comes to staffing - Threats such as ransomware and weak spots such as supply chain - Cyber activity during the upcoming U.S. elections https://www.fireeye.com/current-threats/annual-threat-report/cyber-security-predictions.html - How organizations and vendors need to start thinking about security - The emerging role of the general counsel - The continued evolution of information operations - Geopolitics as a driver of cyber activity - Increasingly sophisticated cyber criminal operations
  9. 9. 10 #3 – WatchGuard Technologies Predictions Highlights: Here are WatchGuard’s main predictions:  Ransomware Targets the Cloud  GDPR Comes to the USA  Voter Registration Systems Targeted During 2020 Elections  The CyberSecurity Skills Gap Widens  During 2020, 25% of All Breaches Will Happen Outside the Perimeter  Attackers Will Find New Vulnerabilities in 5G / WiFi Handover  Multi-Factor Authentication (MFA) Will Become Standard For Midsized Companies https://www.watchguard.com/wgrd-resource-center/predictions-2020
  10. 10. 11 2020 Security Prediction Awards  Top Security Industry Predictions Report - The New Norm: Trend Micro Security Predictions for 2020 - Trend Micro (for third year in a row.)  Individual Prediction that is Most Unique, Different and Insightful – “The unknown is the biggest cyber threat businesses will face.” Bugcrowd  Individual Prediction that is Most Creative — “Deepfakes-As- A-Service emerges.” ForcePoint  Individual Prediction that is Newest & Specific (2 Tie)— “False flag attacks reach a whole new level. Explanation: This will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools or administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert authorship to someone else.” Kaspersky Also – “REAL ID will cause real chaos: As the October 2020 deadline looms, REAL ID will catch several states off guard.” Varonis
  11. 11. 12 2020 Security Prediction Awards  Individual Prediction that is Most Scary (yet practical) — “Hackers will find new low-hanging fruit in the cloud. The most advanced (and potentially devastating) cloud attacks will occur at machine speed in 2020.” Splunk  Individual Prediction that is Most Common and Likely — (3 Tie) – More Targeted Ransomware & Deepfakes cause (myriad) problems & various election hacks and misinformation campaigns will emerge (Numerous)  Topic of Most Disagreement Among Security Companies — Cloud –vs- mobile threats will take the lead – multiple companies on both sides. (Numerous – but more say cloud over mobile malware)  Best Overall Advice in Predictions Report — “We are all targets. If you work with a high value target, you are also a high-value target.” FireEye
  12. 12. 13 • Protect State of Illinois Information and Systems • Reduce Cyber Risk • Increase Cybersecurity Capabilities • Enterprise Approach to Cybersecurity • A Cyber Secure Illinois Illinois Cyber Projects Adam Ford - CISO
  13. 13. 14 • Establish contextual risk analysis practices • Improve vulnerability management capabilities • Education • Enable security champions • Governance Washington State Cyber Projects Vinod Brahmapuram - CISO
  14. 14. 15 Question for CISOs: • What is your state doing on CCPA? • What else is happening on privacy? Privacy and the California Consumer Privacy Act (CCPA)
  15. 15. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso- iec-27032 www.pecb.com/events
  16. 16. THANK YOU ? dlohrmann@securitymentor.com linkedin.com/in/vinod-brahmapuram vinod.brahmapuram@ocs.wa.gov Adam.Ford@Illinois.gov linkedin.com/in/danlohrmann linkedin.com/in/adam-r-ford

Editor's Notes


  • The PECB Store is PECB’s new business line that has officially launched on October 3, 2019.

    We invite you to take a look at this new e-commerce platform and its products by clicking this link: https://store.pecb.com

    Some of the products that you will find available on the PECB Store are ISO and/or IEC standards, which will be sold at a very convenient price. You can also purchase ISO 27032: 2012 for only USD 152 .

    If you have any further questions regarding the PECB Store please contact us at store@pecb.com.
  • ×