2020 Predictions for Cybersecurity Management, Threats and Risk Management

This is our first annual roundup of expert predictions for the coming year. Here’s what leading industry figures have to say about cybersecurity management, threats and risk management trends coming in 2020.


  • Knowledge Graphs and other mechanisms for representing cybersecurity data ontology will become prevalent. Effective cyber risk analysis requires a solid understanding of the underlying data infrastructure. By accurately representing the flow of information and risk through business and IT, we can begin to understand and control how they impact each other. In real time, such an ontology models an organization’s infrastructure and applications, delineates the interconnects between assets and business services, and develops knowledge of overall cyber risk. Knowledge Graphs (popularized as the underlying data infrastructure behind Google Search and since adopted by Facebook and LinkedIn) are able to process, analyze, and organize large volumes of diverse, interconnected information quickly and efficiently. A Knowledge Graph for cybersecurity evolves as new technologies become part of the enterprise IT infrastructure, and as new cybersecurity tools and services emerge to monitor and protect these advancements. These and similar modern and intelligent data structures will become popular in 2020 as organizations strive to create accurate representations of their complex technology environments. – Syed Abdur, Director of Products at Brinqa


  • Businesses will take steps to protect themselves against the inevitable. Over the past few years, businesses have started to take a more proactive approach when it comes to cybersecurity. However, there is still more that can be done and 2020 will be a key year for this adjustment.  In 2020, the majority of businesses will accept an uncomfortable reality – a security breach is inevitable. This is not security fatalism, but security realism. The perimeter is gone. CEOs, CIOs and CISOs must embrace that bad actors are already inside the firewall and adopt proven technology that detects suspicious activity quickly enough to respond before a breach becomes a crisis. Businesses must also embrace solutions that provide security without compromising privacy. – Anthony Di Bello, Vice President, Strategic Development, OpenText


  • Uncommon attack techniques will emerge in common software – especially Steganography – Josh Lemos, VP of Research & Intelligenceat BlackBerry Cylance


  • “The cybersecurity world will see ever-increasing sophistication in attacks. There will be a significant uplift in malicious acts which utilize source code and exploits that have been developed by commercial companies and governments and leaked.  – ThetaRay CEO Mark Gazit


  • From “Buzzword” to Mainstream Adoption: Making the Case for Zero Trust – In 2020, we will move beyond the buzzword and see clearer definitions of what zero trust really means for enterprises and individuals. What is currently missing is a zero trust reference architecture — to assume everything is bad — and I foresee truer definitions coming to fruition for deploying something meaningful. With the perimeter dissolving and people working from multiple environments, zero trust will move more into the mainstream as everyone begins to buy into the vision. – Kowsik Guruswamy, CTO at Menlo Security


  • We will see more and more sophisticated attacks perpetrated by a larger number of threat actors. These attacks may leverage side-channel attack techniques (similar to Spectre, Meltdown and the slew of other discovered vulnerabilities that are so hard to address purely through software fixes), attacks living in firmware and others going beyond a traditional file-based or even living-off-the-land (aka fileless) malware. – Nir Gaist, Founder and CTO of Nyotron


  • Disruptionware: In 2020, disruptionware will increasinglyintersect with connected systems and rogue devices in building automation and other OT systems. These disruptionware attacks include ransomware, but also reach more broadly to include disk-wiping malware and similarly disruptive malicious code. In recent research, Forescout noted the rise of disruptionware across the industry, particularly manufacturing that relies heavily on OT technology. These attacks are incredibly impactful on a business. Companies affected by LockerGoga in 2019 – including U.S. chemical companies Hexion and Momentive – were forced to replace entire systems infected with the malware. Other companies hit by the NotPetya ransomware, including Spanish food distributor Mondelez and Danish shipping firm Maersk, estimated their losses to be $100 million and $300 million from the attacks, respectively.   We expect to see many more of these attacks in 2020. We also believe there will be at least one big attack on a major energy or manufacturing company that will severely disrupt the company’s operations. This event will serve as yet another wake-up call to CISOs to reconsider the IT/OT convergence inside their own companies, evaluating technologies like network segmentation, which will allow them to protect these systems. It will also serve as a wakeup call to federal and state regulators, who will put more pressure on power, manufacturing and healthcare sectors with more robust regulation. – Rob McNutt, CTO at Forescout


  • Hybrid attacks with multi-stage payloads will escalate. A multi-stage attack allows for an attacker to infiltrate a network in the most efficient and effective way possible. – Malwarebytes Labs


  • Exploit kit activity will be at the highest it’s been since the post-Angler era. We will see a surge of exploits (and zero-days) for Chrome and Chromium-based browsers. – Malwarebytes Labs


  • The Radicalized Insider.We have only begun to see the impact insiders can have on organizations as well as national and global security. While Snowden and Manning exfiltrated data for the purposes of shining a light on what they perceived to be unethical conduct, even more dangerous insiders focus on exfiltrating data to foreign governments and terrorist organizations. Cyber theft leading to the exploitation of national security is one of the top threats in 2020. – Anthony Di Bello, Vice President, Strategic Development, OpenText


  • As cyber-maturity grows alongside our understanding of the problems we face, the nature of what is viewed as a “top threat” has changed.In the past we might have viewed top threats from the perspective of targets or tactics. Think “IoT malware” or “Ransomware”. These might be top threats to specific industries, like manufacturing or healthcare, but do not speak more broadly to our digital infrastructure or the concept of trust in our systems and institutions. These higher-order threats will be the top challenges of 2020. The biggest threats we face in 2020 aren’t specific types or categories of malware or attacks but are the higher order campaigns that lead to the access for bad actors to then leverage malware (or just a hijacked account) to do their dirty work. – Anthony Di Bello, Vice President, Strategic Development, OpenText


  • New Year, New Threats. As companies continue to invest in new technology, we will see the introduction of new and advanced tactics, techniques, and procedures from malicious third-parties that seek to either exfiltrate critical customer, company, and partner data or even interrupt or disable business operations. Companies often make the costly assumption that they will be safe from threats just by investing in additional security tools for every new technology or service that they adopt. This piecemeal approach to security is both extremely expensive and inefficient. In fact, since we don’t know what the most pertinent threats will be in a year from now, the best approach is for companies to invest in holistic security solutions that can evolve and scale with a company over time. – Chris DeRamus, CTO and co-founder, DivvyCloud


  • Vulnerability management will go beyond networks and applications to cover cloud, containers, IoT, operational technology (OT), and mobile infrastructure. While most organizations have well defined processes for responding to vulnerabilities, findings, security alerts, and weaknesses in their network and software infrastructure, these practices often don’t extend to newer enterprise IT components like cloud, containers, mobile, OT, and IoT. This can happen for various reasons. InfoSec policy making is a time-intensive process and for many organizations the development and deployment of cybersecurity controls, policies, and processes for newer technologies has significantly lagged behind their adoption rates. In addition, inventory, discovery, management, assessment and monitoring practices and tools for these assets are different from those for traditional infrastructure and are often owned by teams not fully integrated in the InfoSec ecosystem. Cyber Risk Management 2.0 puts an emphasis on breaking down information and process silos within an organization to create a standardized and unified knowledge source. In 2020, this will help organizations implement vulnerability management consistently and effectively across the entire IT infrastructure. – Syed Abdur, Director of Products at Brinqa


  • Cyber Risk Management 2.0 will push automation and orchestration capabilities to new heights of cybersecurity effectiveness and efficiency. Cybersecurity organizations may struggle for a variety of reasons – disconnected teams and stakeholders, limited resources, data overload, and lack of ownership. Automation and orchestration can help overcome many of these challenges. Cyber Risk Management relies heavily on these capabilities to achieve risk analysis, prioritization, remediation, and reporting at scale and in real-time. This includes the collection of information from external sources, data correlation and normalization, execution of analysis algorithms, creation of tickets, deployment of patches, and delivery of metrics and reports to stakeholders. In 2020, organizations will utilize the automation and orchestration capabilities enabled by Cyber Risk Management 2.0 to realize improvements in effectiveness, efficiency, and security posture. – Syed Abdur, Director of Products at Brinqa


  • The accepted definition of a vulnerability will broaden. Typically associated with flaws in software that must be patched, infosec leaders will redefine the term to anything that is open to attack or damage. The impact will be systematic processes, similar to those commonly applied to patching, extended to weak or shared passwords, phishing and social engineering, risk of physical theft, third party vendor risk, and more. – Gaurav Banga, CEO and founder, Balbix


  • Threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more. One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared. – Anurag Kahol, CTO and co-founder, Bitglass

Photo by Markus Spiske temporausch.com from Pexels