CIO Axis talked to Murali Urs, Country Manager – India, Barracuda Networks to know the technologies and trends that will drive cybersecurity in 2020.
Tell us about the technologies that will have the greatest impact in 2020?
Murali Urs: Data is both boon and a bane; as more and more customers leverage public cloud, human error will continue to be the primary source of breaches. next year we are going to see the regulatory environment having a lot of impact on data governance.
There are a lot of new technologies out there that are both beneficial and detrimental to us. For example, artificial intelligence. It’s something we use to improve efficiency, but now people are using it to power deep fakes and other technologies that make cyber-attacks more convincing and even using them to impersonate political figures. That’s manipulation, because as humans we’re computing based on the images we see, the voices we hear, and the text we read. In the next 12 months, we’re going to see a barrage of technology like this that shifts from being cool new tech to super bad weapons. I think social media should be responsible for some of the defensive mechanisms to prevent this from happening. We will also need to build a new cyber work force to help us defend ourselves from these kinds of attacks.
Highly targeted attacks, conversation high jacking and deep fakes of peoples voices will proliferate as mechanisms for business email compromise attacks, making these highly targeted threats even more convincing, and ultimately more costly. Recent Barracuda research showed that BEC makes up only 7 percent of spear-phishing attacks, but the price for successful attacks can be steep. According to the FBI, businesses have lost $26 billion in the past four years due to BEC attacks, and with new tactics like this, I expect to see that number grow even faster.
What top trends will impact the business landscape next year?
Murali Urs : In 2020, cybercriminals will follow the money and pursue industries where the payout is the biggest. Trends in email security show that cybercriminals are finding new ways to make money that they did before, opting for account takeover and business email compromise attacks, which allow them to make money by tricking end-users into making payments rather than trying to seeing stolen information. The exception will be state-sponsored attacks, which will target industries with valuable intellectual property, such as aerospace, defense, technology, manufacturing and pharmaceuticals, and industries where they can cause disruption, such as utilities and transportation.
Email and internet-facing applications will continue to be the top threat vectors. Unfortunately, many organizations still have inadequate protections in place. Email threats evolve quickly as attackers find new ways to evade traditional email security solutions, so organizations will need to turn to more advanced protection that can keep up with changing tactics. Web application security is often overlooked because most organizations don’t have the resources or skills needed to manage the solutions properly. In addition many customers presume their hosting service supplies this protection when they may cover some but not all their requirements.
Finally, as more and more customers leverage public cloud infrastructure and solutions, human error will continue to be the primary source of breaches, leading to misconfigurations and overlooked vulnerabilities.