The threat experts at global security leader Trend Micro all agree as the cloud and popularity of DevOps environments grow, companies will increasingly fall prey to outside threats.
This risk will be one of the primary challenges facing businesses in 2020 as they are urged to take a new approach to cloud security to minimize threats.
“Looking ahead, 2020 will see a host of attacks focussed on the supply chain. The cloud is going to be used by cybercriminals as the backdoor to get into your business,” states Indi Siriniwasa, Vice President Sub-Saharan Africa at Trend Micro. “This is all linked to a growing dependence on third-party software, open-source, and more open and fluid digital workspaces. Our threat experts believe that all of this will expose cracks in the supply chain. Which will force the hand of IT Security leaders who themselves will need to reassess their cyber risk strategy .”
Popular cloud attacks will include corporate data penetration by way of malicious code injection, including deserialization bugs, cross-site scripting, and SQL injection. Attackers will home in on the cloud provider or use a compromised third-party library to do this.
According to Siriniwasa, this is particularly relevant as developers and organizations move towards a DevOps culture where third-party code and containers are being used. The challenge here, he says, is that many container components and libraries are untrusted by nature, particularly if they aren’t from reputable sources. The adoption of a DevSecOps approach ensures that security is baked into an application while it is still being developed.
“We also see a future where fraudsters in West Africa will ramp up their scam campaigns, which have been hugely successful to date. They will target online banking and continue to place ATM malware. Our experts believe that poorly patched software will continue. It is almost as if we haven’t learnt anything from the past where this has been a huge threat to critical systems and lead to functionality breaks or failures.” says Siriniwasa.
IoT attacks are increasing and AI is going to be used to try and trick companies through AI-generated forgeries “deepfakes”. Crime-as-a-service and Blockchain platforms remain a working business model that allows for easy monetization among cybercriminals
“If we circle back to the cloud, we foresee that Managed service providers (MSPs) will be targeted in 2020. Cybercriminals will use an MSP as a means to blanket an attack and focus it on compromising multiple organizations in one go. Data residing here will be at risk, but attackers will also look to inject malware into their environments to sabotage smart factories and extort money via ransomware. Yes, ransomware isn’t going anywhere.
“Remote workers will also put a strain on security, particularly as they continue to join untrusted Wi-Fi networks and don’t respect cloud security policies. In short 2020 is going to be a tough year for security professionals, we suggest you find security solutions that don’t just plug the holes in your environment but rather look across the business from the cloud to the computer and provide your business with an overarching security solution. It would be remiss for me not to suggest, that it could be a good time to switch to Trend,” ends Siriniwasa.
To read the full report, The New Norm: Trend Micro Security Predictions for 2020, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020.