Increasing cyber threats will force organisations to embrace cloud security in 2020

Threat assessment  >  Differentiating elements / good vs. bad / angel vs. devil amid abstract data.
Serazetdinov / Violka08 / Getty Images

For most organisations, cloud computing offers better security than they could have ever imagined having on premise. With increasing cybersecurity threats and attacks more organisations will embrace cloud security in 2020 and make it part of their overall cybersecurity strategy.

In 2020 organisations will need to reassess their cloud computing cyber risks and use appropriate solutions such as Privileged Access Security. Organisations will need to create a new cybersecurity strategy or update their existing strategy when they transition to cloud computing because the old traditional security techniques are not effective to secure the cloud. Many organisations make the mistake of transitioning to the cloud using the same old traditional methods of perimeter security which do not work well in cloud models, and this could lead to serious security breaches and data loss.

Identity and access controls will become critical to secure the cloud

Due to increasing risks with cloud computing, identity and access controls will become more important and critical in 2020. A strong Privileged Access Management (PAM) solution must be put in place to limit who can make changes, as well as encryption to keep data private, and Multi-Factor Authentication (MFA) with PAM to verify authorised access.

Single Sign On (SSO) should not be considered a security control when moving to the cloud. SSO reduces friction but actually introduces a security risk when it is not combined with security controls such as MFA and PAM. Organisations may opt to use MSSP models, which typically includes skilled resources, but it is important to know the risks and reduce them where possible.

Government use of machine intelligence or AI to be put to the test

In 2020, the use of machine intelligence or AI will become an important strategy with many governments around the world using it to improve and automate many citizen services.  However, there will be unintended and potentially damaging consequences unless acceptable use and limitations of the scope of AI programs are also applied.

This will help determine the full scope on how much data should be collected, for how long and for exactly what purpose, to limit abuse of such sensitive data. For governments to be successful with AI they must also be transparent with their citizens. We must embrace AI moving forward but only with responsibility and caution.

Identity theft will take a new direction with the increased use of deep fakes

What has been concerning in 2019 is the increase in identity and credential theft, and I see this becoming much more problematic in 2020. The rapid advancement of Deep Fake technology is taking identity fraud to a whole new level of online challenges and risks. Not only are they stealing your digital online identity, but also your digital voice and digital face.

This means that cybercriminals can take digital identity theft to a new level and could have the ability to create an entire digital clone of individuals. I see this becoming a major problem area in the cyber space and even more so in political campaigns as the general public will not have the awareness to distinguish what is real from fakes. In today’s internet, data without context is becoming increasingly dangerous.

Organisations will need to adapt their security approach IoT devices

In 2019 the use and abuse of IoT devices has risen and doesn’t look to be slowing down as we go into next year. IoT devices differ from computers as they have a specific purpose and cannot be re-programmed, therefore organisations need to view and assess the risks specific to the function or task of the device in order to increase security.

Organisations, in particular the manufacturers of IoT devices, will need to adapt their security approach, both to ensure that these fast-growing endpoints are secure and to keep ahead of increasing government regulations. The new Californian and Oregon IoT legislation coming into effect in January is a step in the right direction, as is the Australian government’s new Draft Code of Practice for Securing the Internet of Things for Consumers, but more must be done. Above all, IoT security is about focusing on the risks not the device.

The human factor in cybersecurity will become more important than ever

Cyber awareness is evolving to become more human friendly. We are now seeing a difference in approach to security evolving into company culture. Boards and top-level executives are now learning how to communicate accordingly on cyber security topics, meaning that security teams and their goals are becoming a lot more aligned with the business’s goals.”

About the author

Joseph Carson is the Chief Security Scientist & Advisory CISO for Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organisations worldwide. Carson has over 25 years’ experience in enterprise security, is the author of “Privileged Account Management for Dummies” and “Cybersecurity for Dummies”, and is a cyber security professional and ethical hacker. He is a cyber security advisor to several governments and the critical infrastructure, financial and transportation industries.

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?