5 Emerging Cybersecurity Trends To Watch In 2020
From MSPs under siege to attackers seizing upon cloud misconfigurations, here are five emerging cybersecurity trends that solution providers need to keep an eye out for in 2020.
Living In A Dangerous World
The IT ecosystem has become more dangerous than ever as attackers spread their wings beyond phishing attacks to target everything from stolen credentials to cloud misconfigurations to the remote access tools (RATs) that MSPs rely on to carry out outsourced IT functions on their customer’s behalf.
Both the regulatory and vendor landscape have seen dramatic changes as well, with the European Union starting to enforce robust data privacy regulations in May 2018 and California set to follow suit in January 2020. Plus the overcrowded endpoint security space has started to be culled through acquisition activity, while orchestration and automation providers find more and more suitors for their services.
MSPs will need to dramatically step up their game around security in 2020 as these trusted advisors increasingly find themselves in the bulls eye of attackers. And solution providers of all stripes will need to make sure their clients are in compliance with the latest privacy regulations while avoiding obvious configuration errors when setting up storage buckets for their customers in the public cloud.
Here’s a look at five emerging cybersecurity trends that are likely to impact channel partners in 2020.
5. Orchestration And Automation Are All The Rage
Security teams are struggling to make sense of all the data generated by the proliferating number of protection tools in the IT ecosystem of most companies, and typically lack the financial resources to go hire additional SOC (Security Operations Center) analysts.
For this reason, companies are looking to synthesize the collection and analysis of disparate data as well as automate the response to issues that are more commonly identified by using SOAR (Security Orchestration, Automation and Response) tools.
The push to do more with data while using less manpower drive Palo Alto Networks’ $560 million acquisition of Demisto in February as well as FireEye’s $250 million purchase of Verodin in May. And CRN reported Oct. 22 that data analytics vendor Sumo Logic is in negotiations to purchase early-stage autonomous SOC provider JASK.
Startups that can help customers organize and understand security data from a variety of third-party sources will likely make appealing acquisition targets in 2020.
4. Endpoint Security Vendor Consolidation
The endpoint security space has gotten a little less crowded over the past year as broad technology vendors pursue endpoint protection, detection and response capabilities. BlackBerry kicked the acquisition spree off in February by scooping up Cylance for $1.4 billion. Then in June, open-source search technology company Elastic announced plans to purchase Endgame for $234 million.
Two months later, Symantec announced plans to sell its struggling Enterprise Security division to semiconductor manufacturer Broadcom for $10.7 billion. And later in August, virtualization giant VMware announced plans to acquire Carbon Black in a transaction with an enterprise value of $2.1 billion.
Late-stage endpoint security startups like Tanium, Cybereason and SentinelOne will likely approach the point in 2020 where they’ll either need to conduct an initial public offering (IPO) or get acquired by an private equity firm or larger technology company. And as McAfee’s private equity owners look to exit their investment, media reports have indicated that the company could carry out an IPO.
3. Hackers Go After Cloud Misconfigurations
Former Amazon Web Services employee Paige Thompson was charged over the summer with accessing the personal information of 106 million Capital One credit card applicants and customers as well as stealing data from more than 30 other companies. Thompson stands accused by federal prosecutors of stealing multiple terabytes of data from a variety of companies and educational institutions.
A firewall misconfiguration allegedly allowed Thompson to access folders or buckets of data in Capital One's AWS storage space, with a GitHub file containing code for three commands as well as a list of more than 700 folders or buckets of data. Those commands allowed an adversary to obtain Capital One's credentials, list or enumerate folders or buckets of data, and extract data from certain folders or buckets.
Most security experts feel that infrastructure in the cloud is most secure than what enterprises have built for themselves on premise given the amount of security personnel and resources public cloud providers have access to. But firms are still liable for securing everything on top of the infrastructure, and human errors during the configuration process can provide adversaries with an easy way in.
2. New Privacy Regulations Drive Spending
The first privacy domino fell in May 2018 when citizens and residents of the European Union obtained greater control over how their personal data is being used as part of the new General Data Protection Regulation (GDPR) rules. The new requirements are the toughest in the world, with violators subject to fines of up to 4 percent of global revenue or 20 million euros–whichever is higher–for noncompliance.
Then in January 2019, French regulators smacked Google with a $57 million fine, alleging the search giant lacked transparency and clarity around how personal information was being collected, and failed to properly obtain user consent for personalized ads. Then in May, Ireland's Data Protection Commission announced plans to examine whether Google's Ad Exchange marketplace handled user data in violation of GDPR.
And closer to home, the California Consumer Privacy Act (CCPA) will take effect on Jan. 1, 2020, and will provide California residents with the right to know whether their personal data is being collected and sold, and request the deletion (or reject the sale) of any personal information collected on them. The CCPA applies to all businesses with annual gross revenues in excess of $25 million.
1. MSPs Under Attack
Cybercriminals targeted MSPs throughout 2019 and seized upon the tools they use to manage customer IT systems as vehicles to attack those same customers.
A wakeup call came in April when Wipro acknowledged that employee accounts had been compromised in a phishing campaign, allowing adversaries to use the Indian IT outsourcing giant’s systems to launch attacks against at least a dozen of its customers. The hackers were believed to have used ConnectWise Control to connect to Wipro client systems, which were then used to obtain deeper access into Wipro customer networks.
Then in August, an on-premises version of the ConnectWise Control remote access tool was used to seed the endpoints in a devastating ransomware attack that resulted in portions of 22 Texas town and county networks being locked behind encryption keys. The Texas towns and counties hit by ransomware were all receiving products and services from Rockwell, Texas-based MSP TSM Consulting.
Given the level of access and trust MSPs enjoy in their client’s network, expect hackers to continue attempting to use MSPs as an entry point into their customers in 2020 and beyond.