Cybersecurity trends in 2020
Our expert's opinion:
"For the new decade people know that we are more and more exposed to cyber-attacks even though we protect our self much more than before. The point is that cybersecurity software vendors employ AI to identify security risks on software and networks, but cybercriminals use the same technology.
These tools use AI (Artificial intelligence) and ML (Machine learning) to generate thousands of lines of code in less than a minute to create a breach into the system. So vendors and developers have to be creative to create cutting-edge technologies to protect information now and in the future. We all know a cyberattack can cause a lot of damage, so it’s imperative to anticipate the strategy of the cybercriminals incoming threats! If you receive ransomware (cyber ransom) after years of hard work to pass the breakeven point, you will be devastated.
So, which of your budget will increase for 2020, marketing or cybersecurity?"
- Antoine de Wasseige, Associate Consultant
Cybersecurity trends in 2020: artificial intelligence
To say that artificial intelligence (AI) has reached buzzword status may be an understatement. The general public largely misunderstands the term while the C-suite can’t get enough of it. A layperson may consider AI a thing of the future, like flying cars and drone grocery delivery, but in reality most of today’s business and commercial software contain AI and its little sister, machine learning (ML). And nearly any software developer will tell you—repeatedly—that these tools are little more than statistical probability. They analyze existing data, take action, and make predictions based on the data they have.
Over the past several years, we’ve seen cybersecurity software vendors employ AI to identify security risks on software and networks. This same technology is available to cyber criminals, which has heightened the risk of a security breach for businesses of all sizes.
This article features opinions from cybersecurity experts on the nature of the AI threat, how the AI security threat will change in 2020, and how companies should prepare themselves for the changing threat.
What the AI cybersecurity risk looks like in 2019
Welcome to the race between cyber criminals and cybersecurity software vendors to build the most advanced and far-reaching software possible. AI acts as an accelerator for both parties, allowing them to analyze more data, distinguish real from perceived threats, and understand potential vulnerabilities.
“Bad actors are increasingly utilizing automated and smart tools to find vulnerabilities in systems, access to storage devices, and open data on the internet. These tools use AI and ML, which can sort through thousands of lines of code a minute to understand the landscape. As much as AI and machine learning have become buzzwords to poke fun at during cyber conferences, vendors and developers need to be challenged to create advanced technologies to protect information now and in the future.”
Todd Carroll, CISO/VP of operations NA at CybelAngel
"As organizations continue to move their data to the cloud and digitize nearly every process, they produce vulnerabilities. There are too many security threats to be managed today, so they need to be managed in an automated way. Without automated security remediation, the existing security gaps will only deepen.”
Thomas Hatch, CTO and Co-Founder at SaltStack
Organizations find themselves in the middle of greater digitization, more vulnerabilities, increased access to AI technology, and an overall risk-prone environment. But not all is lost. Some organizations already use security AI to protect themselves.
“A lot of security companies are using AI and ML to help prioritize the alerts so the analysts can focus their time on real high priority alerts to prevent or manage the attacks.”
Umesh Padval of Thomvest Ventures
Is the answer to keep doing what we’re doing? Well, yes, and no. Because as security software adapts to new threats, the criminals will continue to adapt their own software to bypass the security.
How the AI security threat will change in 2020
The experts we spoke to agree that the proliferation of AI for commercial and research purposes has made the tools available and easily manipulated for nefarious purposes.
“AI and machine learning is now a widely understood technology. Most of the best tools used by researchers and security teams for AI are open source and can be easily co-opted by the Black Hats to try to recognize security measures and subvert them. Many of the powerful machine learning frameworks are now available as-a-service from major cloud vendors like Google, Microsoft and Amazon. So a cyberattacker could access not just the software but a ready-baked infrastructure to perform machine learning and build models, all at a very modest cost.”
Ido Safruti, co-founder and CTO at PerimeterX
Safruti believes that this will cause a sharp increase in AI-powered cyberattacks, which will then need AI-powered security software to combat it.
John Briar, founder of BotRx, believes that bots powered by AI and ML will have a significant advantage in the coming year.
“For example, attackers are likely to create a new generation of bots that can find system vulnerabilities faster and then exploit them in real-time. Roving bots already search the web for weak, unpatched systems and key vulnerabilities that offer easy targets for attacks. Now we are seeing these bots evolve and new technology is being used to exploit the users and their accounts even on well protected systems.”
John Briar, founder of BotRx
Security vendors and individual companies already employ AI and bots to search for threats and high-risk environments on networks and within internal software, but as the speed and power of bad actors increases, the security services will need to do the same.
Where AI cybersecurity will go in 2020
How will cybersecurity tactics and software adapt to the increasing threat of malicious AI-driven software? The experts we spoke with cited increasing automation to understand the nature of evolving threats, empowering the workforce, and getting ahead of the threat.
Richard Cassidy, senior director of security strategy at Exabeam, predicts that to improve efficiency, security software will adapt past identifying individual threats or vulnerabilities.
“Security focus will move away from the tired alerting methodology we’ve all painfully relied on for far too long, to a far more ‘risk context’ approach, combining data-classification, trust modeling, and security analytics functions. A model based on contextual understanding will reduce the number of false positives security pros must chase down, so they can focus on improving the entire ecosystem. It’s about enabling organizations to do far more with what they have, super-charging existing security and GRC functions—not least hyper-enabling already over-stretched teams—to focus on doing more of what they enjoy and innovating for the betterment of business outcomes.”
Richard Cassidy, senior director of security strategy at Exabeam
The theme of improving the working atmosphere for vital cybersecurity professionals was echoed by Henry Ly, project manager at OccamSec.
“Security teams are growing tired of all the data generated by the expanding number logs of protection tools in the IT ecosystem. Most organizations typically lack the financial resources to hire additional support, that’s why machine learning, artificial intelligence and the ability to integrate will be key for this coming year. When the individuals responsible for monitoring threats get overwhelmed by the sheer volume of risk opportunity, they will start using AI tools to better understand the nature of their risk."
Henry Ly, project manager at OccamSec.
And Richard Williams, Information Security Manager at Solve.Care, is even more optimistic about AI’s use case for security pros.
“The use of artificial intelligence and machine learning technologies could allow security systems to identify and respond to threats in real time. These technologies can gather data which allows systems to act proactively, rather than reactively to security threats. Taking an aggressive approach to risk environments will hopefully give security pros a sense of control over their organization’s vulnerabilities."
Richard Williams, Information Security Manager at Solve.Care
The right cybersecurity software for the increasing AI threat
Choosing a cybersecurity software isn’t as easy as finding the one with the fanciest features or the one with the latest AI tools. It’s about finding the tools that fit your budget, your organization’s risk profile, and your internal team’s capabilities.