| Executives December 11, 2019


December 11, 2019

Five ways the security landscape will shift in 2020

By David Richardson

2019 was another eventful year in the security space, with hackers targeting government agencies and corporations alike -- from the U.S. Customs and Border Protection’s to Quest Diagnostics’ data breach. As we head into 2020, here are five trends we expect will emerge in the coming year.  

Mobile will become the primary phishing attack vector

Lookout expects credential phishing attempts targeting mobile devices to become more common than traditional email-based attacks. Traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS. Moreover, mobile devices are targeted not only because of these new avenues but also because the personal nature of the device and its user interface. Enterprises must realize that when it comes to social engineering in a post-perimeter world, corporate email is not the only, or even the primary, attack vector used. 

2FA is dead. Long live MFA

Authentication will move from two-factor (2FA) to multi-factor (MFA), including biometrics. Most companies have implemented one time authorization codes (OTAC) to provide 2FA, but Lookout, and others in the industry, have already seen OTAC targeted by advanced phishing attacks. To protect against credential theft and to address regulatory compliance, enterprises are increasingly adopting MFA and biometrics using mobile devices. This new approach strengthens authentication and improves user experience, but it is critical that the mobile device is free from compromise.

Threat actors will leverage machine learning to operate autonomously

Attackers will begin to implement machine learning in the execution of phishing campaigns. Phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms. These enhancements will allow attacks to move faster than most existing solutions could detect them.

2020 election hacking will focus on mobile

As cyber attacks have evolved to target mobile devices because of their nature and form factor, so will cyber attacks in the 2020 Presidential Election. Spear phishing campaigns are moving beyond the traditional email-based phishing attacks we saw in the 2016 election cycle to advanced attacks that involve encrypted messaging apps, social media and fake voice calls. Before the next election is over, we will likely see some kind of compromise as the result of a social engineering or mobile phishing attack, particularly as presidential campaigns embrace mobile devices in their canvassing efforts. 

Partnerships are the new consolidation

Within the past decade there have been many mergers and acquisitions within the security industry. That trend will likely continue, but now vendors will also tightly integrate their solutions to improve enterprise security. And, as we move into 2020 and beyond, a new trend is emerging that will see security vendors forming alliances -- even with those they consider their competitors -- and strategically collaborating to combat threats for the greater good. A recent example of this is the App Defense Alliance, which was launched in late 2019 to combat malicious apps on Google Play. These alliances also have a positive effect on AI solutions, as the corpus of data grows for machine learning algorithms to ingest. 

Watch this short video to learn why mobile security is the new business imperative.


Author

David Richardson,
Director, Product Management