After a brief hiatus, IDG Connect's annual survey to discover the biggest upcoming security threat is back. We asked security professionals a simple question: what will be the single biggest security threat of 2020? Responses varied from a single sentence to multiple paragraphs, and naturally, many individuals highlighted problems that related to their own industry or solution. Some respondents offered more than one response, where possible these have been split by theme.
Out of 64 usable responses, people problems (19) were once again the primary cause for concern, with human error and insider threats featuring alongside other people-related issues such as a lack of understanding of security risks, and—related—the cybersecurity skills gap.
Our 2018 survey saw a strong leaning towards ransomware which came in at second place, this year it dropped to fourth behind targeted attacks and artificial intelligence, which one of our respondents pointed out would enable attackers to "carry out much more sophisticated and targeted attacks at scale."
All 64 usable responses have been cut down to a single sentence, grouped into the following sections:
- People (14)
- Targeted attacks (9)
- Artificial intelligence (7)
- Ransomware (5)
- Phishing (5)
- Other suggestions (24)
Results of previous polls can be found here:
- What will be the single biggest security threat of 2016?
- What will be the single biggest security threat of 2017?
- What will be the single biggest security threat of 2018?
People - 14
Safi Raza, Director of Cybersecurity, Fusion Risk Management:
"In 2020, Humans will be the weakest element of Cyber Defense."
Hugo van den Toorn, Manager Offensive Security, Outpost24:
"The human element will most likely remain the leading cause of data breaches."
Victoria Barber, Technology Guardian, Snow Software:
"We believe that the single biggest security threat in 2020 is ultimately what it has always been - people."
Neil Larkins, CTO & Co-founder, Egress:
"The number of data breaches will continue to go up in 2020 - and people, the human layer, will remain a leading cause."
Kevin Brown, Managing Director, BT Security:
"The biggest threat for 2020 will be the same as for many previous years - basic human error."
Anthony Patti, Vice President, Drawbridge Partners, LLC:
"The single biggest security threat for 2020 is related to attackers taking advantage of the human element in conjunction with vulnerable networks."
Simon Kelf, Co-Founder, BCN:
"Employees are often the biggest threat to an organisation's cybersecurity."
Jadee Hanson, CISO and Vice President of Information Systems, Code42:
"Insider threat is on a dangerous upward trend, which will undoubtedly continue into 2020 as market challenges persist."
Mark Rodbert, CEO, idax:
"The real security threat lies a lot closer to home than many would suspect, with sixty six percent of organisations considering malicious insider attacks or accidental breaches more likely than external attacks."
Paul Bischoff, Privacy Advocate, Comparitech.com:
"Human error is the biggest weak spot in preventing cyber-attacks, and the sheer volume and frequency of phishing attacks put the odds in attackers' favour."
Piers Wilson, Head of Product Management, Huntsman Security:
"Looking forward to 2020, one of the biggest risks to organisations is that they fail to understand the link between cyber security and reputation."
Neville Armstrong, Service Strategist, Fordway:
"The biggest single threat is not understanding the risks your organisation faces and the organisation's risk appetite - not just external risks, but those arising from your own actions."
Jason Soroko, Chief Technology Officer of IoT, Sectigo:
"The legacy of security as an afterthought, especially in industrial systems, is the biggest threat of 2020."
Matias Madou, Co-Founder and CTO, Secure Code Warrior:
"The cybersecurity skills gap is likely to be a major contributor to ongoing security issues, in 2020 and beyond."
Targeted attacks - 9
Oleg Kolesnikov, VP of Threat Research, Securonix:
"Based on the real-world attacks seen in the wild in recent months, in my opinion, the single biggest security threat of 2020 will be targeted mass-scale attacks involving corporate infrastructure."
Ilia Kolochenko, Founder and CEO, ImmuniWeb:
"[2020 will see the] rapid proliferation of silent attacks on shadow IT and third-parties."
Stan Lowe, Global Chief Information Security Officer, Zscaler:
"Targeted attacks against identity authentication providers in order to utilise compromised credentials to access cloud apps and data."
Jake Olcott, VP Government Affairs, BitSight
"During the 2020 U.S. election, nation states will attempt to tamper with the voting infrastructure."
Dr. Zulfikar Ramzan, CTO, RSA Security:
"Attackers will target the cryptosphere: Cybercriminals usually follow the money, so expect that cryptocurrencies will be at the top of attacker's wish lists in 2020."
Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Centre):
"Cyber-attacks on 2020 candidates will become more brazen."
Dr Francis Gaffney, Director threat intelligence, Mimecast:
"State actors will almost certainly look to continue exploiting times of confusion or global events to conduct cyber-attacks."
Colin Robbins, Managing Security Consultant, Nexor:
"As large businesses start to address the security basics, preventing low-skill attacks from succeeding, mass-attackers are turning their attention to the supply chain."
Graham Fletcher, Technology Risk & Information Security Competency Lead, Citihub Consulting:
"Weaknesses in the supply chain is likely to be one of the biggest threats in 2020."
Artificial Intelligence -7
Marcus Fowler, Director of Strategic Threat, Darktrace:
"2020 undoubtedly holds the first AI-powered cyberattack."
Campbell Murray, Global Head of Cybersecurity, BlackBerry:
"As we look towards 2020, weaponised artificial intelligence will be the emerging cybersecurity threat faced by organisations and individuals."
Robert Fitzsimons, Field Application Engineer, Telesoft Technologies:
"AI is going to enable cyber threat actors to carry out much more sophisticated and targeted attacks at scale."
Pali Surdhar, CISO, nCipher Security:
"In 2020, cyber criminals will leverage AI and machine learning to find exploits on systems - and it will lead to prolific and public data security breaches."
Steve Schlarman, Director & Portfolio Strategist, RSA Security:
"The idea of weaponising chatbots as an attack vector for digital fraud will become a ‘new normal'."
James Maude, Head of Threat Research, Netacea:
"The biggest security threat businesses need to be prepared for is the rise in business logic attacks… [using] automated bots to exploit weaknesses in the normal, everyday use of a website or app."
Pascal Geenens, EMEA security evangelist, Radware:
"Fooling automation will likely lead to the next disaster - like tricking an autonomous car by slightly altering traffic signs or road markings."
Ransomware - 5
Sandra Joyce, Senior Vice President of Global Intelligence, FireEye:
"In 2020, defenders need to be looking out for new techniques involving ransomware."
Ilia Sotnikov, VP of Product Management, Netwrix:
"Ransomware attacks will become more sophisticated, and public sector and healthcare organisations will be the top targets."
Simon Jelley, VP of Product Management, Veritas:
"We haven't yet seen ransomware reach its peak, but we will see it become more niche and target specific sectors in the year ahead."
Marcus Fowler, Director of Strategic Threat, Darktrace:
"In 2020, we should expect to see the resurrection of old ransomware with new twists widening the threat landscape in innovative ways."
Dave Klein, Director of Cybersecurity Engineering, Guardicore:
"Ransomware will become one of the biggest threats in 2020, particularly as it becomes less randomly sprayed at consumers, but as it aims directly to local government, healthcare organisations and SMBs."
Phishing - 5
Simon Eappariello, SVP Product & Engineering, EMEIA, iboss:
"Phishing will continue to be the single biggest threat to organisations in 2020 and attackers will continue to innovate so that malicious links and content embedded into emails will be crafted to seemingly look un-malicious or from trusted sources."
Frederik Mennes, Director Product Security, Security Competence Center, OneSpan:
"Many organisations are still struggling to address basic attacks based on phishing, vishing, smishing, etc., which rely on social engineering attacks against consumers."
Pam Nigro, Board Director, ISACA:
"Phishing attacks will continue to be the largest and most serious threat to security in 2020."
Ali Neil, Director of International Security Solutions, Verizon:
"One of the biggest threats that organisations should be on the lookout for are social engineering attacks specifically against C-level executives."
Tim Sadler, CEO, Tessian:
"The biggest security threat in 2020 will be advanced spear phishing attacks."
Other - 24
Dr. Guy Bunker, CTO, Clearswift:
"Next year, the biggest security threat will be apps on mobile devices which turn out to be malware."
Richard Hayton, CTO, Trustonic:
"The accelerating use of smartphone and wearable apps poses the biggest security threat for 2020 and beyond."
Steve Nice, Chief Technologist, Node4:
"While older technologies will continue to be exploited, mobile phones will evolve to become a prime attack vector."
Joe Jaroch, Senior Director of Cybersecurity Strategy at Webroot:
"5G and faster consumer networking in general will increase the breadth of malware - there will be more infections spreading through this sort of adhoc "dark network" driven by a mesh of consumer devices."
Omar Yaacoubi, CEO and co-founder, Barac:
"One of 2020's biggest cybersecurity threats will undoubtedly be encrypted malware."
Dr Francis Gaffney, Director Threat Intelligence, Mimecast:
"Some more sophisticated nation state actors make widespread use of encryption; by encrypting the malware they put on company networks, they can make it harder to remove and also defeat the digital forensics work that is used to identify them."
Liviu Arsene, Senior E-Threat Analyst, Bitdefender:
"During 2020 we'll likely see cybercriminals doubling down their efforts in developing financially-profitable malware and targeting organisations."
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic:
"Identity theft will take a new direction with the increased use of deep fakes."
Sanjay Gupta, VP & GM of Corporate Development, Mitek Systems:
"Deepfakes and synthetic identities will open the door for the next wave of identity fraud."
Jeff Pollard, Vice President & Principal Analyst, Forrester:
"Deepfakes will cost businesses over a quarter of a billion dollars."
Darren Anstee, CTO, SBO International, NETSCOUT:
"Unfortunately, IoT is likely to pose a significant threat for the foreseeable future."
Steve Schlarman, Director & Portfolio Strategist, RSA Security:
"Malicious actors will be motivated to attack the unsecured IoT endpoint of a popular connected device."
Charles Poff, Chief Information Security Officer, SailPoint:
"Cloud security poses a significant security threat in 2020, with the industry lacking security skills around DevOps and CI/CD pipeline security."
Fleming Shi, Chief Technology Officer, Barracuda Networks:
"I believe the biggest security threat in 2020 will be attackers going after misconfigured cloud infrastructures therefore stealing compute and storage resources."
Steve Cohen, Security Services Manager at Synopsys:
"The cloud management plane will become an additional security layer that needs addressing in 2020."
David Higgins, EMEA Technical Director, CyberArk:
"2020 will see a new (and unfounded) level of complacency around security driven by passwordless, behavioural and biometric authentication."
Brian Foster, SVP of Product Management for MobileIron:
"The smallpox of cybersecurity is passwords and will be eradicated by 2025… Passwords are not only a hassle - they're antiquated and open us up to even more cyber threats."
Chris Hodson, EMEA CISO, Tanium:
"Going into 2020, we can expect to see organisations continue to struggle with not having enough visibility over the increasing number of digital assets in their enterprise environments, leaving them unaware and unable to protect all systems."
Patrick Donahue, Director of Product Management, Cloudflare:
"We anticipate that an unnoticed perimeter breach resulting in data exfiltration will continue to be the biggest security threat of 2020."
Fredrik Forslund, VP Enterprise and Cloud Erasure Solutions, Blancco:
"The massive amounts of data beyond retention and control that turns into a liability instead of being an asset!"
Tom Kellermann, Head Cybersecurity Strategist, VMware Carbon Black:
1. Geopolitical tension and domestic terrorism will continue to manifest in cyberspace, ushering in an era of destructive attacks that may be used to influence the 2020 U.S. elections.
2. Cloud jacking and subsequent island hopping will become a more common practice and attackers look to leverage an organisation's infrastructure and brand against itself.
3. We'll see an increase in mobile root kits, allowing hackers to gain full control over a victim's device.
4. Access mining as a service will grow as criminals see the utility in purchasing access to compromised environments.
5. Virtual home invasions of well-known public figures (celebrities, CEOs, politicians) will occur.
6. Bluetooth low energy attacks (BLE) will become more commonplace as hackers look to take advantage of that fact that many IoT devices are dependent on this transmission layer.
Leo Taddeo, Chief Information Security Officer, Cyxtera:
"Synthetic Identity Fraud (SIF) is on the rise and particularly troublesome to security and law enforcement pros. With SIF, criminals generate a new identity using a combination of real and fake information to open fraudulent accounts and then exploit new credit lines and make purchases."
Lewis Henderson, VP, Threat Intelligence, Glasswall:
"In 2020, UK SMBs will face huge threats from the highly organised Cyber Crime Supply Chain Criminals who rely on an ecosystem of hacking specialist buying and selling services from each other."
Tarik Saleh, Senior Security Engineer and Malware Researcher:
"As security vendors and practitioners invest more of their detection strategy around machine-learning based tools, we are going to see a heavy focus on attackers focusing on bypassing these."
