Technology Reseller v26

technolog y reseller.co.uk 29 PREDICTIONS This type of activity will catch larger businesses out just as much as small ones and, because the changes are at a governmental and national level, it won’t be limited to one industry. The attack surface is going to bubble out in all directions. Workplace Generation Z to take ownership of post-digital era Andrew Filev , Founder and CEO of Wrike Saturation of the workforce by millennial and Generation-Z workers will inspire more offices to adopt university campus-like flexibility, where seating isn’t assigned, teams can self-organise and you’re just as likely to find a worker sprawled across a sofa as at a desk. Employers should embrace this flexibility, which, combined with an increase in mobile working, will save enterprises up to 25% on commercial real estate and energy costs. Businesses will experience a productivity bump as the digital-native generation grows in the workforce. Generation Z will make up 20% of the workforce in 2020 and this number will increase steadily throughout the decade. This generation is natively comfortable with virtual collaboration and are masters of the social marketing tactics they’ve used their whole lives. Digital transformation was accelerated by millennials, but Generation Z will own the post-digital era. Automation will continue to eat away at routine tasks next year. As the nature of work transforms, jobs will become more cognitively challenging, boosting the need for creative, empathetic and strategic career skills. Humanities and arts degrees will see 10% growth as storytelling, content and design become increasingly important to brands. STEM will also continue its growth trajectory. E-learning will become mainstream and even mandatory in some rapidly evolving fields. By 2025, 45% of white-collar employees will have used an e-learning platform to improve their job skills or explore new careers. connections will also give attackers the ability to bypass perimeter protections that are normally in place. All manufacturers should add security vetting to their product development lifecycle, especially with the cloud and 5G in mind, to get IoT device security in check before the number of vulnerable devices in the market becomes overwhelming. 5 Magecart and similar attacks will proliferate. The adoption of EMV chip-enabled payment cards and readers have made it much harder for hackers to compromise point-of-sale systems and, as a result, criminals’ use of physical card skimmers and POS malware has decreased. Instead, hackers have shifted their focus to ecommerce platforms, using virtual card skimmers that target online shopping cart platforms to steal payment card data during checkout. The most prolific have been from a group known as Magecart, which target the popular Magento ecommerce platform. The Magecart threat will continue to grow in 2020 and ecommerce organisations that don’t have the resources or security know-how to implement the minimal best practices of PCI compliance are at risk – and are putting their customers at risk. Every organisation that accepts payments, no matter how big or small, should invest in proper security measures including regular vulnerability assessment to keep their customers’ data safe. Brexit a challenge for supply chain security Matt Lorentzen , Principle Security Consultant , Trustwave The biggest security challenge facing the UK and the wider European community in 2020 is going to be around the supply chain. The perfect moment for an attacker is when an organisation is going through significant change and employees are less able to spot something out of the ordinary because they expect everything to be new and different. As we move towards Brexit, enterprises will find themselves going through a number of changes, including new procedural, technical and auditory requirements. This creates a huge attack surface for attackers to exploit. As soon as bad actors understand how the various processes within a new supply chain function, it will be easy for them to carry out successful social engineering or phishing attacks, for example sending an urgent email about a change in legislation that requires specific business information to be handed over. Security 5G and IoT enlarge attack surface Karl Sigler , Threat Intelligence Manager, Trustwave SpiderLabs 1 The widespread prevalence of facial recognition used by apps and devices could draw deep fake attacks. We expect to see deep fake videos increasingly used to tarnish the reputations of individuals, particularly politicians as we near the 2020 presidential election. High profile people are most at risk, as deep fakes require abundant available source material (audio and video) to create realistic simulations. Deep fakes are in their infancy and are not yet a credible threat to the general population. 2 Ransomware attacks on cities and governments will continue to grow. A number of successful ransomware attacks targeting large organisations, critical infrastructure, government and cities were conducted in 2019. Coordinated cyberattacks can cripple victims completely, shutting down core services and rendering operations useless. Organisations that are not prepared for such attacks will continue to pay out ransoms in order to avoid downtime and loss of data, which will cause ransomware attacks to grow in 2020 as cybercriminals continue to evolve techniques and coordination strategies. 3 5G adoption will drive hackers to target mobile as a main attack vector. The proliferation of 5G will see more consumers relying on 5G-enabled mobile devices as their sole means of internet access. Alhough mobile-based malware is notoriously difficult to set up and distribute, we’ll start seeing mobile malware piggy-back on social engineering attacks, specifically targeting bank transfers and ecommerce transactions. This social engineering component of phishing emails and text messages will make the malware easier to inject and spread. While 5G has many built-in protections against direct attacks, its wider adoption will further degrade the traditional network perimeter. 4 Dev-security lifecycle becomes the Achilles heel for IoT devices. The huge influx of IoT devices in homes and businesses is enlarging and diversifying the attack surface targeted by criminals. High bandwidth, direct connections to the internet via 5G will increase the threat of Mirai-like botnets. These direct Karl Sigler Matt Lorentzen Andrew Filev Continued...