FEATURE: 2020 CIOS’ PRIORITY
//////////////////////////////////////////////////////////////////////////
CYBERCRIMINALS’ CREATIVITY WILL
CONTINUE TO ZONE IN ON AUTO-
UPDATES TO INFECT USERS.
Cybersecurity issues
With the cybersecurity landscape ever
evolving, CIOs need to be aware of potential
threats that could reveal themselves in
the new year. We asked two cybersecurity
experts from BeyondTrust, a worldwide
leader in Privileged Access Management, to
give us their security predictions for 2020.
“The more CIOs, CISOs and other IT staff
understand the security implications of
evolving technologies, the better prepared
they are to make the right investments for
their business,” said Morey Haber, CTO and
CISO at BeyondTrust.
“It’s the difference between being proactive
versus reactive and having a security
approach that enables new technologies
and business opportunities, versus one that
clamps down on them.”
Here Morey J. Haber, Chief Technology
Officer and Chief Information Security
Officer, and Christopher Hills, Senior
Solutions Architect, Office of the CTO, deliver
the following cybersecurity predictions CIOs
need to be aware of in 2020:
of devices still running these operating
systems, a myriad of vulnerabilities will
continue to exist until they are patched, or
the operating systems are replaced. Since
replacing end of life operating systems can
be costly and potentially difficult, 2020 will
see them targeted by cybercriminals at an
accelerated rate. New vulnerabilities disclosed
for end of life devices will also arise posing
unmanageable risk to many organisations.
Identities become the latest attack
vector: Privileged attack vectors have
been on the rise in recent years, where
threat actors compromise accounts, then
engage in lateral movement to compromise
additional assets and accounts with stolen
credentials. 2020 will bring more of this,
but as threat actors refine their strategies
and impersonate users using DeepFake
technology, it will be hard to determine if
an identity is real or not. Thus, beyond the
usual hijacking of email and SMS messages,
we will see fake phone calls with spoofed
accents, social media hijacking, and even
biometric hacking using compromised
data and malicious Artificial Intelligence to
impersonate an identity.
Evolution of the role
Malware auto-updates increase:
Since many applications auto-update,
cybercriminals now target cloud-based
update mechanisms using a variety
of techniques. Most users trust their
applications to auto-update and may be
unaware of the threats made possible by a
compromised cloud connection. Although
old-school software piracy is on the decline
due to the cloud, cybercriminals’ creativity
will continue to zone in on auto-updates to
infect users. Expect high profile applications
and operating systems to be targeted by
these advanced threats in 2020.
Reruns of old CVEs: January 2020 brings
the end for Windows Server 2008 and
Windows 7. With an estimate in the millions
42
INTELLIGENTCIO
Christian Reilly, Vice President and Chief
Technology Officer, Citrix, expects to see an
evolution of the role of CIO.
“Firstly, we’ll see the evolution of the CIO
role. For many years, we’ve had CIOs that
operated in control of the ‘Department of
No’,” said Reilly.
“The new CIO will wear the hat of an
innovation officer, much more than an
information officer.
Morey Haber, CTO and CISO at BeyondTrust
“They will be a change agent at the very
core, helping to remove those existing
final barriers between IT and the business.
They will focus primarily on the ‘why’ of
www.intelligentcio.com