November 19, 2019

2020 Forcepoint Cybersecurity Predictions and Trends

Carl Leonard Principal Security Analyst

Every year Forcepoint asks our cybersecurity researchers, engineers and strategists to predict what they believe will impact the cybersecurity landscape during the next 12 months. Historically we have been consistently accurate.  Do you agree with our predictions for 2020?

This year’s predictions span across topics from attacker techniques, communication platforms, infrastructure adoption, data protection legislation and cybersecurity strategies.  For each prediction we offer a business consideration and technologies that would help mitigate should our predictions come true.

Deepfakes-As-A-Service increases ransomware effectiveness and election interference

Throughout the last two years we have seen the popularity of an application that could accept a photograph as an input, apply various machine learning algorithms to that image and then output an image showing an aged version of that individual, amongst other filters.  Samsung researchers took this one step further by building the capability to derive a reasonably realistic video from just one still image of a subject. These capabilities showed the power and appeal behind the current fascination behind human image synthesis. 

Deepfakes was a term that was coined in 2017 and relates to fake videos being created by deep learning techniques.  We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases.  Our prediction is fourfold:

  1. Ransomware authors will send targeted deepfakes to ransomware targets. Recipients will see realistic videos of themselves in compromising situations and will likely pay the ransom demand in order to avoid the threat of the video being released into the public domain.
  2. It is well known that Business Email Compromise/Business Email Spoofing has cost businesses billions of dollars as employees fall for the scams and send funds to accounts in control of cybercriminals.  In 2020 deepfakes will be used to add a further degree of realism to the request to transfer money.
  3. We have already seen deepfakes in the political arena in 2019.  With the 2020 United States presidential elections due in November 2020 we expect deepfakes to be leveraged as a tool to attempt to discredit candidates and push inaccurate political messages to voters via social media.
  4. We will see Deepfakes As A Service move to the fore in 2020 as deepfakes become widely adopted for both fun and malicious reasons.

Business consideration: Scammers will continue to be successful as they adjust their social engineering techniques. It is not realistic to expect every employee or member of the public to recognise a deepfake, especially as their realism advances as the technology improves.

Technologies to mitigate: Incorporating deepfakes into employee cybersecurity awareness programs can help to raise the bar that scammers must reach in order to conduct a successful scam. Extra checks at a process level (e.g. money transfers) can help identify unusual activity associated with Business Email Compromise (BEC) / Business Email Spoofing (BES) scams.  Also consider Web Security solutions and Email Security solutions to prevent interaction with initial lures.

Prediction contributed by: Audra Simons, Director of Innovation, Forcepoint X-Labs

Audra discusses this prediction in the following video:


5G offers unprecedented data theft speeds

Fifth generation cellular network technology (5G) is now available in cities and countries around the world. As the roll-out of 5G continues into 2020 and beyond it will place faster data transfer capabilities into the hands of employees – employees who have access to corporate cloud applications on their managed (corporate-issued) and unmanaged (personal) devices.

Data transfer rates on 5G are more than 10 times faster than 4G. Imagine being able to download a 2 hour movie in less than one minute. The more reliable connectivity and lower latency will work in the favor of determined employees wishing to transfer swathes of corporate data.

The anticipated proliferation of such devices will appeal to employees, who will access and retrieve company data via their 5G-enabled, super-connected personal device rather than continue to use slow and patchy coffee shop Wi-Fi connections or tethering to their now outdated corporate-issued 4G-enabled phone. 

Business consideration: Whether data transfer is through the 4G or 5G network your cybersecurity stack needs to have visibility and control of such data movement else you risk being unable to identify data theft at the speed necessary.

Technologies to mitigate: Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Risk-Adaptive Protection technologies.

Prediction contributed by: Raffael Marty, Head of Forcepoint X-Labs

Carl Leonard, Principal Security Analyst, discusses this prediction in the following video:


Organizations will become “Cloud Smart” but remain “Cloud Dumb”

As we enter 2020 more and more organizations, especially government agencies, are moving to the Cloud as part of their digital transformation. We should expect to see greater and greater breaches of Public Cloud systems as a result.

This change will come about, in part, due to a shifting emphasis mandated by governments around the globe.  A Cloud First policy has been in existence within the US government since 2011.  Since 2013 the UK government has mandated that central government “should consider and fully evaluate potential cloud solutions first before considering any other option.”  This year the US government adopted the 2019 Federal Cloud Computing Strategy (Cloud Smart) and the UK government is expected to reveal a new policy early next year.  The US iteration of Cloud Smart typically includes security, procurement, and workforce components, but many organizations remain significantly challenged in these areas.

As organizations go from “Cloud First”, or “Cloud All”, to “Cloud Smart” they tend to remain “Cloud Dumb” as it relates to securing their systems in the Public Cloud. Typical Public Cloud vendor shared responsibility models state the cloud service providers are responsible for protecting infrastructure while the customer is responsible for protecting their data, monitoring access, managing configurations, observing anomalous user behaviors, monitoring system vulnerabilities and patching, and analyzing suspicious host and network activities.  Attackers will have a renewed focus on Public Cloud accessible systems and data in 2020 and beyond due to the richness of the prize and ease of accessing it.  We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous.

IDC predicts that 49% of the world’s stored data will reside in Public Cloud environments in 2025. Organizations around the world, both public and private, would do well to take heed of available guidance and not delay their application of best practice.

Business consideration: “Cloud Smart” really needs to mean more than “Should this application be run from the Cloud? What are the benefits we want to achieve moving to the cloud? What are the costs?  What are the risks?” It must also mean that we understand the value of the data and how to protect it in the Public Cloud.  It means that we need to properly understand risk, take security into consideration, and build security in from the ground floor upwards.

Technologies to mitigate: Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Risk-Adaptive Protection technologies.

Prediction contributed by: Eric Trexler, VP, Global Government

Duncan Brown, EMEA Chief Security Strategist discusses this prediction in the following video:


Organizations will mature in their approach to data/privacy protection legislation

Awareness around the need for data privacy and data protection has increased significantly over recent years mostly as a result of regulations such as GDPR and CCPA.  Our prediction around this area is threefold.

From speaking to organizations around the globe we have seen an acceptance that maintaining an individual’s (customer’s) privacy and protecting their data can be a differentiator of a business’s service.  We expect this trend to continue into 2020 and beyond.

Many businesses focussed on the headline takeaways from such regulations – most notably that a data breach of personal data belonging to European citizens will result in large fines. In 2020 we shall see organizations explore the non-breach non-compliance implications of data privacy and protection regulations.  This will invoke a move from a breach prevention approach to a more holistic principles-based approach.  In review of the fines levied in 2019 we expect 2020 to be a case of “You ain’t seen nothing yet” in regards to the size and quantity of fines that Supervisory Authorities will bring to bear on offenders.

Currently many businesses are manually compliant to the regulations, in that, should they receive a high volume of Subject Access Requests under GDPR, for example, they may struggle to service that volume of requests in a timely fashion.  Thus businesses will look to automate through adoption of suitable technology.

Business consideration: Performing a review of your organization’s current state of compliance towards relevant data privacy and protection regulations could present opportunities to differentiate your customer offerings, identify opportunities to broaden the scope of your data protection approach and embrace new methods to make being compliant easier to manage.

Technologies to mitigate: Data Loss Prevention (DLP) for data discovery, classification and loss prevention.

Prediction contributed by: Duncan Brown, EMEA Chief Security Strategist

Duncan discusses this prediction in the following video:


Cybersecurity strategies will incorporate a move from Indicators of Compromise to Indicators of Behavior

Indicators of Compromise (IoC) is a term for artefacts that indicate potentially malicious activity. These could be the URL of malicious and phishing websites, email subjects used in a spear phishing campaign or IP addresses of prominent spam senders.  IoC could also include network traffic using non-standard ports, suspicious registry setting changes and abnormal read/write volumes.  IoC are threat-centric in nature and have been the staple of cybersecurity protection for decades. Organizations have reached a base level of hygiene offered by threat-centric approaches.

Indicators of Behavior (IoB) on the other hand are focussed around the behavior of users and how users interact with data.  Specifically the focus is on Indicators of Bad Behavior – as organizations recognise that the majority of employees turn up to work to do a good job and are low risk. By understanding how a user/employee/contractor/account usually behaves in relation to themselves, within a job role or within a peer group it is possible to identify the pre-cursor to behavior that may present a higher risk to the business, such as data theft “in progress”.

Our prediction is that 2020 will see a marked increase in the number of organizations recognising the need to enhance their IoC-based threat intelligence with the contextual insights of behavioral indicators.  A shift to Indicators of Behavior will better protect their data in the modern network environments that support anytime, anywhere working. As such business’s cybersecurity strategies will shift from an outside-in approach (looking at how external attackers are seeking to penetrate a perimeter) to one of an inside-out approach (understanding the risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application).

Business consideration: Do you want to see Indicators of Behavior in action and how it can help protect your business? Book a demo to see how Forcepoint’s solution facilitates the evolution of your business risk management to a behavior-based cybersecurity strategy. Simply Schedule a Demo through our website.

Technologies to mitigate: User and Entity Behavior Analytics (UEBA), Insider Threat technologies and Risk-Adaptive Protection technologies.

Prediction contributed by: Nico Fischbach, Global Chief Technology Officer

Carl Leonard, Principal Security Analyst, discusses this prediction in the following video:


Watch the Webinar

Raffael Marty, head of Forcepoint X-Labs, and Carl Leonard, Principal Security Analyst, discuss Forcepoint’s 2020 Predictions and offer their detailed insights in a webinar.

We’d be keen to know whether you agree with our predictions? What do you predict for 2020? Join the conversation at https://twitter.com/forcepointsec

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.