Simpson, CISO, Armis
Voice Deepfakes will become the new phishing bait: C-level executives, politicians and other high-profile individuals are already high-risk targets for standard email phishing attacks given their level of access and financial decision making within their organization. With advancements in the deepfake voice technology, I expect a rise of voice phishing schemes in 2020 in which employees are tricked into sending money to scammers or revealing sensitive information after getting voice messages and calls that sound like they are from the CFO or other executives. We’ve already seen one fraudulent bank transfer convert to $243,000 for criminals. Given how hard it is to identify these deepfakes compared to standard phishing attacks, I expect these operations will become the norm in the new year.
Kirner, CTO & founder, Illumio
We’ll start to hear more about the convergence of physical infiltration with cyberattacks, challenging security across the board. Cyberattacks on an enterprise or a government can be carried out remotely but, in 2019, we started hearing more about the physical element added to the mix. It doesn’t take sophisticated software or intelligence operations to execute these attacks – a well-planned, staged scenario is all it takes. For instance, someone could pose as an electrician to gain physical access to a hospital being built, walking around unimpeded until they find an unprotected device to access the network. I believe we’ll see more of these high-profile, hybrid cyber-physical attacks in 2020.
Matt Ulery, chief product officer, SecureAuth
Get ready for SMS attacks to go mainstream. We adopted two-factor authentication with little hesitation: get a text on your phone with the one-time authentication code, enter it in after entering your password and gain access to your account. Most consumers haven’t had an issue with an extra step for a little peace of mind. The problem is that second-factor methods can now be easily defeated by your average hacker.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.