Curtis
Simpson, CISO, Armis
Voice Deepfakes will
become the new phishing bait: C-level executives, politicians and other
high-profile individuals are already high-risk targets for standard email
phishing attacks given their level of access and financial decision making
within their organization. With advancements in the deepfake voice technology,
I expect a rise of voice phishing schemes in 2020 in which employees are
tricked into sending money to scammers or revealing sensitive information after
getting voice messages and calls that sound like they are from the CFO or other
executives. We’ve already seen one fraudulent bank transfer convert to $243,000
for criminals. Given how hard it is to identify these deepfakes compared to
standard phishing attacks, I expect these operations will become the norm in
the new year.
PJ
Kirner, CTO & founder, Illumio
We’ll start to hear
more about the convergence of physical infiltration with cyberattacks,
challenging security across the board. Cyberattacks on an enterprise or a
government can be carried out remotely but, in 2019, we started hearing more
about the physical element added to the mix. It doesn’t take sophisticated
software or intelligence operations to execute these attacks – a well-planned,
staged scenario is all it takes. For instance, someone could pose as an
electrician to gain physical access to a hospital being built, walking around
unimpeded until they find an unprotected device to access the network. I
believe we’ll see more of these high-profile, hybrid cyber-physical attacks in
2020.
Matt Ulery, chief product officer, SecureAuth
Get ready for SMS attacks to go mainstream. We adopted two-factor authentication with little hesitation: get a text on your phone with the one-time authentication code, enter it in after entering your password and gain access to your account. Most consumers haven’t had an issue with an extra step for a little peace of mind. The problem is that second-factor methods can now be easily defeated by your average hacker.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.