John
Prisco, president & CEO, Quantum Xchange
Prediction: Quantum
computers will advance far quicker than predicted, leaving enterprises
scrambling to become quantum safe. The first true use of quantum computing will
be in nation-state cyberwar activity and not a commercial application. By the
end of 2020 it will be evident that RSA 2048 will be doomed in under 5 years,
when a nation state like China or the U.S. will have a quantum computer capable
of decrypting current encryption paradigms. Quantum computing will be just the
latest of many technologies, including nuclear technology, the internet and
satellite navigation, that started out in government and military use.
Saumitra
Das, CTO, Blue Hexagon
First malware using
AI-Models to evade sandboxes will be born in 2020. Malware developers already
use a variety of techniques to evade sandboxes. A recent article explained that
“Cerber ransomware runs 28 processes to check if it is really running in a
target environment, refusing to detonate if it finds debuggers installed to
detect malware, the presence of virtual machines (a basic “tell” for
traditional sandboxes), or loaded modules, file paths, etc., known to be used
by different traditional sandboxing vendors.” In 2020, we believe that new
malware–using AI-models to evade sandboxes–will be born. This has already been
investigated in academia. Instead of using rules to determine whether the
“features” and “processes” indicate the sample is in a sandbox, malware authors
will instead use AI, effectively creating malware that can more accurately
analyze its environment to determine if it is running in a sandbox, making it
more effective at evasion. As a result of these malware author innovations and
existing limitations, the sandbox will become ineffective as a means to detect
unknown malware. Correspondingly,
cybersecurity defenders’ adoption of AI-powered malware defenses will increase.
Monzy
Merza, head of security research, Splunk
MITRE ATT&CK
will become the go-to framework and common vocabulary for every SOC. For organizations required to have the most
aggressive stances on security, such as financial services and healthcare,
ATT&CK is already the go-to framework. In 2020, it will become a basis of
conversation for security operations center (SOC) teams in other industries,
including retail and manufacturing, as they mature their security postures.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.