The new year is here! What does the future of cyber security hold for us in 2020? Will it be more of the same? This first part of a two-part series discusses what could be making big news in 2020. More attacks on Small Medium sized Enterprises (SMEs) Large enterprises already spent a lot on securing their infrastructure. Cyber criminals prefer the low hanging fruit presented by SMEs that are either unable or unwilling to make a big investment in cyber security. Smaller scale ransomware attacks will continue to pay off for cyber-bandits, as many small businesses are unprepared and unaware of the risk. Smaller organisations are still developing their cyber security posture, but employing expert help is often seen as unaffordable. It makes these organizations easy targets for cyber criminals. In addition, human error are still areas for concern. Expect to see SMEs take advantage of training and technology solutions that drive down the cost of building cyber security resilience. The biggest bang for the buck in a small organization could implement are inexpensive training programs that help eliminate the weakest security link in these businesses: its people. Increase in the use of Artificial Intelligence (AI) on both sides Depending on where you stand on the issue, AI is either cyber security’s biggest threat, or best hope for survival against hackers. There is promising technology on both sides. For example, in the case of spear phishing, AI can help by analyzing emails and noticing patterns of behaviour, suspicious language or metadata, and would intelligently detect and autonomously neutralise phishing emails. At the same time, this type of AI can significantly reduce the burden on already overworked cyber security staff. At the same time, hackers may also employ AI to improve their rates of success with phishing campaigns: “phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms. These enhancements will allow attacks to move faster than most existing solutions could detect them.” More incident response rehearsals We were bombarded with news reports in 2019 of all sorts of breaches, with experts editorializing how the breach response efforts were simply not good enough. Expect 2020 to be the year senior level executives prioritize the rehearsal of a customized major data breach in which they also evaluate their resulting incident response. If you haven’t heard, Uzado has a service called BRaaS (Breach Readiness as a service). The service prepares customers for what to do in the event of a breach, as well as test out what could happen. This allows for organizations to plan, prepare and potentially re-evaluate a breach strategy.