10 Cybersecurity Trends in 2020: Our Experts Share Predictions for a New Decade
To help financial institutions and banks better prepare for cybersecurity threats and concerns in 2020, we gathered our top security, technology, and industry experts to share their predictions for the coming year.
It’s a new decade, but there are no clean slates in security. Many of the same concerns, like phishing and mobile malware, will continue to pose a threat. Meanwhile, burgeoning technologies like artificial intelligence and the 5G mobile network are ready to make their impact in 2020. On the regulatory front, we see that crypto currency will increasingly be in the crosshairs of regulators and open banking is poised to create new opportunities across the financial space.
Explore our predictions and cyber security trends below.
Predictions and Cybersecurity Trends in 2020
1. AI and Behavioral Monitoring Will Play a Role in Fraud Prevention
Greg Hancell, Manager of Fraud Consultancy, OneSpan
The technology I foresee having a part in fraud detection and prevention in 2020, is AI generalization and aggregation. This technology can unify all channels including card, card-not-present, digital banking, authentication, and open banking with an increased open source intelligence feed. Behavioral monitoring leveraging AI will take the forefront as financial institutions realize that monitoring a login and a payment separately does not address their needs and leaves them vulnerable to attack.
With the improvement in technology and the ability to calculate hundreds of intelligent data points in real time, AI enables the behavioral monitoring and individual profiling of customers across their devices, locations, preferred authentication methods, and more. Based on the observed behavior, AI can provide actionable intelligence with a risk score and recommended decision.
2. Fraud Detection Will Require a Comprehensive Understanding of Risk
Ralitsa Miteva, Manager of Fraud Detection and Prevention Solutions, OneSpan
Although banks made significant progress in their digital transformation journey in 2019, many faced the problem of dealing with unknown and complex fraud patterns, such as mobile banking trojans, rogue apps, synthetic identity theft, SIM swaps, authorized push payment fraud, and others. These threats exploit the banks’ and consumers’ lack of knowledge about potential risks.
If banks hope to anticipate these attacks in 2020, they must continue to develop their fraud monitoring solutions. The focus should be on gathering valuable insights about the customer’s digital journey, analyzing their behavior on their device, building actionable intelligence, blending machine learning models to fit business specifics, bringing continuous session monitoring across channels and devices, and providing anti-fraud knowhow. These security practices create a comprehensive understanding about each risk and allow the bank to apply the right measure without compromising the user experience.
3. Context Is Becoming Essential in Authentication and to Fight Phishing
Frederik Mennes, Director Product Security, Security Competence Center, OneSpan
Many banks are still struggling to address basic phishing, vishing, and smishing attacks, which rely on the social engineering of end-users. One of the reasons that these attacks still work is because banks rely on strong authentication solutions that do not provide context about the user. They cannot determine where the user is logging in, which transaction he or she is conducting, and other contextual data points.
Referring to the concept of technological “S-curves,” banks need to make sure they invest in the next wave of strong authentication solutions that provide protection against social engineering attacks.
4. Stronger Regulation of Cryptocurrency Is Coming
Steven Murdoch, Innovation Security Architect at the OneSpan Cambridge Innovation Centre
I expect to see stricter regulation of cryptocurrencies, initial coin offerings, and similar schemes.
So far, regulators have used a light touch, recognizing that in the scheme of global finance, the sums of money involved are small. They aren’t a systemic risk. Governments were also keen to offer a welcoming environment to new technologies in the hope that they could eventually benefit from tax income if the schemes grow, as can be seen through the various regulatory sandboxes set up.
With big players like Facebook and potentially the Chinese government now entering the space, the light touch regulatory approach is rapidly becoming infeasible. The involvement of such large organizations poses a systemic risk and bears geopolitical significance.
In the past, there was a deliberate decision made by some regulators not to enforce regulations covering cryptocurrencies as strictly as those regulations would allow. I expect this to change. There will be much stricter enforcement of regulations and greater political intervention into cryptocurrencies and how their underlying technology and policies are configured.
5. 5G Will Begin to Empower Developers
Sam Bakken, Senior Product Marketing Manager, OneSpan
I think the continued maturation of 5G and convergence of digital and physical consumer experiences with wearables, IoT, and ambient computing is going to change how we do everything. That includes driving, cooking, exercising, shopping, and banking. At the same time, we need to get our threat models organized to ensure we’re delivering these convenient consumer experiences in a secure way.
As 5G matures, it will affect developers in the following ways in 2020:
- 5G will be quite a jump in speed and quality of user experience and empower developers to develop better customer experiences. At the same time, excitement over new features and pressure to deliver them faster will lead to some developers rushing their product out the door. It will be important to ensure those fancy new apps are also secure. Remember, any benefits developers and consumers experience from 5G will also be available to attackers.
- To create better customer experiences and take full advantage of the opportunities of 5G, developers need to free up time some time in the development cycle. Organizations can accomplish this by empowering developers with proven security tools, so they can focus their time on their customer experience.
6. Open Banking will Demand New Security Methods
Matthias Valcke, Director of Sales Development, OneSpan
Open banking will have a major impact across the world. Up until now, banks were in full control of the complete consumer journey, but open banking changes this. Consumers will now consume banking services via third party applications (offered by TPPs) that are outside the control of the bank.
This calls for new security methods, in which fraud monitoring with machine learning will play a big role. Machine learning should help us understand the normal behavior of the customer. This information, combined with parameters about the safety of the user’s device, can enable fraud monitoring solutions to flag when a user’s behavior is suspicious.
7. A Move to Open Banking in the U.S. will Prompt Regulatory Technical Standards
Michael Magrath, Director of Global Regulations & Standards, OneSpan
If the U.S. moves to open banking as Europe and other jurisdictions already have, the U.S. Department of Treasury will likely follow the lead of the European Banking Authority to define regulatory technical standards and require strong customer authentication.
Today, open banking is “on hold” due to an October 2019 federal court ruling in favor of the New York State Department of Financial Services (NYDFS) against the U.S. Office of the Comptroller of the Currency (OCC). In 2018, the OCC had announced that fintechs could apply for special banking charters, which caught the ire of the banking industry concerned with an unequal regulatory playing field. The judge ruled that the OCC may not accept applications for its “fintech bank charter”. Under the originally proposed charter, licensed fintechs would have been able to perform certain banking activities, such as issuing loans. Should the OCC appeal and win, open banking may be realized in the future.
8. “Openness and Everything” Will Define Our Relationship with Technology
Mark Crichton, Senior Director of Product Management, OneSpan
Five years ago, few predicted the explosion in mobile banking that we see today, and the use of mobile devices as biometric authenticators. Over the next five years I expect to see two major trends: “Openness” and “Everything.”
We are starting to see “Openness” already with open banking standards, but this will ramp up over the next five years. Soon, there will be no known perimeter of a bank. Retailers will be banks. Credit cards will be digital. Payments through our mobile operators and handsets will be standard.
“Everything” refers to the Internet of Things (IoT) and our connected world. People will soon be able to use their refrigerators to order our groceries directly, their TV’s to purchase shows directly from our banks regardless of the content provider. Devices will be truly connected. Across all of this, security needs to assume a transparent and seamless role to ensure this innovation and connection is secure but not interrupted. That will be the role of businesses, banks, vendors, and industry standards in the years ahead.
9. Trust in Digital Identity Technology Will Grow with Regulation
Conor Hickey, Solutions Architect, OneSpan
Centralization of digital identities, whether managed by a government or trusted private body such as a financial institution, will become the norm over the coming years. The ability to prove your identity once and then use it multiple times is already in use in many countries throughout Europe. This will become more commonplace and easier to use. Having opened an account with one trusted body will allow you to seamlessly open accounts with others.
Regulation is also a necessary step to building people’s trust in digital identity verification. One of the results of regulation will be the temporary slowing down of adoption while providers understand and align to the new rules. This should, however, eventually lead to more widespread acceptance. For example, regulation of facial comparison is essential if we are to see widespread adoption, because it helps prevent misuse or even abuse of the technology.
10. Drag and Drop Functionality Will Create a New Wave of Usability for Security Products
Will LaSala, Director of Security Services, Security Evangelist, OneSpan
2020 will lead with several new features for security. The DevOps and DevSecOps teams should be on the lookout for increased efficiency tools that will help them build their applications with simple drag and drop technologies. “Drag and Drop Security”, as it is called, will be big. Developers will find that they can build workflows using new cloud-based tools. These tools will already have built-in security functionality that can be monitored by your existing Risk Analytics tools and will greatly increase the security surrounding your custom business applications. In addition, expect to see tools that focus on being able to add security to apps with the same style of tools. Where it used to take months to implement and test new security technologies with engineers that were highly focused on specific security technologies, these tools will allow for a more diversified team that can implement more security features faster than ever before.
The low code will become a major driver in these tools. Now that DevSecOps and low code are starting to merge, we will see this new wave of ultimate usability for security products.
Agreement automation tech is an early riser in this new world, but even that will become more simplistic and offer customers more ability to add security to more workflows, even in places that traditionally were seen as too complex or too difficult to add security. Security workflow management, combined with AI-based risk analytics and adaptive authentication, with simple drag and drop configurations, will be the beginning of the first true move to offering active digital security for everything a user does on the web or in mobile applications.