2020 Cyber Predictions: Compromised Identity Attacks Are on the Rise

This is part of our cybersecurity predictions series. We heard from top cyber leaders from around the industry about what challenges cyber might bring in the new year.

Heather Gantt-Evans, Chief Information Security Officer, SailPoint


“Ransomware is going to continue to evolve. We are now seeing ransomware converging with hacktivism, where companies are being hit with ransomware just due to the hacker's perceptions of a businesses' values, industry, or actions. In these situations, the hackers are not even requesting a ransom or offering to decrypt the data. We also see that ransomware gangs now have the funds to purchase zero-day vulnerabilities that used only to be accessible to nation-states. Ransomware-as-a-Service will continue to make ransomware more accessible to a wider range of attackers while also paying company insiders to deploy ransomware at their place of employment. Nation States are going to continue to invest heavily in compromising identities and using ‘live off the land’ attacks that are very difficult to detect because they do not use malware but instead use native operating system features to carry out their attacks.”

Heather Gantt-Evans, Chief Information Security Officer, SailPoint


“Cybersecurity teams in the past have struggled to trust AI decisions and alerts. However, we are being pushed into a corner due to the high demands within cybersecurity, the numerous alerts, and the resourcing shortages to learn more and more heavily, not just on automation but AI. I foresee this trend continuing to accelerate, but cybersecurity teams want vendors to provide real transparency on their AI algorithms to be able to trust, audit, and analyze AI findings/actions.”

Heather Gantt-Evans, Chief Information Security Officer, SailPoint


“In the past, cybersecurity teams have focused heavily on hardening to prevent attacks from the outside in….but compromised identity attacks are on the rise. These attacks do not require the exploitation of numerous vulnerabilities; rather, the attacker uses valid credentials to do their dirty work. Emphasizing identity outlier detection and zero trust architecture is key to preventing and detecting these types of attacks.”


###