How Geopolitical Events Will Change Cybersecurity in 2020

December 19, 2019 | 2 minute read

There are three dominant geopolitical events in 2020 that will guide many cyber activities, either by providing opportunity and motivation for attackers or by muddying the waters and adding to the confusion: the US presidential election, Brexit, and the upcoming 2020 Tokyo Olympics. As we enter the New Year, we need to keep in mind how nation state evolution, new targets, and security vendor stagnation will serve as motivation for hackers.

To learn more about Cybereason’s predictions for 2020, watch the security predictions webinar.

Nation State Actors Will Evolve Faster

From the last few years it’s clear that cyber is the preferred tool adversaries use against one another for financial and political gain. In 2020, belligerent states will continue to take action, especially the usual suspects: Russia, China, North Korea, Turkey, Iran, and their preferred targets. This will be especially noticeable around global events where misinformation and disinformation have a role to play. For example, it’s unlikely Russia is too happy about being banned from competing in the 2020 Olympics.

Nation state actors have a unique advantage over other adversaries since they have arguably unlimited resources to accomplish their mission. They are not motivated by simple margin, as is more common among cybercriminal fraud actors. They work at the leading edge of attacks with the fastest evolving toolkits. Their tools will trickle down as they sell, rent and even outright give some of these toolkits to allies and the adversary community at large, fueling a year of increasingly more advanced threats across the board.

Attribution is highly unreliable already, but with the trickle down effect among cybercriminals increasing, it will be nearly impossible in 2020. The degree of specialization from nation states, hacktivists, and cybercriminals will increase regardless of the level of technical prowess, especially as MaaS continues to spread. Be wary of attempts at attribution, especially those without clear evidence. Effective attribution may no longer be possible, or at least need a massive rewrite for any level of fidelity.

Critical Infrastructure & New Technology Will Be Big Targets

Attacks targeting critical infrastructure and exploiting supply chain weaknesses are bound to increase in 2020, especially given how many high-profile events will be taking place. Couple this with threats inherent to emerging technologies like IoT devices, the rise of OT, and advances in the rollout of 5G, it will be a critical year to control assets in the event of later, more heated conflict.

As the rollout of 5G takes hold, manufacturers credibility and the physical security of devices will be called into question. Consider Huawei, whose 4G cells have a massive footprint throughout the world and can be upgraded to 5G for the most part. They are backed by the Chinese government, which will cause many to question their grander intentions.

Security Vendors Must Innovate

New security vendors will continue to innovate in 2020 to address advanced threats and make security easier for defenders. While staple technologies like SIEM and antivirus are still necessary, the industry will see the brands that have dominated for 20 years fade and a new crop of midsize, inventive companies emerge in a healthy rejuvenation of the industry.

Why? Legacy security vendors don’t have much new energy or momentum except when they acquire and sport a large feature set from merger after merger, much like a patchwork quilt with little mutual benefits. This will lead to disruption or in other cases acquisition, mergers, and potentially even break ups in 2020 as there were in 2019: Symantec by Broadcom, Carbon Black by VMWare, Recorded Future by Insight, Demisto by Palo Alto, BlackBerry finishes acquisition of Cylance, and many, many more.


With nation state evolution, new, big, showy targets, and a war of innovation between legacy and new security vendors, global change is coming in 2020. By taking steps now, we can develop and evangelize fundamental security practices to minimize the impact of any global attacks.

To learn more about Cybereason’s predictions for 2020, download the security predictions report.

Sam Curry
About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry