7 Cybersecurity Trends and Threats to Expect in 2020Mayleen Meñez
Cybersecurity is a fast-evolving game of wits where hackers and defenders continue to outmaneuver one another. Staying up to date with the latest trends in cybersecurity is not only beneficial; it’s imperative for everyone involved.
Large-scale data breaches always make it to the headlines – like this year’s Facebook, Toyota, Microsoft, and American Medical Collection Agency attacks. But the attacks are becoming less discriminatory – with hackers targeting more small businesses and consumers directly. This year saw a 50% jump from 2015 in the number of data breaches. The Tech Republic notes that organizations suffered over 3,800 data breaches in 2018.
Attacks are rising, not just in numbers but also in complexity. Cyberattacks are becoming more tenacious and sophisticated as technology continues to progress.
In 2020, be aware of the following trends in cybersecurity:
7 Cybersecurity Predictions for the Year 2020
If you want to survive 2020 without facing losses in your business or your account because of cybercriminals, you have to be aware of what you should avoid so you can come up with the right counterattack or prevention strategies. Here are some that you must know about 2020’s cybersecurity scene:
1. The Evergreen Phishing Threat
Phishing attacks remain a popular means among cyber thieves and attackers to steal credentials and identities, distribute malware, elicit fraudulent payments, commit crypto-jacking (cryptocurrency mining), and the like, and the threat is not going away any year soon.
The same goes for ransomware attacks, which continue to provide a solid source of income for international cybercrime. Adequate protection requires not just proper cybersecurity training for all employees and business partners, but also in-depth security and vulnerability management to prevent attackers from obtaining confidential information used in phishing attempts.
2. Risks Related to IoT Devices
In the race to deliver new products and technologies, security is seldom the first consideration, so it’s no surprise that the booming IoT (Internet of Things) space has brought a wealth of security blunders. Hard-coded credentials, insecure wireless communication, unencrypted personal data, unverified firmware updates, vulnerable web interfaces – the list goes on.
Compromised IoT devices such as routers and NAS servers can provide access to communications and data, serve as points of entry for further attacks, or act as DDoS attack drones, while home automation products and wearable can be used to steal personally identifiable information and other data useful to criminals.
3. AI on Both Sides of the Barricade
Advances in artificial intelligence (AI) are bringing machine learning technologies into more and more products in all market segments, including cybersecurity. Deep learning algorithms are being used for face detection, natural language processing, and threat detection. However, AI is also being weaponized by cybercriminals to develop increasingly sophisticated malware and attack methods, requiring organisations to deploy advanced heuristic solutions rather than relying on known vulnerability and attack signatures.
4. Mobile vectors will become more common
We are seeing a multiplying number of mobile devices being used by employees. As the number rises, so does the volume of business data gathered on them. We can expect a surge in recorded data breaches related to mobile device use and misuse, even if the direct business impact of mobile malware is low. All devices used to access company systems are endpoints to secure as well, with reliable access to web applications with real-time risk and vulnerability management.
Hackers are increasingly attacking the vulnerability of devices as more businesses and consumers rely on their mobile phones. Fraudulent mobile transactions and bogus mobile apps will continue to increase next year. Additionally, as the Internet of Things (IoT) become integral to industries, attacks on multiple endpoints will become more prevalent in 2020.
5. Drones Can be New Pathways for Intelligence-Gathering
To date, the security concern around drones has been around the physical damages it could perpetrate. In 2020, we could start seeing attackers concentrate on exploiting how to exploit the data collected by drones and use it for corporate espionage and other cybercrimes.
Beyond the physical damages that drones can potentially cause, the longer-term opportunity for attackers is to employ drones as a pathway to steal – and manipulate – sensitive information. Goldman Sachs recently predicted that businesses would spend more than $17 billion in the next five years on drone functionality. With an emphasis on innovation and development, we need to treat these devices the same as any other IoT device that gathers and stores sensitive information. In both cases, comprehensive data protection and security software need to be set in place to protect all the data within the device.
Organisations need to determine who can control the drone’s activities, what information the drone is storing, how access to that information will be managed and monitored, and ultimately, who’s accountable to secure it. A security framework also needs to be established, to mitigate regulatory and compliance challenges and other vulnerabilities.
6. The Ransomware Butterfly Effect
Reports indicate that in 2019, there were around 600-700 ransomware attacks on U.S. government agencies, schools, and healthcare providers. Ransomware attacks continue to plague the world and even gain momentum this 2020. With these attacks aimed at disruption and destabilizing systems, cities and towns need to improve their approach to becoming cyber resilient.
The constant attacks will have a butterfly effect beyond what we currently see. The effects include:
Attacker Innovation Shifts to the Cloud: Attackers seem quieter with the absence of ransomware attacks (e.g. Petya), but it’s because their focus is on maximizing the malware they have invested in, and that has been around for years. These malware families continue to be useful mostly because many organizations still neglect to adhere to proper security protocol and stick to basic patches. Attackers continue to explore how to monetize their assaults further. For example, if they have malware that is steadily performing in Windows environments, attackers will level up the attack by accessing a greater diversity of systems, like cloud, fog, and edge environments, for instance. Innovations in ransomware for Linux are foreseen to take broader advantage of digital transformation trends.
Cyber insurance is the fastest-growing market related to cybersecurity, projected to be a $7 billion market in the U.S. alone. However, the increase of investment in cybersecurity is having a contrary effect – the influx of more complex cyberattacks.
Attackers will target organizations with cyber insurance because those organizations they can pay. Insurance companies evaluating the cost benefits of a payout will most likely pay if the cost of the ransom is less in value than the needed downtime in rebuilding a network. In the end, this gold rush will serve attackers well, turning over the power in their direction, fueling resources and spurring the need for policy changes and disruption across the insurance industry.
7. Biometrics Build a False Sense of Corporate Security
With biometric authentication (fingerprints, facial data, or retinal scans) becoming increasingly mainstream, it is growing an unfounded complacency when it comes to security. Although it’s a given that biometrics is a more secure authentication method with its traditional, key-based authentication system, it is not spared from attackers who want to access what lies behind all these secure authentication methods.
Organizations must be aware that every time a biometric system authenticates a user to a device, that biometric data need to be encrypted to protect the assets behind the authentication.
Moreso, organizations also need to protect all tokens generated from the network authentication. That token may potentially be compromised by attackers, giving them access across the network, including access to administrative and privileged credentials to accomplish their goals – all while masquerading as a legitimate, authenticated employee.
Cybercriminals are upping their game this 2020. You have to be watchful and come up with strategies to counter possible attacks. But first things first. Keep your devices safe, at least with antivirus software installed in them. Firewalls should be present too. We need to know how antivirus software works and why we should have one. The best antiviruses can at least alert you – if it can’t stop cybercrimes – that someone is attempting to take over your computer.
The internet is so useful, but it can also be a scary place. Be informed about the possible new threats coming in 2020 and be sure to prepare even before they become real.