Guest OpEd by Gilad David Maayan
Cybercriminals are constantly looking for new strategies and exploits to damage organizations.
However, some older threats remain amongst the most common attacks on businesses.
The overall damage related to cybercrime is expected to reach $6 trillion by 2021, according to Cybersecurity Ventures.
Take a closer look at the most significant cybersecurity trends and threats for 2020.
1. Phishing Attacks
-
Phishing is a cyber attack that uses fake email messages or malicious websites to steal sensitive information like passwords, or credit card numbers.
-
Phishing attacks have been around for a long time. People are becoming more aware of the dangers of phishing emails and suspicious links that can install malware.
-
However, hackers keep creating more sophisticated attacks, which are more difficult to recognize.
-
For example, the attackers of 2020 use machine learning to quickly create and distribute fake messages.
-
Phishing schemes have become much more sophisticated, powered by Artificial Intelligence (AI) technologies that can learn corporate lingo and collect voice snippets.
-
The AI software then impersonates an employee by using real voice snippets to create authentic-sounding phone phishing scams.
-
Periodic training of employees and security teams can ensure that they are aware of all new phishing tricks and are therefore ready to confront them.
(2018 ‘ASTORS’ Award Winning CoFense Phishing Defense which combines collective human intelligence with advanced technology, enabling companies to stop phishing attacks fast. Courtesy of Cofense and YouTube.)
2. Ransomware Attacks
-
Ransomware blocks access to files or systems and demands a ransom payment from users to regain access.
-
Hackers prefer to target large corporations rather than private citizens because of a bigger financial gain.
-
In 2019, ransomware has threatened to take down large cities like New Orleans, healthcare organizations, and schools.
(Gov. John Bel Edwards declared a State of Emergency Friday following the ransomware attack on Louisiana. Courtesy of WWLTV and YouTube. Posted on Nov 22, 2019.)
-
The biggest target for ransomware attacks in 2020 will be vulnerable cloud data.
-
Attackers will exploit vulnerable cloud systems to obtain cryptocurrency by illegal means.
-
Cryptocurrencies like Bitcoin are helping to fuel ransomware attacks by allowing anonymous payments.
3. IoT Attacks
-
Smart Internet of Things (IoT) devices have changed the way organizations do business.
-
Companies use IoT devices like Radio-Frequency Identification (RFID) tags to save money by gathering large amounts of data to improve business processes.
-
The number of IoT devices is expected to reach 75 billion by 2025—this is compared to 30 billion in 2020.
-
The list of devices include tablets, laptops, routers, smart vehicles, smart homes, and other endpoint devices.
-
IoT also makes communication more vulnerable.
-
Security teams are struggling to fully handle the vulnerabilities of third-party connected devices.
-
Applying security patches to internal company devices is difficult enough, let alone external IoT devices.
-
The amount of endpoint security threats to IoT devices increased by 300% during 2019, and 2020 should see a greater increase in IoT penetration.
-
To protect the network from connected IoT, companies need to constantly protect endpoints and update relevant firmware.
(Connected devices are increasingly being used for cyber attacks. They often lack critical device protections and organizations fail to segment their networks in order to reduce the attack surface. Courtesy of Cisco and YouTube.)
4. State-Sponsored Attacks
-
Cybercrime is a major threat not just for the private sector but also for governments and the nation as a whole.
-
State-sponsored cybercriminals usually target organizations that their origin country considers to be of high interest.
-
Many companies do not consider themselves a target of nation-states attacks. Therefore, they often do not have the same level of security as in other types of attacks.
-
In 2019, China sponsored an attack on U.S government officials, and Russian hackers targeted Ukrainian diplomats.
-
State-sponsored attacks on critical infrastructure should see an increase in 2020, especially during the U.S presidential election, which is coming up in November.
(The U.S. Justice Dept. asserted Wednesday that it has linked the 2014 cyberattack on Yahoo accounts to two officers in the FSB — Russia’s Federal Security Service — and two criminal hackers. Courtesy of NBC News and YouTube.)
5. Insider Threat Attacks
-
Insider threats are security risks that originate from the targeted organization.
-
The attacker can be a current or former employee, consultant, business partner, or contractor. Organizations are becoming more aware of the potential danger of insider threats.
-
Nevertheless, the risk is still high—34% of data breaches in 2019 involved internal actors.
-
Experts expect that in 2020 employees will cause more data breaches than ever before.
-
The breaches can be intentional or the result of simple human error.
-
Limiting access to IT resources is one of the best techniques to minimize internal attacks in any business.
-
Employees need to access the minimum resources required for their job.
(See 2019 ‘ASTORS’ Award Winning ObserveIT, a leader in Insider Threat Management, which delivers comprehensive visibility into user and data activity providing security organizations with a powerful tool for protecting employees and valuable assets while saving time and resources. With more than 1,900 global customers across all major verticals, ObserveIT empowers security teams to proactively detect insider threats, streamline the investigation process and enable rapid response. Courtesy of ObserveIT and YouTube.)
6. Cybercrime-as-a-Service
-
Cybercrime-as-a-Service (CaaS) is the practice of buying software or hardware for carrying out cyber attacks.
-
CaaS creators offer services like malware, ransomware, and fraud in the black market.
-
Individuals involved are not always black hat hackers.
-
A legitimate programmer can also find a security vulnerability in a software vendor and sell it for a reward.
-
For example, Facebook encourages users to find security bugs in their system and offers a financial reward to anyone who can manage to do so.
-
As a result, programmers may be tempted to sell Facebook exploits for attractive prices in the black market.
-
As cybercrime becomes more profitable, the CaaS business model will continue to grow in 2020.
-
Companies must be proactive about protecting the security perimeter, just like hackers are about breaching it.
-
In addition, companies should create comprehensive training programs with an emphasis on emerging threats.
(Learn More about Cybercrime-as-a-Service. Courtesy of OpenVPN and YouTube.)
7. Attacks on Healthcare Organizations
-
Most healthcare organizations are moving their medical records online.
-
Medical professionals realize the benefits of smart medical equipment like smart hospital beds. However, there are still a number of concerns about safety, privacy, and security threats.
-
Patient information will be increasingly vulnerable, as more and more devices get connected to hospital networks.
-
An attacker can decrease or increase dosages, disable vital sign monitoring, or send electrical signals to a patient.
-
Hospitals can become a prime target of ransomware attacks because they are willing to immediately pay the ransom to restore the health of their systems and, consequently, the health of their patients.
(Learn More. The medical industry is the new No. 1 target for hackers, and almost all U.S. health care organizations have reported at least one cyberattack. For “CBSN: On Assignment,” CBS News correspondent Reena Ninan visits an upstate New York hospital where hackers took down the computer system for six weeks. Courtesy of CBS This Evening and YouTube.)
Conclusion
In 2020, protecting personal and proprietary consumer data should become a top priority for any and all enterprises.
Many industry leaders claim that the lack of cybersecurity is the number one threat facing the global economy.
Forward-thinking organizations will have to craft strategic and thoughtful plans for their business security.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos