Cybersecurity threats change every year as hackers adapt and beat out the security measures and exercises put in place. Cybersecurity is always developing and improving, but cyber hacking seems to always get one step ahead. Although trends can change quickly, CSO Online surveyed cybersecurity professionals about the 5 biggest cybersecurity threats of 2019 and how organizations should adjust in 2020 in relation to these threats.
1. Malware on devices
Endpoint security has always been a challenge for organizations. Almost “half of all organizations” (Source) experienced malware attacks on company devices and employee-owned devices in 2019. This type of cyber attack has been the most expensive attack, averaging almost $3 million per incident (Source). Cybersecurity professionals believe that employee-owned devices will become bigger targets and become more susceptible to malware as companies are more willing to let employees use personal devices. Allowing employees to use personal devices has a lot of benefit for companies, which we explained in our last blog post – it will reduce costs, become beneficial when working remotely, and it appeals more to employees.
However, if precautions are not taken or security measures are not put in place on an employee-owned device like they would be on a company-owned device, it gives cyber criminals an easier way to infiltrate company files and information. The best way to combat this is to revise policies applied to employee-owned devices. If employees are accessing any business files on their personal devices, these devices should be treated like company devices with security measures put in place and employees should receive security training so they can understand the risks of using personal devices for work.
A number of breaches in the past year involved phishing, and the people behind this kind of attack are only getting better and smarter. In addition to this, there are “phishing kit developers” (Source) that come with security and evasion features at low prices, making it easy for anyone to get into the phishing market. Cybersecurity professionals have already seen phishing kit developers begin to refine their products and they are expected to continue to do so, meaning phishing will require an even smaller skill set opening up this scam to more criminals. In 2020, companies are starting to realize the importance of staff security awareness and are increasing security training, as they should. This will be beneficial for employees, but at the same time scammers are always evolving and finding new ways to look legitimate. The only way to combat this is to also evolve and improve your training and security, and put different policies in place – for example, multi-factor authentication.
3. Ransomware Attacks
Ransomware attacks are not the most common security incident, but they can become the most expensive attack for a company. There were a lot of reports of ransomware attacks in 2019, especially in government agencies, and the average cost per enterprise level incident was around $1.5 million (Source). Endpoint protection is getting better at detecting ransomware, but just like with phishing and malware, ransomware developers are quickly learning and understanding the techniques used against them. In 2020, ransomware will most likely begin to change or add traits to confused anti-ransomware protection and to appear to be from a trusted source. Ransomware consistently targets infrastructure, smart cities and organizations. There were even ransomware attacks seen on “Network Attached Storage”, even though NAS is considered secure and safe. Cybersecurity professionals say that for 2020, the best defense against ransomware is to have current backups that are tested and checked on.
4. IoT Vulnerabilities
The growth of IoT is escalating but it is extremely difficult to predict it’s growth or decline. A research firm, Statista, “estimates there will be between 6.6 billion and 30 billion internet-connected devices in 2020” (Source) – this range is too wide for any accurate or relevant predictions to take place. IoT can be one of the biggest threats to organizations because the multitude of devices can often be misconfigured, unpatched and “unmanaged because they don’t support endpoint security agents”. Because of this, these devices can be easily compromised and give cyber criminals access to corporate networks where they can launch ransomware attacks, steal information and more. Cybersecurity professionals believe that the risk from exposed IoT devices will increase in 2020 as the number of connected devices increases. To combat this problem, companies should implement new defense strategies, including stronger network segmentation, restrict remote access by third-party vendors and network security monitoring to detect IoT attacks and stop them before they can do any real harm
Cybersecurity professionals are predicting that cryptomining will actually decline in 2020, which is good news! It was not considered one of the most frequent types of attack in 2019, but it was definitely considered to be one of the costliest, with an average cost of about $1.6 million. Mining has been declining throughout the last few years, and in 2020 this is expected to continue. Cryptomining also fluctuates with cryptocurrency value, so as it goes up you can expect more attacks. However, there has not been a steady incline in cryptocurrency value, so cryptomining has become less profitable. It is still important to use security solutions that can detect cryptomining threat and stay on top of cryptocurrency values.