Cybersecurity is always changing and trends in 2020 show that there is no let-up for businesses when it comes to protecting their operations and data. As technology advances, so too does the need for vigilance in cybersecurity. According to a July 2020 report by security firm McAfee, the unprecedented shift to remote work and cloud services following the COVID-19 pandemic has resulted in large increases in cyberattacks across industries:
- Energy and Utilities +472%
- Financial Services +571%
- Manufacturing +679%
- Government +773%
- Education +1,114%
- Transportation and Logistics +1,350%
US figures for January to April, 2020
In this article, we look at some cybersecurity trends for this year and beyond to help you make smarter decisions around your business and its cybersecurity needs.
Persistence of phishing and ransomware
Phishing has long been a popular attack method of cybercriminals and evidence points to attacks continuing to evolve in complexity into the foreseeable future. So far in 2020, as pandemic restrictions have forced organizations to make the transition to the cloud and remote work, criminals have tried to exploit the new security challenges. There has been a huge increase in phishing emails using terms like “Coronavirus”, “COVID-19 test”, or “SBA Loans” to trick users into clicking links or opening attachments. Expect this trend to continue through to 2021, including attempts to leverage the term “vaccine” as one becomes available.
One of the most prevalent types of phishing attacks involves the criminals impersonating their victims’ employers or colleagues. They send an email out to try to convince victims to wire them money or share login credentials. Attacks like this have caused billions of dollars in losses in recent times and the more data collected from successful breaches, the more information cybercriminals can use to create increasingly convincing phishing emails.
There is also evidence that shows SMS phishing, also known as “smishing”, is gaining traction. This is where malicious text messages (rather than email) are used to trick people into giving away their personal data. This is particularly dangerous for two reasons, the first being the huge number of people who use mobile devices. Secondly, research shows that most people are far less vigilant towards text messages than they are toward emails or social media messaging platforms. As with email, cybercriminals are exploiting the COVID-19 pandemic to launch smishing attacks by posing as medical bodies or governments issuing COVID-19 advice.
Businesses are no safer from ransomware attacks, either. The United States saw an unprecedented number of ransomware attacks in 2019, impacting businesses, government agencies, education institutes, and healthcare providers. This is predicted to continue well into 2020 and beyond.
Instead of relying only on existing cybersecurity solutions like antivirus software, spam filters, and ad blockers, organizations should invest in employee awareness training and solid business continuity and disaster management plans to better protect against phishing and ransomware.
Growth of IoT cybersecurity risks
IoT (Internet of Things) technologies are becoming increasingly popular, as they help automate everything from industrial supply chains and inventories down to the personal devices we use in our daily lives. 5G networks will be able to connect many more IoT devices, which is great for convenience, but not so great for security. More connected devices means more points that attackers can target, more communication channels that can be hacked into, and more vulnerable software (like web applications) to exploit.
Cybercrime experts fear that IoT is spreading faster than it can be secured. IoT devices generate data, meaning service providers are responsible for managing and protecting more and more of it. This could be confidential business data or personal activities from inside your office or home, neither of which you want in the hands of criminals. Many researchers predict that as the use of IoT devices increases, so too will incidents of devices being hacked or compromised.
To better protect sensitive information, organizations need to consider their IoT network and its risk factors as one system. This approach works better than focusing on individual parts of the network. Holistic security should be a priority early on when building out the IoT system. Every device added to the network should be configured with security in mind. Most importantly, using strong passwords (not the defaults), multi-factor authentication (MFA), and encryption.
The double-edged sword of artificial intelligence
There’s no doubt that we are becoming more reliant on artificial intelligence (AI). Many benefits are clear: Things are more connected online and automated, making our lives easier. In terms of cybersecurity, AI technology has lowered the costs of detecting data breaches and made responding to them faster. AI is making it a lot easier and quicker to resolve issues in incident response, reducing the effort, costs, and the chances of human error involved with manually addressing those incidents.
However, security experts warn that cybercriminals are beginning to exploit the very technology that makes AI so useful. A recent concerning trend is the use of deepfakes, which use AI to create fake, but incredibly convincing, audio and videos. Deepfakes can make it seem like anyone is saying or doing something they never actually said or did.
It’s obvious just how dangerous this digital impersonation can be, especially when it depicts world leaders, politicians, and other influential individuals. Several organizations have already fallen victim. The most notorious of these was in 2019 when an executive at a British energy firm was tricked into transferring nearly a quarter of a million dollars to cybercriminals. The criminals had used voice-cloning technology to make it seem the transfer request was coming from the German parent company’s CEO. The British executive believed the voice he was hearing over the telephone belonged to his German boss, recognizing both the quality of the voice and the accented English.
The possibilities of the criminal use of AI could be endless, but so too can the defensive and preventative measures to protect businesses. AI companies are creating more advanced algorithms all the time to deal with these issues. But technology is only part of the equation — organizations also need to educate their employees, as well as adopt, at the very least, basic cybersecurity best practices such as keeping staff well trained, using a good security package, and performing regular system backups.
Cloud computing as our new normal
This prediction is a no-brainer: The future of business is in the cloud. Large segments of education, healthcare, and commerce are already there. Cloud services are the fastest-growing areas of IT spend across industries, and it’s predicted that global spending for public cloud services will reach $277 billion in 2020.
The advantages of the cloud are obvious: It enables businesses to do everything they do already, but much more efficiently, quickly, and securely. Cloud services boost innovation and increase speed to market. Businesses who migrate to the cloud are more agile, and gain greater insights by drawing from larger pools of data.
But with increased reliance on cloud services comes heightened focus on security issues. The very speed and ease with which the cloud is being adopted by enterprises is a cause for concern, as it can make security harder to control. And often it’s the most basic security issues that pose the greatest risk.
A good example of this is from a recent IBM Security study which found that the most common way cybercriminals target cloud environments is through cloud applications, taking advantage of configuration errors and other vulnerabilities. The study found that data theft was the top focus of cybercriminals targeting cloud environments, but they also exploited cloud resources for delivering ransomware (locking users out of their IT until a ransom is paid) and cryptomining (commandeering computing resources to perform work that can be converted into digital currency like Bitcoin).
As with combatting other cyberthreats, it’s important for businesses to be proactive with their cloud security. Basic steps include turning on multifactor authentication, setting up next generation firewalls, and performing regular backups. Seeking expert advice from cybersecurity professionals will ensure your cloud network is secure. But perhaps the easiest and most effective way to counter these threats is by ensuring everyone who accesses the cloud network and its data is well trained in cybersecurity best practices.
How to meet these challenges
Cybersecurity can seem overwhelming, especially if you are new to it. As we have seen, to avoid falling victim to cybercrime, it’s best to be proactive with your cybersecurity approach. And the best way to do this is by creating your own cybersecurity policy. Zeta Sky offers free cybersecurity training and can help you create this policy for your organization.
We help businesses manage all aspects of their cybersecurity, so they can focus on what they do best. If you experience a cybersecurity breach, immediately contact our Incident Response Team. They will rapidly assess your situation, detect the threat, and begin remediation through our incident response service. Better yet, contact us before a breach occurs so we can create a tailored security plan for your organization. Get in touch with our team to schedule a discovery session today.