Cybersecurity remains a struggle for many businesses around the world, with the COVID-19 pandemic exacerbating that challenge. Cybersecurity trends for 2020 remain centered around threats that have been prominent in recent years and which continue to develop as technology advances and cybercriminals try new ways to carry out their attacks.
Supply chain attacks: Targeting the weakest links
Supply chain attacks target the victim’s network of external suppliers who have access to the victim’s systems and data. This can include partners and third-party vendors like software developers and IT service providers. Supply chain attacks are on the rise in every industry and there is little evidence to suggest that they will let up in the foreseeable future. They can take many forms, including hijacking software updates and stealing vendor credentials. The latter is what happened when Target fell victim to a supply chain attack, resulting in 70 million customers’ personal information being stolen and $200 million in costs for the company.
Supply chains are a popular target for cybercriminals since almost every company has a network of trusted suppliers, who are often easier to infiltrate than the victim themselves. With the COVID-19 pandemic forcing many companies to turn to less secure remote and work from home solutions, there has never been a more crucial time for organizations to bolster the cybersecurity of their supply chains.
Protecting the supply chain as a whole is an involved process where all parties in the chain should have effective security measures in place. It’s best practice to set standards that all supply chain partners have to meet or, better yet, exceed as part of the business agreement. Perform due diligence on your vendors and other third parties, regularly monitor and review access to your networks and data, and establish boundaries for what your vendors can and cannot access.
Threats to the cloud
As more organizations go remote and turn to cloud services, cloud attacks will continue to be a significant threat. Attacks can come in many forms, including data breaches, account hijacking, and distributed denial-of-service attacks (DDoS), where the attacker makes websites or online services inaccessible by flooding them with internet traffic.
Cybersecurity company Trend Micro predicts that code injection attacks will be used prominently against cloud platforms in 2020. This involves injecting malicious code into a cloud platform with the aim of eavesdropping or taking control of and/or modifying sensitive data stored in the cloud.
Countermeasures that organizations can take to protect themselves from cloud attacks include data encryption, multifactor authentication for logins, and implementing a fully managed intrusion detection system.
More attacks going mobile
Similar to the cloud, mobile security is a growing risk due to the increasing ways that mobile technology is used and the increasing amount of sensitive data being accessed by mobile devices. Attacks can come in the form of data leakage from apps, mobile malware, phishing, and more.
One of the main risk areas is unsafe public Wi-Fi. In 2020, everyone should assume that all public Wi-Fi is unsecured. An organization with a mobile workforce should regulate against the use of public Wi-Fi networks, especially for entering company passwords or accessing confidential information. An increasing trend is spoofing, where cybercriminals create a public Wi-Fi network for the sole purpose of hacking those who join it. These networks look legitimate but harvest data like passwords, account numbers, and personal contact information, which can be used for phishing attacks.
Phishing attacks, where a criminal sends emails impersonating a trusted contact in order to steal things like credit card numbers or passwords, are a bigger threat on mobile devices than desktops. This is due in part to the nature of mobile device use: people are less careful about opening messages on smartphones or tablets, and these devices display less of the messages for inspection. Organizations should train their workforces in how to identify and react to suspicious emails on all their devices.
According to McAfee’s 2020 Mobile Threat Report, hidden apps are the most active mobile threat category. These apps are usually free and perform some legitimate function. However, they typically request unnecessary permissions and can bypass security measures, hide themselves from users, redirect users to ads, and collect private user data that the developers sell to cybercriminals. They are often supported by fake positive reviews in Android or iOS app stores.
These threats will continue so long as mobile devices and services continue to increase in popularity, making them highly desirable targets for money-hungry criminals. Keeping devices updated, using trusted mobile security software, and making sure you and your employees have mobile-specific security training are some ways to prevent cyberattacks on your mobile devices.
Ransomware attacks: Simple, but devastating
Ransomware is malicious software that locks users out of their IT systems until they pay the criminals to return their access. Health systems, schools, pharmaceutical companies, local government bodies, and many others have fallen victim to ransomware attacks in recent years. These can force companies out of business, disrupt supply chains, and be a huge blow to an organization’s brand image.
It’s a method of attack that is cheap, readily available as purchasable software, and effective, which means ransomware attacks will continue to be very much a part of cybersecurity trends in 2020. The most common way criminals insert ransomware into their victim’s IT system is through phishing emails. Therefore, as discussed above, the recent increase in remote working and mobile device security gaps has increased the risk of ransomware attacks.
Protecting your business from these attacks involves having the most updated security software, regularly backing up your systems, educating your staff about cyberthreats, and taking extra precautions before opening email attachments and links.
The COVID-19 effect
As the world grapples with the effects of the COVID-19 global health pandemic, cybercriminals are taking advantage of the situation to launch more attacks. With so many employees working from home, there are increased risks to sensitive data and security breaches.
According to findings by cybersecurity solutions company Check Point Software Technologies, 2020 has seen COVID-19-related phishing and malware attacks increase from under 5,000 per week in February to more than 200,000 per week in April.
The upturn included healthcare and humanitarian organizations like the World Health Organization, which reported a 500% increase in cyberattacks on its staff. There have been continued attacks on mobile, with the attackers improving their techniques to bypass security measures and place malicious apps in app stores. The quick move to the cloud as the pandemic gained momentum has also led to more attacks on sensitive cloud data.
As businesses start to recover from the effects of the pandemic, they should be taking a serious look at their existing security systems and training regimens, and consider whether they are still effective.
Cybersecurity with Zeta Sky
Zeta Sky helps businesses manage all aspects of cybersecurity, so you can focus on what you do best. If you experience a cybersecurity breach, our team will guide you through our incident response process. Better yet, contact us before a breach occurs so we can create a tailored security plan for your organization. Get in touch with our team to schedule a discovery session today.