New Year’s Resolutions represent a desire to improve oneself in an area of life that may be neglected. Most of these resolutions are focused on health, finances, or happiness. These promises for the new year provide a convenient “cutover” date for one start new habits. Unfortunately for us, cybercriminals make resolutions as well. The New Year is also a great time to reflect on upcoming trends in cybersecurity in order to better prepare oneself for the future.
This post is going to be focused exclusively on current trends within the cybersecurity industry and who is most at risk for a successful attack. “Bad guys” seem to have the specific goal of making our lives more difficult by changing tactics whenever they observe a strategy to be effective.
We will look back into this past year for insight into the areas where the greatest threat lies in 2020, based on expert analysis and the trends of 2019.
The big one. Phishing is by far the most effective and favored attack technique in the world of cybercrime. This is a technique focused on exploiting human nature using social engineering combined with technology. Attackers will utilize emails, texts, voicemails, phone calls, and even paper mail in order to convince users to perform an action.
The users have proven to be the soft underbelly of many security stacks. People are naturally curious, and attackers are willing to exploit any gap to fulfill their goals. Training, awareness, email security, and strict policies are the only real counters to a concentrated phishing campaign. Without professional user training, no cybersecurity solution is complete.
Ransomware is once again a popular type of malware that will surely be seen in 2020. Analysts predict that 2020 will see the greatest amount of ransomware in history. While this prediction is a fairly safe one (every year has set a record over the previous year since ransomware was initially conceived), this is still a frightening trend. Essentially, things are getting worse.
Security issues stress business owners, but no action is being taken by a vast majority of companies. The mindset of “it won’t happen to me” has led to increasing numbers of successful attacks year over year. Once of the most common targets for ransomware attacks is now the public sector. Schools, police departments, and even cities have been attacked. Unfortunately, there is no magic bullet against ransomware. Only a well-established security stack with robust disaster recovery solutions can defend against this threat.
This “threat” is usually a precursor to more serious incidents. The most common scenario is when a user recycles passwords throughout all their accounts. Inevitably, there will be a breach of emails and passwords at some site where they are registered. The email and password are then sold on the dark net to interested parties. These buyers will scan social media to find information about the leaked credentials.
Once a business email is discovered, they will try that leaked password with the new email. If multi-factor authentication is not enabled and the password was a recycled one, the login will be a success. From here, the attacker can freely pivot around the network for as long as they remain undetected. Account takeover/ reused credentials present a major threat to all companies. Proper password rotation, account monitoring techniques, and multi-factor authentication are the primary counters to this threat.
Denial of Service
Denial of service / distributed denial of service (DDOS) attacks are focused efforts to disrupt a network via overwhelming web traffic. Servers collapse under the weight of this simulated excessive traffic. DOS/DDOS attacks are getting easier due to the massively increased presence of IOT devices.
Some of the biggest botnets (networks of devices that are used by attackers to perform DDOS attacks) are made exclusively out of unpatched IOT devices. Yes, this means that smart fish tanks are guilty of launching attacks on some of the biggest companies in the world. These attacks can cause major impacts on business and they are growing in volume and effectiveness. DOS/DDOS attacks are generally countered through proper server configuration and services that verify traffic as legitimate before allowing connections.
An earthquake does not fit the conventional definition of a cybersecurity threat. In fact, natural disasters are very much an “IT” incident rather than a security incident. But do not underestimate criminals. When a fire takes out a major data center, conventional security pathways may be overridden in order to get the business back online. These new gaps can be exploited by crafty attackers. Unfortunately, it doesn’t stop there.
Whenever a major disaster affects a large group of people, they will inevitably interact with many unfamiliar groups and entities. Attackers will specifically target victims of disasters in order to exploit the situation. While this act may be repulsive, it doesn’t change the reality that it is a very prevalent threat.
This New Year is full of promise for cybersecurity professionals. Emerging technologies are making it easier than ever to secure enterprises against the most popular threats. Awareness is the vital first step towards resolving the most common security issues plaguing most businesses.
Year after year, the most significant undertaking for most companies proves to be the act of adopting proper security solutions and partners. A shocking number of companies hear about these threats and ignore the reality that they can (and likely will) become a victim.
Hopefully, 2020 will be the year we finally start to reduce the effectiveness of these common threats and place even greater importance on proper cybersecurity practices.
- “2019 Data Breach Investigations Report.” Verizon Enterprise, enterprise.verizon.com/resources/reports/dbir/.
- Pdesaracho@sandiego.edu. “Top Cybersecurity Threats in 2020.” University of San Diego, 14 Dec. 2019, onlinedegrees.sandiego.edu/top-cyber-security-threats/.