It’s that time of year again, with 2019 behind us, and 2020 stretching far ahead. What’s to come this year is the question that most businesses will be pondering in January. We’ve made some cybersecurity predictions for 2020 and have considered:
- What do we need to prepare for?
- What has the potential to catch us off guard?
- How can we stay ahead of the pack?
Planning a year of minimal surprises requires reflection on these questions. And if the myriad recently published 2020 predictions articles are anything to go by, there is quite a bit to consider, particularly when it comes to effectively preparing your cybersecurity for the risks to come.
Cybersecurity risks of 2020
According to the cyber security consultants at Bulletproof, 1 in 5 of the penetration tests they conducted across the whole of 2019 revealed a critical flaw — a critical issue which could pose an immediate and direct risk to the business tested. That 20% percent figure is staggering, and in most cases, these businesses are completely unaware that they are operating with immediate risks lurking in their systems.
With your business exposed, that leaves open gaps where your cybersecurity defences are down. This year, the threats to exploit those gaps will be:
Following the widely publicised NHS ransomware attack in 2018 that cost the NHS £92m and 19,000 cancelled appointments, you could be forgiven for thinking that this would have set the wheels in motion to reduce attacks. But, according to the Emsisoft report, 2019 saw the highest number of Ransomware attacks ever. Based on these trends and the variations of ransomware listed by Statista you can guarantee that ransomware attacks are most definitely going to see an increase in 2020. Why do the attacks continue to rise? Quite simply because ransomware makes hackers a ton of money. In many ransomware attacks, businesses end up paying the ransom to get business back on track, hence showing hackers that it’s a lucrative business worth continuing.
E-Skimming/SIM swapping/SIM porting
As online payments become more prevalent, so too do threats like e-skimming, where hackers can skim code on e-commerce payment processing sites to steal credit card, debit card and other customer information. We reported on the growing threat from this approach in October and December of 2019 and in January 2020 Princeton University published a study that showed five major US telcos are vulnerable to ‘SIM swapping’ attacks. With these events continuing and predicted to grow further you need to look at how to control your business use of SMS for security verification.
While it may be hard to imagine falling for a scam to claim sums of money from a long lost relative or an ‘unexpected’ business contract windfall, phishing attacks increased in 2019 with the financial sector the largest target. Phishing is poised to become more sophisticated in 2020, making them harder to spot, thanks to phishing kits now available on the dark web. The consequences of falling for these attacks is also increasing from simply losing some money to exposing the data of your entire customer base.
Social media turning against us
We’ve already seen social media used to mine information, predict behaviour and manipulate individuals. This year we can expect to see social media used to attack businesses, becoming a tool through which attacks are attempted, including malware and phishing attacks. The Guardian reported in January 2020 that social media data is still being misused and that ‘global manipulation is out of control’. Cambridge Analytica misappropriated 87 million Facebook profiles and 2020 see no let-up of the illegal focus on stealing social media data.
One particularly ominous trend that began to rear its head in 2019 was the cases of security breach that involved staff members involvement, where these insiders either actively led efforts to expose security for their own gain, or they were coerced by outsiders, as was the situation in the SIM swap cases across the US and UK. As Computer Weekly reported in January 2020, clamping down in insider threats is a priority and this starts with access control to corporate data, manage this effectively and frequently and compromising an insider becomes less invasive and more controllable.
Cybersecurity predictions for 2020 – how to prepare
What all of the above risks have in common is that the threat of them can all be minimised with improvements in security, starting with passwords.
Passwords are the weak link through which most hacks break through. As such, managing passwords effectively and increasing the security around them can be the solution your business needs to ward off hacking attempts.
This can be done by implementing a Password Manager and adopting Multi-Factor Authentication. Password Management solutions allow you to control which passwords staff use, to ensure that no breached passwords are able to be used. While MFA adds an additional layer of security to ensure that, even if passwords are breached, hackers are blocked at the next stage of authentication.
To learn how you can safeguard against the cybersecurity risks of 2020, get in touch with the team of cybersecurity experts at Authlogics.