Cybersecurity is a very serious issue for 2020 -- and the risks stretch far beyond the alarming spike in ransomware.
In addition to the daily concerns of malware, stolen data and the cost of recovering from a business network intrusion, there is the very real danger of nefarious actors using cyberattacks to influence or directly impact the outcome of the 2020 U.S. general election.
Today, every company that has a computer or any connected devices or software should see itself as a "tech company." Every individual with a smart TV, virtual assistant or other Internet of Things (IoT) device could be at risk as well -- and the risks include being victimized by cyberstalkers or having personal data compromised.
"We are seeing growing attack surfaces -- for example, automotive, drones, satellites and hardware components," said Michael Sechrist, chief technologist at Booz Allen Hamilton.
There is also "increased obfuscation from sophisticated actors -- that is, malware code reuse and similarities," he told TechNewsWorld.
"Several major domestic and international events will likely provide attackers opportunities for digital disruption across large and small companies and governments alike," Sechrist said.
Although everyone who's connected in this increasingly connected world is a potential target, understanding the risks can help alleviate the overall threat.
"The main threat companies face is in not adequately keeping pace with the ever-evolving security threat landscape," said Ellen Benaim, information security officer at Templafy.
"It is a constant battle to keep abreast of the latest issues. To make matters worse, we predict that in 2020 cyberthreats will become more frequent and sophisticated, spanning a wider attack surface and causing a more deadly impact," she told TechNewsWorld.
Old Threats Still Have Teeth
Many of the same threats that have been around for years will continue to pose real problems in 2020. Among them are phishing attacks.
"Phishing is essentially tricking others into taking an action that can be profited from," said Tom Thomas, adjunct faculty member in Tulane University's Online Master of Professional Studies in Cybersecurity Management program.
"Since all those millions are still sitting in a bank in Nigeria for over 20 years now, I am sure phishing is here to stay as long as people are greedy and easily tricked," he told TechNewsWorld.
"Education is quite common, but these scams are evolving as well -- and some of these email scams are very believable unless you look closely, which most people do not," warned Thomas.
Another cybersecurity threat is one that isn't really an attack, but rather a problem due to overworked -- and at times underpaid -- software designers. This is the issue of software errors, and those errors can result in exploits that hackers and other criminals can target.
"These are valid concerns, and with the rise of software as king in the IT space, this means that developers are going to have to address security within their code, new and old," said Thomas.
Threats From Within
One overlooked area of cybersecurity is who has legitimate access to the data, and whether those individuals can be trusted. Edward Snowden is just one example, but the issue has plagued tech companies for years. In the spring of 2018, Apple had to fire an employee for leaking details of the company's software roadmap.
This problem is likely to get worse, as there is now a cybersecurity worker shortage, and companies are being less diligent when it comes to new hires.
"A big threat facing companies in 2020 is the insider threat," said Templay's Benaim.
"Whether it is deliberate or not, the impact of these threats can be devastating," she added.
"Insider threats can manifest in a number of ways -- for example, an overtired employee might simply forward confidential data to the wrong recipient," Benaim said, "or a disgruntled former employee might download customer records from a CRM tool with malicious intent. Both scenarios could lead to a severe data breach, triggering inordinate fines for your company under GDPR."
Pointed Attacks
Even trusted employees can make critical mistakes. Hackers use social engineering techniques to breach a network and gather sensitive data as well as tools to encrypt data or break security systems.
In 2020 we could see "more multi-layer spearphishing, where multiple targets inside a business are used to gather information and gain access," warned Laurence Pitt, global security strategy director at Juniper Networks.
"The delivery mechanisms will also be more complicated," he told TechNewsWorld.
"Any threat that costs money, and especially where it affects public money -- government and healthcare -- will remain newsworthy," Pitt added.
"We'll see more attacks using common vectors, such as phishing, download via malvertising, etc.," he predicted, "but also attacks that use old methods with new vectors. The Masad Stealer attack, reported by Juniper Threat Labs in late 2019, is a good example of this, where data and money was stolen via malware injected into a used and respected piece of software."
0 Comments