The
cybersecurity landscape is expanding in terms of innovations and better security practices. But at the same time, attackers are also spreading their wings beyond ransomware and phishing attacks to target everything from cloud misconfigurations and stolen credentials to managed service providers (MSPs) that have access to sensitive information.
A
report revealed that nearly 53% of companies found over 1,000 sensitive files open to every employee. Not only does this put organizations at risk of cybersecurity breaches, but it also impacts the overall credibility and reputation of an
enterprise.
From a cybersecurity perspective, what you should expect in 2020?
What are the
biggest trends that are going to impact your business? Are you adhering to the
best security practices? Is your enterprise at risk of a security breach? Are your MSPs well-protected? Is cloud computing putting you at risk of a security threat?
There’s no doubt that attackers will
leverage technology and potential loopholes to exploit your business. But understanding where their focus will be next is quite a challenge.
So here are some cybersecurity trends that might impact your business in 2020:
New Privacy Regulations for Cybersecurity
Governments around the world are implementing new privacy regulations that monitor the way companies collect and handle user data as a response to the rising global cybersecurity crisis. The first
major privacy domino fell in the European Union when they passed the
General Data Protection Regulation (GDPR) in 2016. It came into effect in May 2018.
Under the new regulations, residents and citizens of the
European Union gained greater control over how their personal data is being used by companies. Organizations have to receive consent from users before collecting, processing, storing, or selling their personal data anonymously.
Furthermore, these
latest requirements are considered the most difficult in the world, with violators subjected to fines up to 20 million euros or 4% of global revenue, whichever is higher, for
noncompliance.
After the new GDPR rules, came the French regulations in January 2019, which smacked Google with a
whopping fine of $57 million. They allege the global organization lacked clarity and transparency around how
personal information of users was being collected. Moreover, the regulators also cited that Google was failing to properly get user consent before gathering their information for personalized ads.
In addition to this, the most important of these recent privacy regulations is the
California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. There are nearly 40 million residents in California making it the largest state in the U.S., and the latest
CCPA will empower them with the right to know how their personal data is being sold or collected.
Residents can also reject the sale of or request the deletion of any personal information collected about them. The Act is
applicable to organizations with a gross annual revenue higher than $25 million.
Lack of Cybersecurity Professionals
Perhaps a lack of cybersecurity professionals is one of the biggest challenges that U.S. based businesses tackle. According to the
Global Information Security Workforce Study, the
cybersecurity workforce gap is estimated to hit 1.8 million by 2022.
Unfortunately, there’s no definite end in sight for this crisis. Organizations are continuously rolling out more positions for
cybersecurity skilled individuals, however, universities continue to graduate only a small amount of qualified cybersecurity professionals.
Given the
current security landscape, businesses should consider increasing their compensation packages and additional benefits to compete for the limited number of skilled cybersecurity professionals available.
Companies should also focus on providing in-house cybersecurity training to their employees.
Increasing Amount of Mobile Malware
Banking trojan malware is rapidly evolving and becoming a more prominent problem on mobile devices.
Cybercriminals often create banking apps or emails that mimic reputable banks and ask for personal information from customers. For example, credit card details, net banking credentials, passwords, PINs, OTPs, and other user bank details.
This can cause user information to fall into unsafe hands where their data can be misused for malicious activity. Some cybersecurity firms have said that these attacks are the most flexible, rapidly-developing, and dangerous kind of malware. The rising trends in malware show how attackers can quickly adapt to the
changing cybersecurity landscape.
According to
Kaspersky, in Q1 2019, there were nearly 30,000 modifications of various banking Trojan families that attempted to attack about 312,235 unique users. In Q4 2018,
mobile banking Trojans accounted for about 1.85% of all mobile malware, whereas in Q4 in 2019, the percentage grew to 3.24%.
Cloud Misconfigurations
Cloud migration is becoming more popular amongst
ecommerce businesses, brick-and-mortar stores, and small scale businesses alike as retailers want to tap into the power of data to assess their customers better.
Enterprises are shifting to the cloud to store the massive amount of data they collect about their customers. Then they
analyze that data and collect relevant insights from it to improve their businesses.
Businesses can easily scale up or down in computing power and data storage as per their needs in cloud configurations. But oftentimes, companies don’t understand their role in securing their cloud infrastructure (mistakenly believing the cloud provider automatically provides a safe environment), or understand how some of their deployment configurations and architecture in the cloud leave them exposed. .
Giant companies like
Netflix, Amazon, TD Bank, and
Ford have suffered massive security breaches due to cloud misconfigurations. Even a single misconfiguration in your cloud computing system can lead to the exposure of cloud-based data to attackers.
While many security experts say that cloud infrastructure has the potential to be more secure than their in-house infrastructure, firms are still responsible for securing their users’ data.
Cybercriminals may take advantage of the slightest possibility of weaknesses in your cloud computing system to access sensitive user information.
MSPs Under Attack
During 2019, cybercriminals targeted
MSPs and hacked the tools that they use for managing customer IT systems as channels for targeting the same customers. A major incident that drew global attention was when Wipro, the Indian IT outsourcing giant’s systems were compromised in a
phishing campaign that led to attacks against their customers.
It was alleged that
hackers may have used an MSP tool to connect to the Wipro client systems, which allowed them a deeper access into the Wipro customer networks.
Another
MSP-related attack occurred in August 2019, when 22 Texas county and town networks were locked behind encryption keys by using an on-premises version of the ConnectWise Control remote access tool. The networks hit by the devastating malware were all receiving services and products from Rockwell, a
Texas-based MSP TSM consulting firm.
MSPs enjoy a high level of trust and access to the client’s network, which paves the way for hackers into the in-house networks of the organization and their
customers’ networks.
The Butterfly Effect of Ransomware
Reports indicate that in the first nine months of 2019,
cybercriminals launched attacks against nearly 621 government agencies, schools, and healthcare providers in the U.S. alone. Public sector organizations around the world have suffered the damage of ransomware attacks with a steadily rising momentum building into 2020 as well.
The constantly evolving ransomware attacks will have a butterfly effect that will have a massive impact far beyond what everyone has seen until now.
The effects will include:
- Cyber Insurance Rush - Despite government warnings to organizations for not paying the ransom in ransomware attacks, more enterprises are turning towards cyber insurance to protect their uptime and assets.Cyber insurance is estimated to become one of the fastest-growing markets in the cybersecurity landscape with the number of claims increasing by 39% year after year. But cybersecurity insurance is having a contrary effect - it may drive even bigger waves of attacks.
- Attackers Shift to the Cloud - With organizations shifting to the cloud, the focus of attackers has also shifted from mainstream ransomware attacks to cloud configurations.