The cybersecurity landscape
is expanding in terms of innovations and better security practices. But at the same time, attackers are also spreading their wings beyond ransomware and phishing attacks to target everything from cloud misconfigurations and stolen credentials to managed service providers (MSPs) that have access to sensitive information.
revealed that nearly 53% of companies found over 1,000 sensitive files open to every employee. Not only does this put organizations at risk of cybersecurity breaches, but it also impacts the overall credibility and reputation of an enterprise.
From a cybersecurity perspective, what you should expect in 2020?
What are the biggest trends
that are going to impact your business? Are you adhering to the best security practices
? Is your enterprise at risk of a security breach? Are your MSPs well-protected? Is cloud computing putting you at risk of a security threat?
There’s no doubt that attackers will leverage technology
and potential loopholes to exploit your business. But understanding where their focus will be next is quite a challenge.
So here are some cybersecurity trends that might impact your business in 2020:
New Privacy Regulations for Cybersecurity
Governments around the world are implementing new privacy regulations that monitor the way companies collect and handle user data as a response to the rising global cybersecurity crisis. The first major privacy domino
fell in the European Union when they passed the General Data Protection Regulation (GDPR)
in 2016. It came into effect in May 2018.
Under the new regulations, residents and citizens of the European Union
gained greater control over how their personal data is being used by companies. Organizations have to receive consent from users before collecting, processing, storing, or selling their personal data anonymously.
Furthermore, these latest requirements
are considered the most difficult in the world, with violators subjected to fines up to 20 million euros or 4% of global revenue, whichever is higher, for noncompliance.
After the new GDPR rules, came the French regulations in January 2019, which smacked Google with a whopping fine of $57 million
. They allege the global organization lacked clarity and transparency around how personal information
of users was being collected. Moreover, the regulators also cited that Google was failing to properly get user consent before gathering their information for personalized ads.
In addition to this, the most important of these recent privacy regulations is the California Consumer Privacy Act (CCPA)
which took effect on January 1, 2020. There are nearly 40 million residents in California making it the largest state in the U.S., and the latest CCPA
will empower them with the right to know how their personal data is being sold or collected.
Residents can also reject the sale of or request the deletion of any personal information collected about them. The Act is applicable to organizations
with a gross annual revenue higher than $25 million.
Lack of Cybersecurity Professionals
Perhaps a lack of cybersecurity professionals is one of the biggest challenges that U.S. based businesses tackle. According to the Global Information Security Workforce Study
, the cybersecurity workforce
gap is estimated to hit 1.8 million by 2022.
Unfortunately, there’s no definite end in sight for this crisis. Organizations are continuously rolling out more positions for cybersecurity skilled individuals,
however, universities continue to graduate only a small amount of qualified cybersecurity professionals.
Given the current security landscape,
businesses should consider increasing their compensation packages and additional benefits to compete for the limited number of skilled cybersecurity professionals available.
Companies should also focus on providing in-house cybersecurity training to their employees.
Increasing Amount of Mobile Malware
Banking trojan malware is rapidly evolving and becoming a more prominent problem on mobile devices. Cybercriminals
often create banking apps or emails that mimic reputable banks and ask for personal information from customers. For example, credit card details, net banking credentials, passwords, PINs, OTPs, and other user bank details.
This can cause user information to fall into unsafe hands where their data can be misused for malicious activity. Some cybersecurity firms have said that these attacks are the most flexible, rapidly-developing, and dangerous kind of malware. The rising trends in malware show how attackers can quickly adapt to the changing cybersecurity landscape.
According to Kaspersky
, in Q1 2019, there were nearly 30,000 modifications of various banking Trojan families that attempted to attack about 312,235 unique users. In Q4 2018, mobile banking Trojans
accounted for about 1.85% of all mobile malware, whereas in Q4 in 2019, the percentage grew to 3.24%.
Cloud migration is becoming more popular amongst ecommerce businesses
, brick-and-mortar stores, and small scale businesses alike as retailers want to tap into the power of data to assess their customers better.
Enterprises are shifting to the cloud to store the massive amount of data they collect about their customers. Then they analyze
that data and collect relevant insights from it to improve their businesses.
can easily scale up or down in computing power and data storage as per their needs in cloud configurations. But oftentimes, companies don’t understand their role in securing their cloud infrastructure (mistakenly believing the cloud provider automatically provides a safe environment), or understand how some of their deployment configurations and architecture in the cloud leave them exposed. .
Giant companies like Netflix, Amazon, TD Bank,
have suffered massive security breaches due to cloud misconfigurations. Even a single misconfiguration in your cloud computing system can lead to the exposure of cloud-based data to attackers.
While many security experts say that cloud infrastructure has the potential to be more secure than their in-house infrastructure, firms are still responsible for securing their users’ data. Cybercriminals
may take advantage of the slightest possibility of weaknesses in your cloud computing system to access sensitive user information.
MSPs Under Attack
During 2019, cybercriminals targeted MSPs
and hacked the tools that they use for managing customer IT systems as channels for targeting the same customers. A major incident that drew global attention was when Wipro, the Indian IT outsourcing giant’s systems were compromised in a phishing campaign
that led to attacks against their customers.
It was alleged that hackers may have used an MSP tool
to connect to the Wipro client systems, which allowed them a deeper access into the Wipro customer networks.
Another MSP-related attack
occurred in August 2019, when 22 Texas county and town networks were locked behind encryption keys by using an on-premises version of the ConnectWise Control remote access tool. The networks hit by the devastating malware were all receiving services and products from Rockwell, a Texas-based MSP TSM consulting firm.
MSPs enjoy a high level of trust and access to the client’s network, which paves the way for hackers into the in-house networks of the organization and their customers’ networks.
The Butterfly Effect of Ransomware
indicate that in the first nine months of 2019, cybercriminals
launched attacks against nearly 621 government agencies, schools, and healthcare providers in the U.S. alone. Public sector organizations around the world have suffered the damage of ransomware attacks with a steadily rising momentum building into 2020 as well.
The constantly evolving ransomware attacks will have a butterfly effect that will have a massive impact far beyond what everyone has seen until now.
The effects will include:
- Cyber Insurance Rush - Despite government warnings to organizations for not paying the ransom in ransomware attacks, more enterprises are turning towards cyber insurance to protect their uptime and assets.Cyber insurance is estimated to become one of the fastest-growing markets in the cybersecurity landscape with the number of claims increasing by 39% year after year. But cybersecurity insurance is having a contrary effect - it may drive even bigger waves of attacks.
- Attackers Shift to the Cloud - With organizations shifting to the cloud, the focus of attackers has also shifted from mainstream ransomware attacks to cloud configurations.