As we begin 2020, here are 10 cybersecurity trends to look for in the coming year.
- Cloud usage will grow; cloud attacks will be more frequent and harder to identify
As more firms use cloud providers for data storage as well as infrastructure purposes, there will be cloud-related security ramifications. Cybercriminals are finding it harder to precisely target a firm’s resources and are likely to rely on increased frequency of attacks to increase their chances of success. Relatedly, investigations into cloud-related incidents have taken on more complexity, as seen with the recent Cloudhopper breach.
Ransomware will be more targeted
While the number of generalized ransomware attacks has declined over the past several years, the number of targeted ransomware attacks has grown and will likely to continue to do so. Attackers are expected to focus their ransomware attacks on companies that could be more likely to make substantial payments. Additionally, criminals using ransomware are increasingly threatening to publish potentially damaging information online, rather than just scrambling files.
Connected devices will be at risk
As the Internet of Things (IoT) continues to grow, so too will the use of these connected devices as a vector for cyber-attacks. Smart TVs, smart watches, smart cars, and smart houses will continue to be targets. And the increased adoption of 5G will create an ever-larger network of connected devices to target.
Artificial intelligence (AI) use for cybersecurity use will grow, and so will blind spots
Security teams will expand their use of AI for identifying threats. And as suggested in Forbes, security blind spots in the form of missed threats and false positives will likely be on the rise as a result of potential bias in AI models. Diversity in data models and security teams will be needed to combat these potential weak points.
And while AI use is growing in combatting cybercrime, its use is likewise on the rise by cybercriminals themselves. Phishing efforts are being enhanced with machine learning to automate campaigns, improve algorithms, A/B test, and more.
Hacktivists will flood companies with privacy regulation requests as a means of attack
In a twist on the distributed denial-of-service (DDoS) tactic, criminals will likely use newly enforced privacy regulations as an attack vector. According to IBM security, hacktivists and crooks may flood companies with individual rights requests at a scale that drains firms of time, resources, and computing power.
Credential stuffing will grow
As we saw with the hack attack on the new Disney+ streaming service, in which thousands of account credentials were hacked and made available for sale, credential stuffing is likely to increase in 2020 as well. Credential “stuffing” is the practice in which attackers cycle though lists of existing stolen credentials from other services, in hopes that accounts on additional services will use the same ones. If stronger password management techniques are not implemented, the dark web will be stuffed with logins for sale.
Mobile devices will be targeted more
The use of mobile phones as an attack vector is on the rise. Not only that, but based on the multitude of mobile zero-day vulnerabilities over the past year, the complexity of the attacks is also increasing. With a phone in nearly every pocket, cybercriminals know there’s a wallet’s worth of tempting data and cash nearby. The good news is that in reaction to a high level of SIM swapping attacks in the past year, firms are moving away from text message-based authentication codes in favor of mobile apps specific for multi-factor authentication.
The end of Windows 7 support will cause security problems
The imminent sunset of support for Microsoft (insert REG) Windows 7 will likely lead to increased vulnerabilities. As happened with Windows XP, attackers may leverage the lack of OS patching to gain entry into systems still using the old operating system software. And of course, Windows will always be a target, and you should ensure your systems are always using the latest patches.
More nation-states will pursue cybercrime
State-sponsored cybercrime is a persistent and growing threat. The “Big Four” -- Russia, China, Iran, and North Korea – continue to be a concern and trends have indicated that India, Pakistan, Vietnam, United Arab Emirates, Saudi Arabia, Qatar, Brazil, Romania, and others are joining in, using hacking tools and ransomware against adversaries. We should expect an increase in destructive malware attacks in North America and Europe.
Companies will improve their cybersecurity
Per Kaspersky, businesses and organizations are seeing a rise in their levels of security, both in terms of infrastructure hardening and general preparedness. While bad news for cybercriminals, that news is certainly good for the rest of us, and something to look forward to in the year ahead.
How ACA Can Help
ACA Aponix offers the following solutions that can help protect your company from cybersecurity risk:
- Cybersecurity and technology risk assessments
- CCPA compliance assistance
- Microsoft Office 365 security assessments
- Vendor diligence and management
- Phishing testing and cyber awareness training
- Cyber incident response planning
- Threat intelligence
For more information, contact email@example.com or your ACA consultant.