A new decade has begun. The roaring 20s bring hope for a better world, but will 2020 bring hope for a more secure one too?
In 2019, we saw the usual tsunami of cybercrimes. Data breaches, yet again, increased. By the first half of 2019, there had been 4.1 billion data records exposed, a 54% year-on-year increase.
We watched as privacy took center stage and big tech giants like Facebook faced fines of $5 billion; a fine 20 times higher than any previously issued for cybersecurity or privacy violations.
With cybersecurity prevention now a normalized company activity, rooted in our everyday operations, will 2020 be a cybercriminal’s dream and a nightmare for our business?
Three Cybersecurity Trends in 2020
Although we do not have a crystal ball to tell the future, we can make informed guesses at the type of cybersecurity events we may experience in 2020. If we have learned anything from 2019, it is that cybercrime is a business. Gone are the days where hackers broke into IT systems just for fun or to make a political statement. These types of cybercrimes will still occur, but the most frequent and damaging will be those attempting to steal data and/or money. How they achieve that is where the predictions come in. Here are our top suggestions for areas to watch out for in 2020.
Not gone yet, phishing
Phishing will continue to be the number one way to steal data, login credentials, and infect machines with malware in 2020. Why? Because it is very successful. Phishing is based on social engineering, in other words, the fraudsters use our natural behavior to execute the phish. In 2019, 99% of cyber-attacks were initiated by a human being and phishing is a great way to get humans to do the bidding of the cybercriminal. Expect phishing to continue in email form and increase as SMShing (SMS text phishing).
Deep-faked business compromise
The first possible deepfake initiated Business Email Compromise (BEC) occurred in 2019. A British CEO was tricked by a deep fake voice call to move around $240,000 into a fraudster’s account thinking it was a partner company. Deepfakes, which are based on artificial intelligence technology, are becoming common. Data & Society, identified the use of “cheap fakes”, making technology now widely available. We predict that in 2020 we will see more cases of deepfake Business Email Compromise scams. Analyst, Forrester concurs, predicting deepfake BEC scams to bring in $250 million in 2020.
Better security fights back
We don’t think it’ll be all doom and gloom in 2020. We are seeing changes in the security industry, where smart technology is being used to fight back against cybercrime. Agent-based Endpoint Detection and Response (EDR) technology is being made more easily available via managed services to SMBs. In 2018 and 2019, cybercriminals switched focus to the smaller organization. The 2019 Verizon Data Breach Investigation Report found that 43% of SMBs had suffered a cyber-attack. With better technology in 2020, we are hoping this trend changes and we see a downward trend in cyber-attacks against the SMB.
A 2020 Cybersecurity Checklist
With these predictions for 2020 in mind, here is our checklist to help keep your company keep cybersecurity safe this coming year and beyond.
- Be aware: Use security awareness training to make sure your entire workforce is aware of the types of tricks fraudsters play. Teach them how to recognize the warning signs of phishing.
- Use smarter security: Security is a process, not a point solution. Use modern security tools for a modern threat. Make Endpoint Detection and Response (EDR) technology a watch guard for your entire network. EDR looks for unusual patterns and trends, even finding malware designed to hide from traditional antivirus software. It then alerts and responds to the threat.
- Be vigilant: Keep your IT network house in order by being vigilant. This includes having good security hygiene such as regular patches and updates.
- IAM who IAM: Identity access management (IAM) is a key area of security that can be crucial in managing threats, both from accidental/malicious insiders and external hackers. Apply the principle of ‘least privilege’ to only allow access to network resources on a need to know basis.
- Be watchful: Monitor your systems. Keeping track of who is doing what and when can help you to spot any unusual behavior. Running regular scans on your network can also help to identify potential weaknesses that can be exploited.
Hopefully, by the time 2021 comes around, the cybersecurity attack onslaught of the past few years will have met its match. If we work together to create a more robust approach to cybersecurity, we can take cybercrime on. Cybersecurity preparedness is no longer something to think about tomorrow; cybersecurity is here and now, and with the right approach, we can win out.