The dizzying speeds of development in today’s technologies create more opportunities for cybercriminals than ever before. Each year we are seeing more and more challenges in the fight against cybercrime. With so many potential targets in the IT environment: on-premise networks, cloud, mobile, and IoT devices, there are many areas that could provide a vulnerability for a cybercriminal to take advantage of. But advanced threat intelligence can help you protect yourself against upcoming attacks. So here is our list of what to look out for this year (some new some not so new):
1. 5G and more IoT devices – The Internet of Things (IoT) already exists, but as the ultra-fast 5G networks roll out, the use of IoT devices will substantially accelerate (36 billion predicted by end of 2020), and massively increase networks’ vulnerability to large scale, multi-vector cyber-attacks. IoT devices and their connections are a weak link in security: visibility of devices is difficult and their security requirements are complex. We need to combine traditional and new controls to protect these ever-growing networks.
2. Targeted ransomware – Ransomware exploits are getting more highly targeted against specific businesses and organizations. Intelligence-gathering about their victims means attackers ensure they can inflict maximum disruption, and the ransoms demanded are increased accordingly.
3. Phishing expansion – Email is the #1 attack vector but cybercriminals are also using a variety of others to trick victims into disclosing personal information, login credentials or even sending money.
4. The risk of Cloud – Increasing use of public cloud infrastructure increases the risk to enterprises. Organizations need to review their existing data center and cloud deployments, and consider hybrid environments comprising of both private and public clouds.
5. Mobile malware increases – Banking malware is now a very common mobile threat – capable of stealing payment data, credentials and funds from bank accounts. Phishing attacks are also tricking mobile users into clicking on malicious weblinks.
6. Artificial Intelligence will speed up security responses – AI dramatically increases the speed of new threat identification and response, helping to block attacks before they can spread widely, as AI is not depend on humans to keep it up to date. However, cybercriminals can use the same techniques to help them infiltrate networks, find vulnerabilities and develop ever more effective malware.
7. Demand for Cyber insurance will continue to rise – Last year we predicted this would be an area of growth and we think this year will be the same. The other issues we have previously mentioned will encourage more and more people to seek the reassurance of insurance protection should the worst happen. Every day it is becoming more a case of ‘when’ you will suffer from a cyber attack rather than ‘if’. Cyber insurance is said to be one of the few areas of growth and innovation in the current insurance market. Despite this, some insurers still limit the amount of cover offered under a policy, as breach costs are constantly rising and the protection available doesn’t even come close to what the cost of a truly damaging cyberattack would be to a large business.
8. Skills gap increasing– 58% of CISOs believe the lack of expert cyber staff will worsen. That is not surprising as Cybersecurity Ventures recently estimated 350% growth in open cybersecurity positions from 2013 to 2021, resulting in 3.5 million unfilled positions by 2021. There is no quick fix to this, and even long term the number of suitable graduates is not increasing in line with number of job opportunities. Companies need to focus on internal training programs to develop cybersecurity experts in-house, while simultaneously outsourcing where possible. ML and AI can free up time spent on manually intensive to allow staff to focus on more creative projects. But none of this is going to be enough to fill the gaps. And organizations with under-resourced cybersecurity departments could result in more vulnerabilities for cybercriminals to capitalize on.
9. Brexit – Brexit is now happening and will finally go ahead on 31 January 2020. Although EU GDPR may no longer apply directly in the UK at the end of the transition period (31 December 2020), UK organizations must still comply with the Regulation’s requirements. Current GDPR issues such as reporting and fines for breaches will continue, and this is coupled with the fear of many IT professionals who argue that Brexit-related uncertainty is adding to the challenge of hiring from outside the UK, which will only widen the current skills gap.
Overall, it is clear to see from our 2020 Threat Predictions that cybersecurity is an increasing threat to consumers and businesses alike. Techniques are becoming more advanced, new attack vectors are being used and malicious actors are demanding more from their victims. Brexit will bring about a renewed focus on GDPR and the talent crisis will make it even harder for organizations to keep on top of everything that needs to be done to keep their networks and data secure.
activereach specialises in helping companies to understand what they need and providing a helpful ongoing service to keep networks secure and combat the threats mentioned in our 2020 Cybersecurity Predictions. Give us a call on 0845 625 9025 to find out more.