One of the key issues that businesses in all industries and sizes had to contend with in 2019 was cybersecurity. With businesses increasingly conducting their activities online, there has been an increase in public awareness of the need to maintain the privacy as well as security of any information transmitted across the internet. As we head into 2020, here are some of the top cybersecurity threats that businesses and individuals are expected to encounter as well as how best they can be neutralized.
1) DATA BREACHES
Data breaches will continue to be a significant cybersecurity issue for businesses in 2020. Cybercriminals and other malicious actors continue to develop new and more sophisticated tools that enable them to compromise private networks and stay undetected for longer periods of time. With a burgeoning black market for stolen personal and proprietary information, there is no indication that this threat will be going away anytime soon. Knowing this, businesses need to intensify their efforts to maintain the security and integrity of their network; failing to do so can lead to adverse consequences in the event of a data breach such as loss of customer trust, litigation, and even business failure. Some of the measures that businesses should adopt to strengthen their network security include:
- Employee training
- Stronger identity and access management policies
- Restricted use of privileged accounts
- Endpoint management
- Stronger firewalls
2) AUTOMATION AND INTEGRATION
Over the past couple of years, there has been a greater push by businesses towards automated systems and processes; this push has mostly been driven by cost control, to do more at a reduced cost. There has also been an additional push to integrate systems and processes as much as possible so as to minimize redundancies and improve efficiency; this also has the benefit of managing business costs. This push towards automation and integration, however, also increases the security risks faced by businesses for the following reasons:
- The automated system that is adopted by the business may have security vulnerabilities that are unknown to the business owner
- Employee downsizing due to automation and integration may leave fewer skilled individuals available to monitor for security threats
- API connections that are formed during integration can provide an opening for cybercriminals
To minimize the security risks, there should be a more robust planning and thorough discussion about the process prior to automation and integration implementation.
3) MOBILE DEVICES
There has been a significant rise in the number of employees who use their mobile devices for work-related activity; this number is projected to increase in 2020 as work flexibility as well as remote working increase. However, data stored on mobile devices can be accessed by cybercriminals if the devices have no security measures in place; unsecured mobile devices can also act as entry points for cybercriminals into private networks. To minimize the risks posed by mobile devices, they should have antivirus, as well as anti-malware, software enabled to secure the devices. An additional security measure to mitigate the security risks of mobile devices is to use VPNs when accessing the business’ network from an external location.
4) STATE-SPONSORED CYBERATTACKS
In addition to cyberattacks by lone cybercriminals, businesses now have to be on the lookout for state-backed cybercriminals as well. Especially during times of heightened political tensions, businesses should expect to see an increase in the number of state-sponsored cyberattacks; this threat is especially acute for businesses in sensitive industries or high-value targets such as banking and petroleum, among others. Businesses in these industries should always be hypervigilant to cyberthreats and should be ready to take countermeasures at a moment’s notice to neutralize any suspected threats.
5) IoT DEVICES
The Internet of Things (IoT) is a system of interconnected physical devices that have the ability to communicate wirelessly with each other across the internet. Examples of IoT devices that are commonly used include home security systems, thermostats, home appliances, cars, and medical devices, among others; these devices have sensors that capture sensitive information and transmit them to other IoT devices. Most IoT devices, however, are poorly secured and easily susceptible to compromise by cybercriminals. This threat is expected to significantly increase in 2020 as more IoT devices are developed. One of the basic steps to prevent your IoT from being compromised is to change the default password assigned to the device immediately after the device is purchased. Another security measure to protect your IoT device is to enable two-factor authentication.
Phishing is one of the basic techniques used by all cybercriminals to compromise private networks. With phishing, employees are sent emails containing malicious links; clicking on the links triggers the release of viruses or malware which can then spread throughout a network. Due to the relative simplicity as well as the effectiveness of phishing, this cyber attack strategy will not be going away any time soon. The mainstay of protection from phishing is employee training to recognize possible phishing emails. Additionally, businesses should have software in place that flags emails that are known to be spam, are potentially suspicious or are external emails.
7) THIRD-PARTY VENDOR SECURITY
Third-party vendors are a significant cause of data breaches; about 50 percent of data breaches in 2019 were caused by third-party vendors. Due to their weaker security standards, cybercriminals attack third-party vendors and steal their credentials; the stolen credentials are then used to attack business networks. To prevent this type of cyberattack, business owners need to ensure that all third-party vendors are subject to the same strict security standards adopted by their businesses.
8) HUMAN ERROR AND EMPLOYEE NEGLIGENCE
The weakest link in any business security system is its employees; bad security practices such as using weak passwords, shared passwords, and unsecured devices, can among others can increase the likelihood of network compromise by cybercriminals. With over 90% of reported data breaches caused by human error, it is essential that employees receive regular training on best practices that keep a network secure.
Even though ransomware is a relatively new technique used by criminals, its use has rapidly increased in popularity and is projected to further increase in 2020. With ransomware, cybercriminals breach business networks and install malware that encrypts the files within the database, rendering them useless to the business owner. The business owner is then asked to pay a ransom so that the files can be decrypted; if the ransom is not paid, then the files are then completely destroyed. To guard against ransomware, it is essential that businesses have strong network security systems in place to guard against intrusion. Additionally, files should be backed up into multiple locations so that in the event of a ransomware attack, businesses can restore files from their back up storage and resume business operations.
At Cyber Sainik, we know that the cyber threats are constantly evolving and becoming more sophisticated. As we enter into 2020, we are prepared to work with you to ensure that your business remains fully secured from all manner of cyberattacks. For more information about what we have to offer, contact us.