Cybersecurity 2020: looking ahead while keeping an eye on the past
As we step lightly into a new year (and a new decade), we cannot help but wonder what's next in cybersecurity. Numerous publications as well as security professionals have already shared their insights and predictions for 2020. And, let me tell you, the situation does not always feel good, but, hey, when was security easy to handle?
Before we dive into discussing the state of cybersecurity for this year, let's first have a retrospective of the year that just passed.
How cybersecurity changed in the last decade
2019 marked the end of a decade that brought several significant changes in the security field. For starters, the last ten years represented the period when everything went cyber - cybersecurity, cybercrime, cyber threats, cyber protection etc.
With more and more individuals having access to the internet combined with the advent of online banking and an increase in mobile phones usage, organizations and governments finally acknowledged the necessity of having a (good) security strategy. Of course, this happened gradually and only after a few serious breaches have companies really started to take actions to protect themselves.
The last decade was also marked by an increase in responsibility on the individual's end. A lot of companies, security professionals and IT experts launched into awareness campaigns, blog posts, videos that draw attention to fraud-related risks. It all culminated with the GDPR directive being launched in May 2018, which aims to help individuals become more aware of what is happening with their data and how they can protect themselves.
Courtesy of Security Magazine
On the less positive side, the reviewed period also witnessed a significant rise in large-scale data breaches and ransomware attacks. According to media outlet Business Insider, of the 15 largest data breaches in history, 10 took place in the past decade. The two largest data exposures of all time happened in 2019.
The more we try to update our security and pay attention to our data, the more violations we see, while fraudsters become more structured, organised, and equally versatile. Sadly, this is a trend that will continue in the next decade as well.
Main stories on cybersecurity in 2019
The buzzword for 2019 was ransomware. Although this type of attack is nothing new, last year registered a high number of such threats. The favourite targets of the criminal groups seem to be businesses, health care providers and local governments. They used malicious tools to encrypt a system's data and then demand a ransom to decrypt it.
As an example, in the US, at least 948 government agencies, educational establishments and health care providers were hit by ransomware. The potential cost of these attacks amounts to USD 7.5 billion, as indicated by an Emsisoft report launched in December 2019. However, the two most costly ransomware attacks impacted industrial companies based in Europe.
According to data from SonicWall, IoT malware also jumped to 25 million, registering a staggering 33% increase as compared to the previous year. As more and more people and organizations are purchasing network-connected and interactive devices, criminals come up with new ways to increase their financial gain or just have some fun messing up things.
Phishing attacks have also been in the headlines in 2019. Even though the main purpose of a phishing attack remained the same, fraudsters have come up with new and more sophisticated ways of bypassing email filters. In a report called Phishers' Favorites, Facebook was named the third most impersonated brand in phishing attacks in Q2 2019, a 175.8% increase from Q1 2019. Overall, there was a substantial rise in social media-related attacks, due to personal data being freely available to attackers anytime.
Phishing attacks are becoming more versatile
2019 was a great year for hackers - Forbes estimated that 4.1 billion records were exposed by data breaches in the first half of 2019 alone. This amounts to 700 million exposed records every month. It is unbelievable. And it's an undeniable proof that we need to step up our game when it comes to cybersecurity. No company, state or individual is too small or too big to become a target. Awareness, investment and smart choices are key in the next year.
What's in store for 2020
Money and data will continue to be the main motivation, that's for sure. As already shown in the past 3-4 years, criminals are no longer a group of bored hackers trying to showcase their technical skills. Attackers are slowly becoming a community of individuals with a wide a range of malicious tools at their fingertip and a great desire of paralyzing companies, hospitals, cities and, why not, entire states.
To be one step ahead of them we must be twice as prepared and continue to increase investments in cybersecurity. Yet, this spending should not be reflected only on purchasing expensive tools that promise to keep criminals at bay forever. We must carry on with increasing awareness, upgrading our systems and, most importantly, sharing the knowledge and information among ourselves. Joining hands with other organizations, commercial companies, governments can prove to be a successful strategy in fighting fraud.
Artificial intelligence will most likely play a role in jump starting security responses, but will also be a dangerous tool in the hands of attackers. Research by Capgemini indicates that 63% of organizations are planning to deploy AI-based solutions in 2020, most of them to improve network security.
In what data breaches are concerned, these will continue to dominate the online security ecosystem. According to the Data Breach Report published by the Identity Theft Resource Center, more than 1,200 data breaches were disclosed in 2019. For the next 12 months, an increase in credential-stuffing attacks is expected. Criminals will use account credentials obtained from past data breaches to access user accounts through large-scale automated login requests.
The recently launched 5G technology will also be a buzzword in 2020. The increased bandwidth allows attackers to take control over a relatively small number of mobile handsets and release a great amount of damage. Security vendor Gurucul expects some of the biggest 5G security problems in 2020 to involve the supply chain.
"The vast 5G supply chain is susceptible to the introduction of vulnerabilities such as malicious software or hardware and poor designs."
CEO Saryu Nayya
Nevertheless, this is not the first year with frightening predictions related to cybersecurity. The last two years have also been really difficult. As stated by TechRepublic in one of their articles, the silver lining is that "this will open many an eye to the fact that serious security measures must be taken".