2020’s Top Cybersecurity Challenges


2020 has started. This is a time when pundits and writers assess what happened in the past year and look ahead. This blog will provide commentary and context on the big trends picked by top minds in cybersecurity threat intelligence.

Inevitably, threats like phishing and ransomware will continue to keep CIOs up at night. What new events, tactics and concepts will shape cybersecurity in 2020?
More importantly, how can companies safeguard their company against threats both old and new? Relying on trusted partners and solid tools can be the antidote.

1.   Cloud Vulnerabilities


There is a misconception that storing data and handling processes in the Cloud guarantees security. In reality, misconfigured cloud instances resulted in more than half of data breaches in 2019. This trend will inevitably continue well into 2020. Amazon’s configuration guide for businesses to establish their own cloud environment is well over 100 pages, allowing for human error when implementing. The increasing move from local databases to a cloud-hosted model allows for more opportunities for hackers to take advantage of misconfigurations as well as supply their own ingenuity that could result in data breaches.

2.   Mobile as a Cyber Crime Vector


Believe it or not, your smartphone is the next frontier in cybercrime. Techniques to infect mobile devices through apps are becoming more common. These fake and malicious apps are designed to steal data on your smartphone and even swipe any stored passwords on these devices. Additionally, social engineering through SMS text messages (known as Smishing) will continue to increase next year. If you are a business that issues company smartphones to employees, or you allow employees to bring their own device (BYOD) to work, then you will need to address this risk.

3.   Supply Chain Cyber Attacks


The supply chain of a hardware and software consists of the various components that make-up the solution. If malicious code infects a component within a larger trusted application, then the overall application is at risk. Compromising one part of the supply chain can infect multiple vendors. Supply chain attacks are up 78% in 2019, according to Symantec. One example of this is with Asus, a computer and phone vendor. Asus was a victim of supply chain attacks in 2018 that resulted in them providing infected computer systems to upwards of 500,00 customers.

4.   More Data Privacy Regulations

The protection of privacy rights for individuals and their data is a growing trend. The California Consumer Privacy Act (CCPA) goes into effect January 1, 2020. Other states are considering similar privacy bills in 2020, including Massachusetts, Minnesota, Pennsylvania, New Jersey and New York. Many countries outside of the United States are following suit. These acts combined with the Global Data Protection Regulation (GDPR) provide a strong impetus for data and privacy standards. Companies are becoming overwhelmed with the various components and requirements of rules. As a result, IT departments. General Counsel and C-Level Executives are often stretched thin with spare time and each new requirement only adds to the complexity of running a business.


Comments

Post a Comment

Popular posts from this blog

The Biggest Threats in Cyber Security

AI-Driven Attacks We’ve seen it in science fiction films but it looks like reality that computers are learning to attack on their own. Different cyber security platforms are embracing the modern AI to overcome these attacks but hackers are also using the same technology to launch new attacks at their end. Experts suggest that the hackers adopt powerful AI tools for automated attacks and expand their domain in various cyber security reports. Adversarial AI attacks are particularly worrying, because they are so powerful. Theft of data in the past attacks caused a great deal of fear due to the money, time and effort required to carry it out. Now AI has made it easier for hackers to execute several types of attacks within the same time frame and using very less energy. Even with the few lines of codes, hackers can now solve the problem of years into seconds and gain access throughout the network. Phishing Phishing is among the oldest scams and is considered green as ever
Read more

Spam vs. Phishing: What Is the Difference?

Both spam and phishing are related to social engineering, a general term for any activity in which an attacker is trying to manipulate you into revealing personal information. Passwords, account credentials, social security numbers--you should always think twice before giving out this information. Always verify who is really on the other end of the line. What is spam? Spam is unsolicited and unwanted junk email sent out in bulk to a wholesale recipient list. Typically, spam is sent for commercial purposes. However, spam email can also contain a malicious attempt to gain access to your computer, so email security becomes an important defense. What is phishing? Phishing is a common type of cyber attack that everyone should learn about to protect themselves. Phishing attacks are fraudulent communications that appear to come from a reputable source. The goal is to trick the recipient into giving away sensitive data or to install malware in the form of spyware on the victim&
Read more

Threat Hunting Steps

The process of proactive cyber threat hunting typically involves three steps: a trigger, an investigation and a resolution. Step 1: The Trigger A trigger  points threat hunters to a specific system or area of the network for further investigation when advanced detection tools identify unusual actions that may indicate malicious activity. Often, a hypothesis about a new threat can be the trigger for proactive hunting. For example, a security team may search for advanced threats that use tools like fileless  malware  to evade existing defenses. Step 2: Investigation During the  investigation phase , the threat hunter uses technology such as  EDR (Endpoint Detection and Response)  to take a deep dive into potential malicious compromise of a system. The investigation continues until either the activity is deemed benign or a complete picture of the malicious behavior has been created. Step 3: Resolution The resolution phase  involves communicating relevant malicious activity
Read more