With the increasing rise in cyber-attacks, some of the experts have given their predictions about the sectors that are more prone to attack and the types of attacks which the security staffs must look for in the year 2020.
Phishing attacks will continue
Some experts say that the firms will have to continue their struggle against phishing attacks. According to a recent report by Europol, spear phishing is the most frequently occurring cyber-attack on EU companies.
Jeremy Hendy, CEO of Skurio, has conveyed his belief that this will continue to be a common problem. He stated that all businesses will have to prepare for more CEO fraud attacks which is a well-crafted email, impersonating communications from a legitimate person and persuading the receiver to do something like money transfer.
These types of attacks are possible due to leaked email credentials which are sold from dark web marketplaces, and can be used for account takeovers for even more specific and credible phishing emails.
Attackers will target more on SME’s
Small and medium-sized companies that doesn’t have a sufficient security talent and pulling power for attracting better talent are more likely to be at risk of a cyber-attack in 2020.
It is difficult to hold on to the skilled professionals as market forces provides the option of full time, in-house security specialists with high salaries, beyond the reach of many smaller businesses.
These small firms must have to think creatively and look at how they can reduce the gap through outsourcing and affordable service-based solutions.
Jason Cort, director of product planning at Sharp UK, considered connected printers as a potential pitfall.
Since print solutions within small and medium-sized businesses become more connected, multi-functional printers are becoming digital hubs rather than standalone devices.
Even though many companies are now aware of the rise of cybersecurity, there are still a significant number of small to medium sized businesses that haven’t taken about this seriously.
Accounts having re-used passwords will be more at risk
The usage of re-used passwords is one aspect that may befall security in 2020. There are still several users who continue to re-use the same passwords across multiple services.
According to Liv Rowley, Threat Intelligence Analyst at Blueliv, the cybercriminals take lists of compromised usernames, emails and passwords from earlier breaches and use them to attain access to other sites. The using of same passwords makes one breach turn into multiple compromises.
Having a poor password hygiene and the rising number of data breaches together is an issue of great importance.
New adaptions for Remote Access Trojans
Rowley stated how attackers could adapt their tactics. Even though cyber security researchers may have familiar viruses hunted, these kinds of attacks can mutate.
The cybercriminals are constantly redesigning Remote Access Trojans, or RATs, in order to easily bypass security protections.
Some examples of such a RAT are the Rdfsniffer that lets man-in-the-middle attacks on payment systems and point-of-sale machines and the malware SDBbot that permits attackers to elevate privileges for malicious processes, install backdoors and disable anti-malware solutions.
It is expected that highly sophisticated malware that can exploit new targets and evade detection will be on the rise in 2020.
Health sector will be increasingly targeted by ransomware
Ransomware will continue to create damage in the year 2020 as well, but according to experts the health care sector is believed to be more targeted in particular.
Ransomware will re-emerge as a major threat to healthcare institutions and the researchers attribute this to several factors. One of the main reasons is that malicious actors have refined their tactics, creating more efficient malware, negotiating with their victims, being more persuasive with their demands.
Besides, healthcare organizations usually run outdated software and do not have sufficient cybersecurity resources, that makes them one of the main targets in 2020.
Another reason for the growth of ransomware is that many victims actually pay the ransom, encouraging existing actors and motivates new ones. Healthcare organizations are more willing to pay the ransom due to the sensitivity of the data they have. Also, they believe that the criticality of IT systems means any disruption would result in a huge risk to the patients’ lives.
Cyber security teams will be more diverse
In order to protect the company’s systems and data, they should improve the levels of diversity within tech workforces.
According to Jon Fielding, Apricorn‘s managing director, EMEA, the employers will note this while hiring cyber security staff.
Having less cyber security skills and an increasing expectation that IT will help drive the goals of the business, the companies must look outside the industry to recruit the appropriate people.
The most efficient method to defend a modern business against cyber threats is to build a diverse security team, equipped with a range of different skillsets and experience – including business acumen, and the ability to communicate, collaborate and lead.
It might seem to be not correct to recruit non-specialists to a specialist role, but in the case of cybersecurity an understanding of the basic, best-practice fundamentals is the key factor. Anyone with a solid foundation in good security hygiene and willing to learn, can build their technical knowledge from there.
Cheaper quantum computing will become higher risks
Just like any other resources, quantum technology will also becomes increasingly acquired and used within business and it will be more affordable. But this will take the attention of the cybercriminals towards quantum data.
Ashvin Kamaraju, CTO for cloud protection and licensing activity at Thales stated that this year will see more data breaches with the expectation of cracking the data when quantum computing becomes cheap and more affordable.
It is just a matter of time before more quantum computing power is achieved. When this happens, the encryption techniques used to sign messages and protect encryption keys will be become outdated.
So, we will see an increase in the encrypted communications and encrypted data stolen by hackers as they stock information waiting for the tools to unlock it. So, the quantum breaches will have already happened, long before the computing power comes to realization.
The first AI-powered cyber-attack will occur
AI is making its way into many areas of tech, increasing efficiencies within company practices. It is just a matter of time before it makes its way to the dark side of the cyber space.
According to Marcus Fowler, director of strategic threat at Darktrace 2020 will undoubtedly holds the first AI-powered cyberattack.
Malware that adapts its behavior to be undetected has been on the rise, and if it reaches its full potential, this year could see a true cyber arms race.
5G will only facilitate the rise of machine-speed and automated attacks. At wireless connection speeds up to 100 times faster than 4G, malware could download and spread throughout a victim’s network before they realize it.
If we cannot challenge traditional cyber security standards, the arrival of 5G will make supply chains riskier. With supply chain attacks already remaining as a major risk confronting the modern enterprise, security considerations must not be put aside in the race to market for the 5G-powered internet of things.