Given what’s happened in 2019 – the What’sApp hack, the Fortnite breach, iPhone surveillance, Toyota’s data breach and more – you might not be looking forward to 2020. Breaches will be bigger, hackers will be smarter, and security teams and budgets will continue to struggle to keep pace.
Despite the ever-increasing number of online threats and breaches, there are steps you can take to defend your data against attackers. Moving forward digital transformation will drive an industry-wide shift to organisations investing in platforms that automate the management and measurement of security programmes. There will also be a shift to automation and security outsourcing – particularly for SMBs who don’t have the resources for a full-time SOC – and, of course, there will be a re-alignment to defend data rather than networks.
With that in mind, here are five major cyber-security threats organisations should keep an eye on in the New Year.
1. The imitation game: spear-phishing swindles will persist
Threat actors are shifting away from the scatter-gun phishing approach to well-researched, bespoke emails, cleverly personalised to appear as convincing as possible. In fact, according to Europol, spear phishing is now the number one cyber-threat to organisations.
Throughout 2020 we’ll continue to see a rise in this form of attack and it’s not only the largest enterprises that will be preyed upon. In fact, all businesses will need to be prepared for more CEO fraud attacks: a well-crafted email, imitating communications from a trusted executive, usually convincing someone to make an urgent money transfer. It’s made to look like the ‘real deal’ and it works. These often happen as a result of both Open Source intelligence gathering by criminals, combined with leaked email credentials that find their way on to dark web marketplaces, which can be used for account takeovers (ATOs) for even more specific and credible phishing emails.
2. SMEs hit hardest by cyber-skills shortage
There’s a real dearth of cyber-security talent and smaller businesses will be the hardest hit in 2020. Skilled professionals will be increasingly hard to find and difficult to retain. Market forces will put the option of full time, in-house security specialists, commanding high salaries, out of reach for many smaller businesses.
Instead, they’ll need to think creatively and look at how they can plug the gap through outsourcing, staff retraining, and affordable service-based solutions as well as the aforementioned automation. This is imperative as under-resourcing can cause real security risks. Bad actors are aware of the lack of defences in smaller businesses and they are an easier target to break into. Cyber-criminals are increasingly targeting SMEs, who are less likely to have the technology, people and processes in place to block or defend against those attacks.
3. GDPR: be prepared for a second wave of fines and repeat offenders
In 2019, the regulators bared their teeth and showed that sky-high penalties were more than a hollow threat. Precedents were set with the first wave of multi-million pound GDPR fines proposed at BA and Marriott, reflecting the sheer amount of data that was compromised.
In 2020, we’ll see the wider impact on consumer behaviour. GDPR is all about putting the safety of customers’ data front and centre; those companies that have been breached are likely to see frustrated customers voting with their feet and taking their business elsewhere. Next year we will see the second wave of fines, regulators will also face the challenge of how to deal with ‘repeat offenders’.
It’s reinforced the importance of early breach detection for compromised credentials. Companies can also get proactive about planned attacks, which can be identified through chatter on Dark Web forums by threat actors.
4. Risky connections
Organisations will be managing an increasingly complex web of third party and supplier risk. More connections mean more risk, exposing them to threats beyond their control. Due diligence when working with new partners or suppliers is critical but the reality is that they simply can’t control every aspect of their third party’s security. What they can do is manage this risk by ensuring strict contract service level agreements, and availing themselves of technology that provides visibility of data outside of the corporate network.
Companies will continue to migrate to the cloud, which is brilliant for productivity and digital transformation, but is often happening without security assessment or approval by IT. Shadow IT and the culture of Bring Your Own Device - and App - will continue, with many organisations using more apps than they have employees. All of these trends together will create a perfect storm of vulnerability for organisations.
5. Digital trust – the new customer metric for business success
The flipside of cyber-security is digital trust. Consumers will lose confidence in repeat offenders who do not take care of their personal data. We’ve seen the first wave of GDPR fines but more importantly huge publicity and bad press for companies who have had breaches which weren’t well managed. The public are becoming more and more aware of the value and currency of their personal data and will punish companies who don’t look after this responsibly.
Skurio develops innovative Cloud software that automates searching the surface, deep and Dark Web for your critical business data and threats. You can look beyond your network with Skurio and protect your data, wherever it lives. Click here for more information.