SECURITY

Top 5 Cybersecurity Threats to Watch in 2020

These days, cybercriminals are ambitious and innovative, with no shortage of tools and resources at their disposal to go after high-stakes targets and execute malicious code — all while flying completely under the radar. 

To prepare you for what’s ahead, below are five of the top cybersecurity threats you might encounter in 2020.

Misconfigured Cloud Environments Set the Stage for Damaging Attacks

Cloud misconfigurations have been responsible for some of the most egregious breaches in recent memory. Last year, a Seattle-based hacker exploited a misconfigured web application firewall to access files of a major financial institution hosted on AWS S3 servers, resulting in a data breach that compromised the personal information of 100 million credit card customers. Unlike other threats, this security problem originates internally — often as a simple mistake that's made during the deployment of cloud resources. This also paves the way for insider threats on cloud deployments. Yet even accidental oversights can result in costly and destructive breaches that will only become more pervasive as hackers increasingly turn their attention to the cloud.

Phishers Cast a Wider Net

As one of the cheapest and most efficient methods of reaching targets at scale, it’s not surprising that phishing is one of the leading causes of data breaches, according to the Verizon 2019 DBIR. However, hackers are upping their game with a myriad of advanced techniques. Phishers are targeting numerous business SaaS applications —  now accounting for 36% of all attacks — and are continuing to use personal information shared on numerous social media sites to create more authentic-looking, interpersonal messages. As a result, these attacks are becoming increasingly difficult to identify — even for the most tech-savvy users.

Malware Authors Up Their Game

Malware grew by leaps and bounds in 2019, and shows no signs of slowing down in 2020. According to AV-TEST, cyberattackers pushed the total number of known malware samples over the one billion mark — with attacks that are more sophisticated than ever before. Fileless malware attacks – malicious code that executes by piggybacking on legitimate software – are continuing an upward trajectory, along with new forms of “stalkerware” — spyware that tracks victim smartphone data to generate a big-picture view of their activities. On the ransomware landscape, new families are targeting high-value business data while others such as Maze are punishing victims who fail to pay up. 

Compliance and Regulatory Incidences Cost Organizations Dearly

The regulatory landscape has gone through its share of upheavals lately, making the threat of compliance violations and regulatory incidence a top challenge. The newly enacted California Consumer Privacy Act (CCPC) contains numerous detailed requirements about consumer control of data, including knowing what a company has collected, how it’s used, how it’s shared and with whom. And the European Union’s General Data Protection Regulation (GDPR) contains 99 articles within 11 chapters that cover everything from breach reporting protocols to a consumer’s “right to be forgotten.” If an organization is found in violation, costly penalties include fines of more than $20 million or up to 4% of annual worldwide turnover.

Unpatched Vulnerabilities Open Doors for Hackers

Programs that haven’t been updated often leave the door wide open for cyberattackers looking to launch malware in unpatched, or unknown, vulnerabilities. And attackers are getting more creative — last year hackers were able to use the BlueKeep exploit to hack into unpatched Windows systems to install a cryptocurrency miner. The good news is that these highly destructive threats are also some of easiest to prevent with good patch management practices.

CEOs and world leaders say that cybersecurity is one of the biggest threats to the global economy, so it’s no secret that cybersecurity will represent one of the biggest challenges for enterprise organizations over the next decade. But knowing what to look for will help keep your data out of attackers’ hands, and help keep your organization protected from damaging, and increasingly intelligent, threats.

Oliver Friedrichs
Posted by

Oliver Friedrichs

With a record in building four successful enterprise security companies over the past two decades, Friedrichs most recently served as the Founder and CEO of Phantom. Prior to Phantom, Friedrichs founded Immunet, acquired by Sourcefire in 2010 and a key component to Cisco's acquisition of Sourcefire in 2013; now thriving as Cisco's Advanced Malware Protection (AMP). Friedrichs co-founded SecurityFocus (Bugtraq) and led DeepSight, the world's first Internet early warning system, acquired by Symantec in 2002. He also co-founded Secure Networks and led Ballista (CyberCop), one of the industry’s first vulnerability management solutions, acquired by McAfee in 1998. Friedrichs architected and developed a prototype of the first commercial penetration-testing product, SNIPER, acquired by Core Security Technologies in 2001 and further developed into CORE IMPACT. He attended the University of Manitoba and is the co-author of three security books and recipient of 19 patents.

TAGS

Top 5 Cybersecurity Threats to Watch in 2020

Show All Tags
Show Less Tags

Join the Discussion