These days, cybercriminals are ambitious and innovative, with no shortage of tools and resources at their disposal to go after high-stakes targets and execute malicious code — all while flying completely under the radar.
To prepare you for what’s ahead, below are five of the top cybersecurity threats you might encounter in 2020.
Misconfigured Cloud Environments Set the Stage for Damaging Attacks
Cloud misconfigurations have been responsible for some of the most egregious breaches in recent memory. Last year, a Seattle-based hacker exploited a misconfigured web application firewall to access files of a major financial institution hosted on AWS S3 servers, resulting in a data breach that compromised the personal information of 100 million credit card customers. Unlike other threats, this security problem originates internally — often as a simple mistake that's made during the deployment of cloud resources. This also paves the way for insider threats on cloud deployments. Yet even accidental oversights can result in costly and destructive breaches that will only become more pervasive as hackers increasingly turn their attention to the cloud.
Phishers Cast a Wider Net
As one of the cheapest and most efficient methods of reaching targets at scale, it’s not surprising that phishing is one of the leading causes of data breaches, according to the Verizon 2019 DBIR. However, hackers are upping their game with a myriad of advanced techniques. Phishers are targeting numerous business SaaS applications — now accounting for 36% of all attacks — and are continuing to use personal information shared on numerous social media sites to create more authentic-looking, interpersonal messages. As a result, these attacks are becoming increasingly difficult to identify — even for the most tech-savvy users.
Malware Authors Up Their Game
Malware grew by leaps and bounds in 2019, and shows no signs of slowing down in 2020. According to AV-TEST, cyberattackers pushed the total number of known malware samples over the one billion mark — with attacks that are more sophisticated than ever before. Fileless malware attacks – malicious code that executes by piggybacking on legitimate software – are continuing an upward trajectory, along with new forms of “stalkerware” — spyware that tracks victim smartphone data to generate a big-picture view of their activities. On the ransomware landscape, new families are targeting high-value business data while others such as Maze are punishing victims who fail to pay up.
Compliance and Regulatory Incidences Cost Organizations Dearly
The regulatory landscape has gone through its share of upheavals lately, making the threat of compliance violations and regulatory incidence a top challenge. The newly enacted California Consumer Privacy Act (CCPC) contains numerous detailed requirements about consumer control of data, including knowing what a company has collected, how it’s used, how it’s shared and with whom. And the European Union’s General Data Protection Regulation (GDPR) contains 99 articles within 11 chapters that cover everything from breach reporting protocols to a consumer’s “right to be forgotten.” If an organization is found in violation, costly penalties include fines of more than $20 million or up to 4% of annual worldwide turnover.
Unpatched Vulnerabilities Open Doors for Hackers
Programs that haven’t been updated often leave the door wide open for cyberattackers looking to launch malware in unpatched, or unknown, vulnerabilities. And attackers are getting more creative — last year hackers were able to use the BlueKeep exploit to hack into unpatched Windows systems to install a cryptocurrency miner. The good news is that these highly destructive threats are also some of easiest to prevent with good patch management practices.
CEOs and world leaders say that cybersecurity is one of the biggest threats to the global economy, so it’s no secret that cybersecurity will represent one of the biggest challenges for enterprise organizations over the next decade. But knowing what to look for will help keep your data out of attackers’ hands, and help keep your organization protected from damaging, and increasingly intelligent, threats.