As businesses continue to evolve in this era of digital transformation, so has the threat landscape. Recently, more businesses have invested in a myriad of technologies related to virtualization, cloud, and connectivity in order to increase work efficiency, availability and collaboration. However, this evolution has created an increasingly vast threat landscape, forcing security professionals to protect numerous new threat vectors to their business. This asymmetry of cyber threats requires more security resources, awareness, and technology. Keep reading to stay up to date with which cybersecurity threats we think are high priority in 2020.
1. Phishing
Phishing is probably the most known, pervasive cybersecurity threat that continues to affect businesses. Over 90% of cyberattacks come through email, as it can often be the most vulnerable part of digital business. Attackers continue to become stealthier and more sophisticated through social engineering or supply chain attacks in an effort to get employees to click on emails and links. When a someone falls victim to a phishing attack, not only do they surrender personal information that can lead to the stealing of funds, unauthorized purchases, and so forth, but they can also give away their privileges to access sensitive information within business systems, which can have devastating results. Especially with the surge of remote working, employees have perpetual access to sensitive and confidential company documents through communication with online applications. While education and training for employees to spot potential phishing attacks is a great first step, humans can’t be fully relied upon. Combating a cybersecurity threat such as phishing requires email security software to detect falsified emails. There are a number of solutions available on the market today to minimize phishing such as gateways and spam filters. More recently, AI-powered email solutions have become more prevalent to help mitigate and greatly minimize risk to phishing.
2. IoT Based Attacks
The dependence and prevalence general society holds to smart devices continues to increase daily. Whether it be your smart coffee maker, your child’s tablet, or the cell phone you bring to work, technology continues to evolve, and—to no surprise—attackers take advantage of the vulnerability of these devices. While IoT devices may look innocent, they have become an increasingly, heavily targeted threat vector that can dangerously be used as loopholes for cybercriminals to access networks. This absence of security solutions that can provide visibility into smart devices leaves accessible avenues for hijackers to attack and gain access to business systems. Most often, the security of IoT devices is overlooked when it comes to protecting the digital business, and the interconnected nature of technology proves the importance of having visibility into that part of a network. It is important to keep track of which “smart” devices are in use, to continuously update their software and carefully curate a security strategy that keeps IoT devices in mind.
3. Insider Threats
While there are many security tools that aim to keep bad actors or threats out, insider threats are a continued vulnerability in organizations across the globe. While there are many trusted individuals within an organization, insiders either unintentionally or maliciously, leak confidential information that can harm the company. When careless or neglectful with confidential systems and data, employees can create an easy path for attackers to breach. Additionally, disgruntled employees can take advantage of credentials and access to proprietary information to gather information before leaving a company. This risk has been amplified due to the great increase in remote work. It has become increasingly crucial to ensure that security teams are well equipped with tools to provide visibility into internal use and ensure employees are utilizing safe and secured access. It is recommended to utilize a security solution that provides visibility into employee access, can monitor unauthorized logins, new devices, and can generally identify anomalous user activity.
4. Cloud Jacking/Cloud Vulnerability
Due to the intensifying reliance of companies migrating to the cloud, cloud jacking is becoming a more prevalent and important cybersecurity threat to many businesses. When migrating to the cloud, the expansion of the digital footprint beyond conventional perimeters can lead to a lack of visibility. Without visibility, it’s difficult for security professionals to know what to protect. With a broader threat landscape to protect, many organizations are migrating to the cloud very rapidly. With rapid expansion and configuration, it leaves greater risk to misconfigurations and vulnerabilities for organizations utilizing cloud storage, computing, or applications. For this reason, companies going to the cloud must fully examine the path they are taking there, keeping their cybersecurity posture top of mind both during the migration phase and in the optimization phase afterwards. There are several paths to the cloud and a “lift and shift” isn’t always the best option for companies with complex IT needs. Because the use of cloud also means the use of a third party, know who that third party is and if they have the chops to protect your workloads in the cloud. Cybersecurity in the cloud demands regular communication with the third party, so that both of you can address risks as they arise.
5. DDoS Attacks
DDoS (Distributed Denial of Service) attacks are malicious attempts used to overwhelm a victim’s network. DDoS attacks can be complex and varied in style, which can be troublesome to those trying to track them. Wreaking havoc once infected can leave companies unable to perform normal business operation by jamming their network and denying service from normal traffic. When DDoS attacks are executed successfully, businesses could potentially lose confidential data, have an unreachable online platform, and damage a company’s reputation, which can affect future revenue and trust from consumers. To fight this, you must adopt a battle plan and develop reliable DDoS prevention and mitigation solutions. Developing a response plan based on a thorough security assessment is critical, as once you are a victim of a DDoS attack, you are out of time to create a plan. This can be an exhaustive task but is key to begin the process of securing your network security. Additionally, putting multi-level protection strategies in place and outsourcing DDoS prevention to cloud-based service providers are key in securing your infrastructure.
6. Ransomware
Ransomware continues to affect companies and organizations across the globe. Through various methods of infiltration, attackers utilize ransomware for financial gain. With attackers now utilizing machine speed AI attacks offensively, many organizations are left vulnerable. Ransomware does not discriminate against size or type of organization either; corporations, governments, and hospitals alike have all been affected. This has created a machine versus machine war and human teams are having difficulty keeping up utilizing legacy technologies. The first step in preventing ransomware attacks is establishing strong firewalls to prohibit access from outsiders. However, the most effective solution in stopping a ransomware attack is to invest in an AI-based solution that can autonomously respond in real time to fast acting attacks like ransomware. Finally, probably the most essential prevention step, is establishing a DRaaS (Disaster Recovery as a Service) plan. Read here to learn more about InterVision’s best DRaaS resources.
7. Machine Learning Poisoning
Machine Learning Poisoning (MLP) is a newer cyberthreat which occurs when an attacker injects bad data into the victim’s data, influencing the machine learning (ML) using the data to learn something it shouldn’t, an effort to get the algorithm to make poor decisions. It’s an attack that varies largely in what it can be used for, whether it be tampering with the ML in a smart appliance or disrupting the data of a backup. As a result, MLP can have significant, damaging effects. Due to the growing presence of AI and Machine Learning, MLP is unquestionably something that should be taken seriously and will likely gain greater attention with time. To guard against MLP, IT teams must carefully review datasets before feeding them into their ML system.
8. AI Enhanced Cyberthreats
As artificial intelligence (AI) finds its way into mainstream business, cybercriminals are also consequently mooching off of AI capabilities and realizing how it can be used to launch cyberattacks. Essentially, the cybercriminals use AI to more efficiently learn about the internal functionalities and software of the victim and inject data into the software to monitor how it reacts. Once they see how it reacts, they are able to use ML to refine the data and try again. This allows cybercriminals to detect vulnerabilities within the victim’s software and accelerate zero-day attacks. To prevent this from happening, companies must invest in leading edge AI cybersecurity tools.
Ongoing Risk Management in the Modern Era
Cybersecurity threats are constantly growing in complexity, and it is getting harder and harder for defenders to stay ahead of them. Some attackers are now even using AI machine learning, making their attacks much better targeted, organized, and implemented. Other attackers are traditional, and virtually blend into the digital environment over time. Because of this expanding threat landscape, there is now an imbalance of power regarding cyberthreats between attackers and defenders. The growing complexity and scale of the environments that security professionals are forced to defend, as well as the rising number of IoT devices result in security teams often suffering from lack of visibility. The intensifying capabilities of the attacker and the current capabilities of the defenders are subsequently being brought to light. This evolving climate has made it more difficult for people and traditional security tools to keep up, making technology like AI a strong tool in staying ahead and attacking these challenging threats.
For this reason, companies must constantly iterate their risk management programs, understanding the evolution of their threat landscape with the help of their cybersecurity team and consultants. Knowing the possible impacts of any given cyber threat allows a business to determine how best to prepare for a possible attack, whether it be provisioning a new tech tools to assist in detection, hiring new cybersecurity staff or purchasing additional insurance. The issue of cybersecurity has moved beyond the IT team to the whole of a business, since so much of business now relies on technology to operate. This means that IT teams must be having continual conversations with executive leadership to keep them updated with the newest threats as they emerge.