Every year, cyber-attacks on both business and individuals continue. As soon as one threat is extinguished, another rears its ugly head. Cybercriminals are using new, more sophisticated ways to attack companies. Often demanding more substantial sums of money in return for keeping their data private. Corporate IT security departments have their work cut out for them, as they must endeavour to stay one step ahead of the criminals.
Cybersecurity is of utmost importance for many organizations as these cyber threats are not going away. In fact, they will only increase in frequency and potential damage. Data from the International Data Corporation shows that global spending on cybersecurity solutions is anticipated to top $103 billion this year. That's an estimated increase of 9.4% over 2018, showing just how seriously some companies are taking cybersecurity.
Cybersecurity is such a hot topic for organizations of all sizes. That's why we’ve pulled together a few of the trends we see on the cybersecurity front. We'll also take a look at what companies can do to keep pace.
Cybersecurity Trend #1 - Data Breaches, Ransomware, and Phishing Scams Are Not Going Away
Cybercrime is big business, and therefore it’s not surprising that data breaches are going to continue. As long as there is money to be made, criminals will continue to find a way to break the laws. According to the America Identity Theft Resource Center, nearly 31 million records were exposed in the 13 most significant breaches in the first half of 2019, with 11 of the top 13 breaches occurring at medical or healthcare organizations.
Ransomware is a type of malware that threatens to publish the victim's data or block access to it unless a ransom is paid. It's also on the rise, with predictions that global damages from ransomware will reach over $11 billion this year. While attacks on individuals are less common nowadays, the same cannot be said for organizations, with Malwarebytes reporting an increase of 363% in ransomware detections by businesses between Q2 2018 and Q2 2019.
While large organizations have already done considerable work to protect themselves from attacks, small and mid-size companies are at risk. They may not have adequate information security measures and resources in place to protect themselves.
Phishing attacks also continue to be one of the most pervasive IT security threats. These attack employees’ lack of awareness of lucrative scams, causing them to give out corporate login credentials inadvertently. This allows cybercriminals to gain backdoor access to the company’s network infrastructure. Businesses must implement comprehensive information security awareness programs. This may include investing in phishing simulators, as your users will always remain the weakest link in the security chain. It’s more critical than ever to roll out user awareness training to empower users with a greater sense of ownership for corporate IT security.
Verizon’s 2019 Data Breach Investigations Report (DBIR) reports that 32% of confirmed data breaches boiled down to phishing, with email still topping the list of cyber threats. But phishing nowadays isn’t just about emails alone, which brings us to Trend #2.
Cybersecurity Trend #2 - Cybercriminals Will Expand Their Avenues of Attack
Increasingly, phishing involves more than just email as a means of cybercriminals capturing data. SMS texting attacks, communications on social media platforms, and even phone calls with a live person are all growing in popularity. The means is to trick victims into handing over personal data, login credentials, or even money directly.
Mobile attacks, in particular, are increasing in prevalence. Since we use mobile devices for handling everything from personal and business communications like banking, booking a flight or hotel. There are apps for literally every aspect of your life. However, research from RSA Security—an American computer and network security company of parent organization Dell Technologies—shows that 70% of fraudulent transactions originated in the mobile channel in 2018. Fraud from mobile apps has increased by 680% since 2015 alone. Mobile is, therefore, a vast—and growing— channel of opportunity for cybercrime.
With more machines and gadgets connecting to the Internet, it’s only opening up even more avenues for cyber attacks. Internet of Things (IoT) devices—smart homes, smartwatches, virtual assistants, etc.—remain most vulnerable. Attacks on these connected devices will rise owing to existing gaps and lack of standards concerning its security. Due to the lack of framework and standards, IoT security is left to respective vendors and device manufacturers. And ultimately, their focus is often on the functionality of the device rather than the potential risks and consequences.
A priority for companies will be to turn to trusted managed information security partners that can help keep mobile and IoT devices up to date with the latest security patches and proactive monitoring.
Cybersecurity Trend #3 - AI and Machine Learning Will Drive Most Cybersecurity Efforts
Cybersecurity is becoming intelligence-driven. This is key to being able to respond quickly and proactively to the automated attacks that are happening. This technology has the potential to identify and respond to cyber threats as they occur. Machine learning plays a critical role in gathering intelligence, with machines being able to make more of their own decisions and execute changes themselves.
Machine learning means that a company’s cybersecurity can change dynamically in response to the changing threat landscape. Algorithms can be used to accelerate incident detection and identify risk to the business, such as software vulnerabilities and configuration errors. Algorithms can also provide situational awareness for managers to get a holistic view of their security status.
The market for artificial intelligence in cybersecurity is projected to reach 38.2 billion by 2026, according to data from a Research and Markets report. Companies like Amazon, Google, and Microsoft are all working to bring AI and ML tools to their respective offerings.
On the one hand, these technologies will help companies to be more efficient at protecting customers. But on the other hand, cybercriminals are also using machine learning in their attacks. The challenge for businesses is the be right 100% of the time, whereas cybercriminals only need to be right once. That’s why getting ahead of the curve by using intelligence is critical in 2019 and beyond.
Cybersecurity Trend #4 - Tighter Regulations will Force Companies to Take Privacy Issues More Seriously
In the light of high-profile data breach incidents, customers are worried and are demanding better protection measures. Compliance pressure on organizations has grown in the last year with the introduction of the General Data Protection Regulation (GDPR) in Europe, the Notifiable Data Breach (NDB) scheme in Australia, and the enactment of the California Consumer Privacy Act (CCPA) in the US.
These regulations, among others, are forcing companies to look at privacy issues, and reexamine how customer data is collected, processed, stored and deleted. If companies don’t comply, they could be subject to huge fines.
Depending on the specific legislation, compliance can involve:
- Informing individuals about how their information will be used
- Providing individuals with a way to disallow their information from being shared
- Developing and implementing policies and procedures to become compliant
- Lastly, increasing the data and personal information security through the use of encryption and other mechanisms.
What to Watch for in 2020
Cloud-Based Security Will Increase
In 2020, we will continue to see organizations shift their workloads into the cloud. As more of the workforce moves to a remote working environment, companies will look to leverage the latest technology and tools available. This presents cybersecurity challenges as data moves out of the enterprise environment and onto shared systems.
Cloud services present many security challenges, and ease of access consistently introduces risks to organizations where the necessary level of security hardening hasn’t been applied. As a result, cloud-based security providers will gain more traction in the security market in the next year. Cloud-based security providers will offer companies flexibility, scalability, and visibility across all their environments.
Move Towards ‘Digital-Trust’ Rather Than Zero-Trust Models
Recently, organizations have been known to take a zero-trust stance to security. The idea was to identify anyone within their network that was trying to connect to systems and access data, before granting them access.
However, this has proved difficult to put into practice, so what is emerging is instead, a ‘digital-trust’ model. Security teams can build a ‘digital fingerprint’ of their employees. This establishes a comprehensive behavioural profile for each user, giving them access to applications and systems, provided that they remain consistent with their profile. As a result, users can access data and applications more efficiently, with a reduced number of authentication hurdles, improving their overall experience.
How Can Companies Prepare for a Cyber Attack?
The most important way to be prepared for a cybersecurity incident is to have an emergency response plan in place. However, in a 2018 report, released April 2019, 74% of Canadian respondents said they do not have a response plan that is applied consistently across their entire enterprise. Considering the growing number and severity of cyber-attacks and data breaches, this is quite shocking.
In August 2019, the Canadian Federal Government launched the long-awaited cybersecurity certification for small and mid-sized businesses. The thought is to increase the attention SMBs pay to cybersecurity. This would also help increase the confidence of online shoppers buying from Canadian sites.
The CyberSecure Canada program allows organizations to prove to a certification body approved by the Standards Council of Canada that they meet minimum standards. Those that pass are entitled to use a logo on websites and promotional material attesting that they have met the standard. They will also be listed in a searchable registry available for consumers and partners.
As long as cybercrime remains a lucrative business to be in, it’s not going to go away. Cybercriminals are smart and are only going to get smarter. When one backdoor closes, they will quickly find another way in. Cybersecurity will continue to become more intelligence-driven, enabling IT security teams to launch a swift response to the ever-more advanced attacks. Protecting one's organization from cyber threats should be seen as a top priority not only for this year, but every year moving forward.
Contact us to find out how Managed IT Services from innov8 Digital Solutions can provide cybersecurity for your business.
If you need IT support to defend from cyberattacks, give us a call! Our Managed IT Support will care for you, your network, and your office equipment.
