Top new and Evolving Cybersecurity Threats in 2020
A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments and individuals at constant risk.
The industry continues to suffer from a severe shortage of cybersecurity professionals and experts warn that the stakes are higher than ever, as the cybercrime epidemic even risks shaking public faith in such cherished ideals as democracy, capitalism and personal privacy. “Honestly, we’re all at risk,” Heather Ricciuto of IBM Security told cnbc.com, “whether you’re talking about a large enterprise or an individual.”
The nonprofit Information Security Forum, which describes itself as “the world’s leading authority on cyber, information security and risk management,” warns in its annual Threat Horizon study of increased potential for:
- Disruption — Over-reliance on fragile connectivity creates the potential for premeditated internet outages capable of bringing trade to its knees and heightened risk that ransomware will be used to hijack the Internet of Things.
- Distortion — The intentional spread of misinformation, including by bots and automated sources, causes trust in the integrity of information to be compromised.
- Deterioration — Rapid advances in intelligent technologies plus conflicting demands posed by evolving national security and individual privacy regulations negatively impact organizations’ ability to control their own information.
With damage related to cybercrime projected to hit $6 trillion annually by 2021 according to Cybersecurity Ventures, here is a closer look at the most significant cybersecurity threats for 2020.
Cybersecurity Threats and Trends for 2020
Phishing Gets More Sophisticated — Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.
Now that employees at most organizations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are upping the ante — for example, using machine learning to much more quickly craft and distribute convincing fake messages in the hopes that recipients will unwittingly compromise their organization’s networks and systems. Such attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware Strategies Evolve — Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.
Cryptojacking — The cryptocurrency movement also affects cybersecurity in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to “mine” for cryptocurrency. Because mining for cryptocurrency (like Bitcoin, for example) requires immense amounts of computer processing power, hackers can make money by secretly piggybacking on someone else’s systems. For businesses, cryptojacked systems can cause serious performance issues and costly down time as IT works to track down and resolve the issue.
Cyber-Physical Attacks — The same technology that has enabled us to modernize and computerize critical infrastructure also brings risk. The ongoing threat of hacks targeting electrical grids, transportation systems, water treatment facilities, etc., represent a major vulnerability going forward. According to a recent report in The New York Times, even America’s multibillion-dollar military systems are at risk of high-tech foul play.
State-Sponsored Attacks — Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cybercrime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2020, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.
Many such attacks target government-run systems and infrastructure, but private sector organizations are also at risk. According to a report from Thomson Reuters Labs: “State-sponsored cyberattacks are an emerging and significant risk to private enterprise that will increasingly challenge those sectors of the business world that provide convenient targets for settling geopolitical grievances.”
IoT Attacks — The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT is expected to reach 75 billion by 2025). It includes laptops and tablets, of course, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems.
Connected devices are handy for consumers and many companies now use them to save money by gathering immense amounts of insightful data and streamlining businesses processes. However, more connected devices means greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.
Smart Medical Devices and Electronic Medical Records (EMRs) — The health care industry is still going through a major evolution as most patient medical records have now moved online, and medical professionals realize the benefits of advancements in smart medical devices. However, as the health care industry adapts to the digital age, there are a number of concerns around privacy, safety and cybersecurity threats.
According to the Software Engineering Institute of Carnegie Mellon University, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”
With hospitals and medical facilities still adapting to the digitalization of patient medical records, hackers are exploiting the many vulnerabilities in their security defenses. And now that patient medical records are almost entirely online, they are a prime target for hackers due to the sensitive information they contain.
Third Parties (Vendors, Contractors, Partners) — Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees.
As cyber criminals become increasingly sophisticated and cybersecurity threats continue to rise, organizations are becoming more and more aware of the potential threat posed by third parties. However, the risk is still high; U.S. Customs and Border Protection joined the list of high-profile victims in 2019.
A report on “Security Risks of Third-Party Vendor Relationships” published by RiskManagementMonitor.com includes an infographic estimating that 60% of data breaches involve a third party and that only 52% of companies have security standards in place regarding third-party vendors and contractors.
Connected Cars and Semi-Autonomous Vehicles — While the driverless car is close, but not yet here, the connected car is. A connected car utilizes onboard sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fueling the Future.”
For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. In addition to safety concerns, connected cars pose serious privacy concerns.
As manufacturers rush to market with high-tech automobiles, 2020 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
Social Engineering — Hackers are continually becoming more and more sophisticated not only in their use of technology, but also psychology. Tripwire describes social engineers as “hackers who exploit the one weakness that is found in each and every organization: human psychology. Using a variety of media, including phone calls and social media, these attackers trick people into offering them access to sensitive information.” The article includes a video demonstrating an example of social engineering.
A Severe Shortage of Cybersecurity Professionals — The cybercrime epidemic has escalated rapidly in recent years, while companies and governments have struggled to hire enough qualified professionals to safeguard against the growing threat. This trend is expected to continue into 2020 and beyond, with some estimates indicating that there are some 1 million unfilled positions worldwide (potentially rising to 3.5 million by 2021).
The severe shortage of skilled cybersecurity professionals continues to be cause for alarm since a strong, smart digital workforce is essential to combat the more frequent, more sophisticated cybersecurity threats emanating from around the globe.Tags: clinic networks, privacy concerns, vulnerabilities detected