Ushering in a new decade brings with it exciting, innovative technologies and capabilities. However, the reality is that the new cyber landscape exposes us to a plethora of risks – old and new – as threat actors gain access to a larger array of targets. Here are what the experts say are the top five cybersecurity threats for 2020.
The Internet of Things
The Internet of Things (IoT) market is predicted to reach an estimated $1.1 trillion by 2026 with the banking, financial services, insurance and agricultural industries set to exhibit the maximum opportunities in the market. The sheer scale and prevalence of the IoT will bring with it an increasing number of cybersecurity threats, as the attack surface spreads and threat actors are able to take advantage of poor designs and a lack of understanding. In addition, cybersecurity experts will struggle to keep up with technology and may fall behind when it comes to security strategies.
The world is becoming more interconnected by the day, with devices from washing machines and cars, to delivery drones and baby monitors collecting data and connecting to applications that are attractive targets. Indeed, anti-virus company Kaspersky reported that over 100 million attacks on IoT endpoints occurred in the first half of 2019 alone.
Adding to the increased use of the IoT is the emerging technology being used to connect to it. From Machine Learning and Artificial Intelligence (AI) to 5G and Cloud Storage, there is a wider array of young and vulnerable technologies that are being dispersed rapidly among populations. This will allow hackers to launch wider attacks, targeting more people, more devices and inevitably causing more damage.
New technology also means that these threat actors will have more tools at their disposal. For example, just as AI is being harnessed to help detect cyber-attacks, the technology can also be used to disguise an attack more effectively using the same behaviour and tricks.
Cloud Storage has caused some false hope, as many companies moved their data over to the Cloud only to find it was no safer than before. Indeed, one of the largest breaches of 2019 involved a hacker infiltrating the servers of a third-party Cloud computing company used by financial corporation Capital One, resulting in around 106 million exposed records. The evidence is clear that ransomware attacks will increasingly target these extensive caches of data.
Nevertheless, Cloud computing is predicted to become more widespread and more complex. This means that companies must be prepared to question and insist upon better security practices from their providers. However, with 64% of enterprises believing that cloud infrastructure is a much more secure alternative to legacy systems, this attitude may prove difficult to encourage. Additionally, a 2016 study has shown that more than half of enterprises spend between $10,000 and $500,000 on implementing additional cloud infrastructure security, showing that, as important as it is to be vigilant with Cloud services, it is also costly.
Phishing attacks are a classic on lists of top cyber threats, having plagued individuals and companies for decades. Interestingly, the tactics, tools and techniques are evolving rapidly and transforming this well-known threat into a monstrous new villain. What is more, these scams are effective and relatively simple, making them extremely dangerous.
Long gone are the days that phishing attacks were easily recognisable, with obvious give-aways or suspicious signs. Today, attackers are utilising new technologies as well as manipulating data gained from previous attacks in order to create impressively authentic scams. For example, threat actors have been known to use AI to develop more convincing lingo, or to collect voice samples for use in phone phishing scams. There are also growing fears that Deepfake technology could be harnessed as part of this evolving threat as well.
The Growing Cybersecurity Skills Gap
One recent study has predicted that there will be 3.5 million unfilled cybersecurity jobs globally by 2021, representing a 350% growth in unfilled positions from 2013 to 2021. Another study agreed, observing that “nowhere is the workforce-skills gap more pronounced than in cybersecurity”, while the Harvard Business Review showed that the majority of Chief Information Security Officers around the world are worried about the cybersecurity skills gap, with 58% believing the problem of not having expert cyber staff will worsen.
This deficit is exacerbated by the rapid rate of new technology, enhanced IoT integration and sophisticated cyber-attacks, with the level of skilled people needed to accompany these developments simply not existing.
Implementing effective cybersecurity policies requires an experienced and skilled cyber workforce, one that is capable of keeping on top of current threats as well as spotting new ones on the horizon. Without these people, industries around the world stand to lose millions. Security teams are under severe pressure, finding themselves unable to cope with the constant threats due to limited talent and limited funds.
The key to facing these challenges is to be prepared and to responsibly invest in your cybersecurity. At Agilient, we are experts in all areas of cybersecurity – from policies and strategies to training, compliance and penetration testing. We take an in-depth look at your organisation, taking the time to understand your needs and your future and integrating this into our process in order to deliver strong, knowledgeable and adaptable cybersecurity. Contact us today to find out how we can help you.
Author: Elsa Chapple