Predictions 2020: Don’t Forget the Current Threats

by Craig DAbreo on December 12, 2019

With cybercriminals increasing their ambitions, constantly evolving hacking techniques year over year, and with emerging technologies providing more attack surface for hackers, executives and IT leaders must plan for the inevitable. They must know how to respond when a security breach happens because it will happen. As we head into 2020, every organization should be prepared for these top five security threats.

Ransomware and Malware: More Costly Than Data Breaches

Using malware or software to deny access to a computer or system until a ransom is paid, these threats are more costly than traditional data breaches alone. But ironically, it’s not the threat of paying a ransom and the cost of stolen data that’s prodding executives to heighten their security protections. These days, the motivating factor is minimizing the most expensive impact—the broader organizational disruption of a cyberattack and the cost to clean up the network and restore business operations. Ransomware is on the rise, and it will cost more than you might think.

Endpoint Attacks: Cloud and SaaS Trends Make it Easier for Hackers

As companies move more resources into the cloud, attack surfaces will continue to grow, making it easier for intruders to get past security measures. With the bring-your-own-device culture that we live in today combined with the proliferation of SaaS providers for data services, hackers have plenty of attack vectors from which to choose.

The challenge organizations face today is securing access into these off-premises resources, which are commonly used as stepping stones for bad actors to get into the network. After all, every attack begins at the endpoint, regardless of whether it serves as the true target. So, whether the risk comes from the unauthorized use of shadow IT applications co-mingled with company resources or users simply getting “pwned” (hacked) off the corporate network through other means, the threat to the user endpoint is a real challenge that has yet to be solved.

Phishing: More Sophisticated Than Ever

Phishing has long been proven to be one of the cheapest and easiest ways to compromise targets, which is why it remains the No. 1 cyberattack vector for hackers. More often than not, phishing attacks appear to be normal, everyday emails from trusted sources but deliver malware to your computer or device, giving the hacker the critical access they need.

With the widespread use of SaaS services such as Dropbox, Slack, Office 365, Salesforce and others, hackers are improving their impersonation skills with more sophisticated attack types ranging from credential stuffing to advanced social engineering methodologies. The content is becoming more relevant and interesting to potential victims, luring them to engage and divulge information. As a result, these attacks have become more difficult to recognize, even for tech-savvy users.

Third-Party and Supply Chain Attacks Are on the Rise

A supply chain attack (also called a third-party attack) occurs when your system gets infiltrated through an outside partner or provider that has access to your systems and/or data. With more digital supply chains and service providers dealing with more enterprise data than ever before, the attack surface has changed dramatically. Hackers have wider opportunities and these types of attacks are becoming more apparent.

Software updates and security patches are critical protections, yet another area of vulnerability when working with third parties. Most third-party software is dependent on external libraries and resources for updates and patches. If these external resources are compromised by bad actors, they can easily redirect system updates to malicious servers to deliver malware to their victims.

AI- and ML-Driven Attacks: Cybercrime Evolves With Advanced Tools

Machine learning (ML) and other artificial intelligence (AI) approaches are now being used to fight cybercrime, becoming “table stakes” in all modern security strategies. But the same tools are being used against us.

As ML and AI become more readily available to the masses, hackers are using them to enhance the sophistication of their attacks. With these tools, attacks can be multiplied and cybercrime can reach all-new heights.

The threat landscape is constantly evolving. Thus, it’s crucial for companies and all privacy-minded users to heighten their awareness around the latest cybersecurity threats. While it’s possible to mitigate risks on your own, many IT departments now pass this task to trusted managed detection and response security service providers.

Want to learn more about what to expect in 2020? Join us Jan. 23 for our Predict 2020 Virtual Summit featuring discussions from some of the industry’s best and brightest offering up their visions for the future. Sign up today for this free daylong virtual event.

— Craig DAbreo

Craig DAbreo

Craig oversees the managed security, threat intelligence and security professional services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in computer science and an MBA in information security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.

craig-dabreo has 4 posts and counting.See all posts by craig-dabreo