Which are the likeliest attack vectors in 2020?
On 31 December, the year and decade will come to a close, making for a poignant time of reflection for every industry. However, cybersecurity is future-centric, with most companies searching for sustainable, always-on solutions to protect businesses moving forward.
While the industry deserves a period of fond reflection, security personnel must always be thinking about tomorrow, next week, next month, and so on. In particular, they should continuously evaluate which threats are most pressing for their business and which solutions are most suitable.
To determine this, organisations must familiarise themselves with the attack vectors that will take centre stage (or continue doing so) in the next year. Provided there are no surprises, this puts organisations in better stead against the inevitable attacks.
Phishing has found its way onto pretty much any 'common attack vector list' worth its salt. A threat almost as old as Windows XP (which really takes us back!), phishing attacks have firmly stood the test of time. One of the main factors responsible for this is that the threat has evolved with the times. In particular, lateral phishing has recently gained significant traction and will surely continue to do so.
Malicious actors use lateral phishing to launch attacks from already-compromised email addresses. To the recipient, these appear as internal. What's more, the recipient will often have already corresponded with the sender, leading them to not question requests. In turn, the recipient will unknowingly hand over sensitive information to the malicious actor upon their asking.
Why will it thrive in 2020? Unfortunately, malicious actors are always fine-tuning their phishing methods to make them more believable. In fact, social engineering as a whole doesn't look like it's going anywhere. Thus, it's important to educate your workforce about phishing attacks. They do say that two heads are better than one, so the power of your entire workforce versus that of one malicious actor is sure to keep your company's head above water.
Ransomware subjects users to extortion by inhibiting their access to their data. This could be through locking the computer screen or encrypting the data. The threat necessitates that, to reverse it, the user must pay a ransom.
After a lull in 2017/8, ransomware returned with a vengeance. Unfortunately, in 2019, more high-profile companies fell victim to it than ever. If this indicates anything, it's that ransomware has become more targeted.
As this attack style gets smarter and ransom gets costlier, all businesses must buckle up tight ahead of 2020 because assets in captivity have changed. While data has proved itself as a valuable currency, attackers may then take the initiative to go after other intellectual property in the business.
This widens the net of likely targets; businesses don't need to be large corporations with copious amounts of data. Anyone with something to protect (even just an idea) must watch their backs.
Annoyingly, protection is very much what we already know: to find the data protection solutions that address your unique needs. Companies that especially cannot risk zero-day attacks (and often pay the ransom to quickly solve the problem) should take special care to not render themselves out of pocket.
Compromisation through credentials
There is so much to say about credentials and the security problems surrounding them. However, these often boil down to individuals simply not being vigilant enough with their passwords.
Understandably, it's frustrating to need a username and login for absolutely everything, but password reuse in particular is hugely negligent. Although IT and security teams know this very well and shudder at the thought, it doesn't stop widespread password reuse everywhere else.
Unfortunately, malicious actors know only too well that a) people like to reuse their passwords, and b) people like their passwords to be easily memorable. Both are a recipe for disaster, and the worst is yet to come.
Because old habits die hard, poor password hygiene is still too prevalent. Thus, it's only a matter of time before malicious actors take advantage of, what's frankly, an open door, now more than ever.
In particular, they may find infiltration easier given that industry-wide focuses are on more sophisticated security challenges with more sophisticated solutions. Of course, no one can blame them; everyone is being ushered through the digital transformation door, and quickly. With that, businesses face numerous new considerations, leaving best practices like password vigilance behind. Thus, while the minds of enterprises are elsewhere, it creates an opportune time for malicious actors to dig their claws.
Sadly, this is only scratching the surface. There are pending threats that we can't even begin to understand until they happen. For example, as organisations better understand how to work with newer technologies such as artificial intelligence, cyber attackers will have no hesitation in learning how to use the very same technology to their advantage.
Furthermore, cybersecurity has long had a 'you can't fight what you don't know' mentality. However, enterprise-wide education and vigilance can catapult you ahead of cyber attackers by a long shot and makes for a very good start.
Want to continue preparing for 2020? Check out this article on what organisations are looking for in UC and collaboration platforms for next year.