Ensuring cybersecurity is becoming tougher every year as cybercriminals perform new attacks, exploit new vulnerabilities, and execute new attacks constantly; while regulatory institutions change and improve (read: complicate) standards. Your task is to be fully prepared to face these challenges. Here are cybersecurity challenges that need to be on your mind throughout the rest of 2020.
The industry continues to suffer from a severe shortage of cybersecurity professionals and experts warn that the stakes are higher than ever, as the cybercrime epidemic even risks shaking public faith in such cherished ideals as democracy, capitalism and personal privacy. “Honestly, we’re all at risk,” Heather Ricciuto of IBM Security told cnbc.com, “whether you’re talking about a large enterprise or an individual.”
General Data Protection Regulation (GDPR) took effect on May 25, 2018. While this document covers the protection of personal data of EU citizens, its implementation affects every company that processes data of EU customers or businesses or has an office in one of the EU countries. The good news is that regulators will not audit international companies for GDPR compliance. However, if there is a complaint from an EU citizen or a breach, the company will have to pay a hefty fine: up to €20 million (around $24.5 million) or 4% of the company’s global annual turnover â€• whichever is greater.
Another problem is hackers using non-compliance with GDPR to their advantage by blackmailing companies that don’t meet all the requirements of the regulation. Gilad Peleg, CEO of SecBI, predicts that ill-prepared companies will have to find a way to “become at least partially compliant” with the new regulation. However, many experts agree that majority of companies will fail to comply with GDPR by the deadline. Furthermore, according to a recent Forrester report, nearly half of these businesses won’t even try to comply because the cost of compliance outweighs possible risks.
In 2018, the number of attacks via compromised IoT devices is also expected to increase. Three most common security problems that the IoT world will face in 2018 are:
Of course, various IoT manufacturers who work hard to improve the security of devices. However, a large number of devices that are already deployed are either difficult or downright impossible to patch. As a result, we have millions of connected devices that have little to no defense against hackers. Thus, ensuring a higher level of protection for IoT devices and systems is essential.
In contrast to IoT devices, cloud platforms store large amounts of sensitive and valuable data. While cloud providers put a lot of effort into ensuring the security of their services, there are still too many security issues you can’t ignore.
A few issues that need special attention include:
Artificial Intelligence (AI) and Machine Learning (ML) software can “learn” from the consequences of past events to reach the set goal. While many cybersecurity professionals use AI/ML tools for preventing cyber attacks, there is a chance that hackers will also use these innovative solutions for performing more sophisticated attacks.
AI and ML may be used for performing different types of attacks – from sending vast amounts of spam/fraud/phishing messages via chatbots to AI-powered password guessing to performing cryptographic attacks.
Many companies adopting cryptocurrency technology don’t implement appropriate security controls. As a result, they will only continue to experience financial losses, predicts Bill Weber, principal security strategist at eSentire.
When working with cryptocurrencies and blockchain systems, there are three main types of attacks you need to be prepared to deal with:
As sandboxing becomes more and more popular as a malware detection and prevention method, cybercriminals will come up with new ways to evade this technology. For instance, there are new strains of malware that can recognize if they are inside a sandbox. These malware infections do not execute their malicious code until they are outside of the sandbox.
There are two main techniques that attackers use for evading sandbox solutions:
Another significant problem is the increasing popularity of non-malware attacks. Many organizations still lack in preparation for this type of cyber threats, which only encourages the attackers to use fileless malware even more. The more common memory-only non-malware attacks exploit Windows vulnerabilities and execute their payload in the memory. Such infection can be deleted by rebooting the system.
However, there are more complex types of non-malware attacks. Some attacks can use the existing Windows tools for malicious purposes, while the others can continue to run their malicious code even after the system reboot. Two main reasons why fileless malware is harder to detect are:
As a result, traditional anti-malware software cannot detect non-malware threats effectively, and new solutions are called up.
While switching to DevOps leads to better efficiency, higher speed, and more responsive delivery of IT services, this movement may also pose serious cybersecurity threats. Many organizations are still struggling to apply adequate security controls in the DevOps practice. As a result, you need to be ready to deal with a lot of possible security problems when moving to DevOps. These include:
Biometric authentication gains more and more popularity as an innovative cyber security solution. While some people see biometrics as a new and efficient way of improving the security for enterprises, others see it as a possible problem.
There are many types of authentications based on biometrics: common fingertip scanning to a more innovative voice, iris, or face recognition. Many people believe that biometric systems are nearly impossible to compromise – the data can’t be guessed and is unique for every user. Thus, it seems to be a better solution for a single-factor authentication and a great addition to a multi-factor authentication system. However, biometric systems have their drawbacks.
A major issue is that biometric information can still be stolen or duplicated, just like a user’s login and password. However, in contrast to a password, the user can’t change the scans of their iris or get a new face. This creates new challenges for cybersecurity professionals in the future.
Just like in the previous years, ransomware remains to be one of the deadliest cybersecurity problems. According to many experts, ransomware will become even worse in the coming years. For instance, FireEye predicts that there will be more ransomware used in 2018, mostly because ‘administrators are slow to patch and update their systems'.
The main targets will be companies that store valuable information, such as users’ personal data or web browsing habits, and cloud services, especially those that perform computing in the cloud and, therefore, store huge amounts of data. The only way to lessen the possible harm caused by these attacks is to have back-ups for all the significant data.
Another worrying fact is the high possibility of cybercriminals using AI methods for improving their attacks. Machine learning and neural networks may be used for gathering specific data or spreading carefully targeted phishing messages. As Steve Grobman, CTO, McAfee, explained to MIT Technology Review, AI ‘gives attackers the tools to get a much greater return on their investment’.
Of course, the problems we listed above are not the only cybersecurity problems that businesses will face in the near future. However, these threats will be on the rise and have the most significant effect on both, enterprises and end users.account.
Phishing Gets More Sophisticated — Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.
Now that employees at most organizations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are upping the ante — for example, using machine learning to much more quickly craft and distribute convincing fake messages in the hopes that recipients will unwittingly compromise their organization’s networks and systems. Such attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware Strategies Evolve — Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.
Cryptojacking — The cryptocurrency movement also affects cybersecurity in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to “mine” for cryptocurrency. Because mining for cryptocurrency (like Bitcoin, for example) requires immense amounts of computer processing power, hackers can make money by secretly piggybacking on someone else’s systems. For businesses, cryptojacked systems can cause serious performance issues and costly down time as IT works to track down and resolve the issue.
Cyber-Physical Attacks — The same technology that has enabled us to modernize and computerize critical infrastructure also brings risk. The ongoing threat of hacks targeting electrical grids, transportation systems, water treatment facilities, etc., represent a major vulnerability going forward. According to a recent report in The New York Times, even America’s multibillion-dollar military systems are at risk of high-tech foul play.
State-Sponsored Attacks — Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cybercrime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2020, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.
Many such attacks target government-run systems and infrastructure, but private sector organizations are also at risk. According to a report from Thomson Reuters Labs: “State-sponsored cyberattacks are an emerging and significant risk to private enterprise that will increasingly challenge those sectors of the business world that provide convenient targets for settling geopolitical grievances.”
IoT Attacks — The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT is expected to reach 75 billion by 2025). It includes laptops and tablets, of course, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems.
Connected devices are handy for consumers and many companies now use them to save money by gathering immense amounts of insightful data and streamlining businesses processes. However, more connected devices means greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.
Smart Medical Devices and Electronic Medical Records (EMRs) — The health care industry is still going through a major evolution as most patient medical records have now moved online, and medical professionals realize the benefits of advancements in smart medical devices. However, as the health care industry adapts to the digital age, there are a number of concerns around privacy, safety and cybersecurity threats.
According to the Software Engineering Institute of Carnegie Mellon University, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”
With hospitals and medical facilities still adapting to the digitalization of patient medical records, hackers are exploiting the many vulnerabilities in their security defenses. And now that patient medical records are almost entirely online, they are a prime target for hackers due to the sensitive information they contain.
Third Parties (Vendors, Contractors, Partners) — Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees.
As cyber criminals become increasingly sophisticated and cybersecurity threats continue to rise, organizations are becoming more and more aware of the potential threat posed by third parties. However, the risk is still high; U.S. Customs and Border Protection joined the list of high-profile victims in 2019.
A report on “Security Risks of Third-Party Vendor Relationships” published by RiskManagementMonitor.com includes an infographic estimating that 60% of data breaches involve a third party and that only 52% of companies have security standards in place regarding third-party vendors and contractors.
Connected Cars and Semi-Autonomous Vehicles — While the driverless car is close, but not yet here, the connected car is. A connected car utilizes onboard sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fueling the Future.”
For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. In addition to safety concerns, connected cars pose serious privacy concerns.
Source: McAfee Labs
As manufacturers rush to market with high-tech automobiles, 2020 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
Social Engineering — Hackers are continually becoming more and more sophisticated not only in their use of technology, but also psychology. Tripwire describes social engineers as “hackers who exploit the one weakness that is found in each and every organization: human psychology. Using a variety of media, including phone calls and social media, these attackers trick people into offering them access to sensitive information.” The article includes a video demonstrating an example of social engineering.
A Severe Shortage of Cybersecurity Professionals — The cybercrime epidemic has escalated rapidly in recent years, while companies and governments have struggled to hire enough qualified professionals to safeguard against the growing threat. This trend is expected to continue into 2020 and beyond, with some estimates indicating that there are some 1 million unfilled positions worldwide (potentially rising to 3.5 million by 2021).
The severe shortage of skilled cybersecurity professionals continues to be cause for alarm since a strong, smart digital workforce is essential to combat the more frequent, more sophisticated cybersecurity threats emanating from around the globe.
That’s why the University of San Diego created two master’s degree programs focused specifically on the most critical issues facing cybersecurity professionals today — the innovative, online Master of Science in Cyber Security Operations and Leadership and Master of Science in Cyber Security Engineering, which is offered both on campus and online.
Denis Otieno -BA Crim,DIT,DCM,FM, RCrim
Denis SR. is Cyber Crime Digital Forenscics Expert with Vast Experience in Telco Space,Fiber Optics Penetrator and Director of Criminal Investigations for JUST 40 DAYS Fighting Crime using Technology for all that's cyber, Digital and Internet in Cyber Security Operations, Bringing Justice, Establising Peace.
He holds a Degree in Criminology and Security Studies with a concentration in Security, a Diploma in Information Technology in the Management of Information Systems and a Certificate in Marketting Management with Several Certification in Fraud Management from MTN ACADEMY. His research topics are dedicated to the ongoing progression of cybersecurity, cyber law, cybercrime, national and international cyber policy, and disaster recovery efforts.
14 Feb, 2020  0  Comments
Ensuring cybersecurity is becoming tougher every year as cybercriminals perform new attacks, exploit new vulnerabilities, and execute new attacks constantly; while regulatory institutions... ...Read More
06 Feb, 2020  0  Comments
According to the University of Chicago, social media is more addicting than cigarettes. Does this mean you should you steer clear of social media, or is there a way to use it without... ...Read More
04 Feb, 2020  0  Comments
At least 20 former Jehovah's Witnesses are suing the group over historical sexual abuse they say they suffered.
The group has a policy of not punishing alleged child sex abuse unless a... ...Read More
Productivity, we all have struggled with it, simply the working time seems so tight that we couldn’t get done anything we planned. It happens to everyone to struggles with... ...Read More
Sign up to receive our free newsletters!
We do not spam. We value your privacy!
© 2020 Just40days.com. All Rights Reserved. Developed by HariOm Technologies