It’s a new year, a new decade, and a new barrage of cyberthreats. One constant that 21st century businesses have come to realize is that data is very valuable and it’s constantly under attack from outside forces.
From the familiar threats like viruses and malware to new dangers like formjacking and PowerShell attacks, there are multiple risks to navigate when it comes to ensuring the security of your data and network.
Before we get into the specific threats to be aware of in 2020, let’s take a look at some cybersecurity statisticsthat will give you more insight into what you may be up against.
- During the first 6 months of 2019, 4.1 billion records were exposed in data breaches.
- 68% of business leaders say that their cybersecurity risks are increasing.
- There is an attack by a hacker approximately every 39 seconds.
- The average cost of a data breach is $3.92 million.
2020 will bring a mix of old and new threats, but even the older ones are going to be more sophisticated, meaning that companies need to be on their toes and adopt a multi-layered cybersecurity strategy. Those layers should include things like:
- Next-generation firewall
- DNS filtering/Web protection
- Credential security (like two-factor authentication)
- Antivirus/anti-malware software
- Spam and anti-phishing software
- Ongoing user security training (at least annually)
- Strong backup and recovery strategy
- Update and patch management program
Watch Out for These Growing Cybersecurity Threats
Staying on top of emerging threats that will be headed your way this year can help you strengthen your cybersecurity strategy and be ready for anything with sound safeguards in place.
Here are the things to be ready for in 2020.
Office 365 Phishing
Phishing is splintering off into multiple subsets. We’ve already seen the rise of social phishing using direct messages and phishing via text message. One of the emerging genres is squarely targeted at Office 365 users.
Office 365 is the most popular cloud platform in the world and contains the data of millions of customers, a data-rich target for hackers. A recent report found that 25% of phishing gets through Office 365 built-in security.
Hackers can do multiple things once they gain access to a user’s Office 365 account, including accessing sensitive company data and sending spam and phishing using your account’s email address.
Scams to watch out for are:
- Emails that look like a SharePoint file sharing invitation that include a legitimate OneDrive file URL. The link actually takes the user to a fake sign in form.
- Emails to Office 365 admins warning of an urgent update being needed. This scam also uses a fake form that captures their login as soon as it’s entered.
Mobile use at work has exploded and so has malware that’s targeted at mobile devices. There was a 33% risein mobile malware last year, according to Symantec, and mobile devices are increasingly being targeted through malicious apps designed to look legitimate.
Companies that aren’t yet using a mobile device management (MDM) solution, especially if they have employees use their own personal phones to access work data, should definitely look into an MDM app (such as Microsoft Intune) this year.
Fileless PowerShell Attacks
Attacks against PowerShell, which is a legitimate system inside Windows, are on the rise. The Symantec report noted a 1000% increase in 2019.
Attacks that send malicious instructions to PowerShell often get by standard security defenses because they don’t actually contain a file that’s malicious, rather they send commands to an already trusted program.
UTMs and next-gen firewalls that look at program behavior and use protections like application whitelisting can help you defend against this new and emerging threat to your network.
Attacks on IoT Devices (aka Smart Gadgets)
Just this past holiday season, Amazon brought out a whole slew of new internet of things (IoT) devices, including new wearables (ring and frames) and several new Echo voice assistant versions.
Smart gadgets are used both in homes and offices and their numbers continue to multiply. Add on the new connectivity speeds of Wi-Fi 6 and 5G and you’ve got a recipe for disaster if you haven’t secured those smart locks, whiteboards, and other IoT gadgets.
Hackers have a list of all the default passwords these devices come with, and far too often, users set them up without changing them. They’re a prime target for hacks and should be treated just like a computer or server when it comes to good security practices.
Web-based Attacks Like Formjacking
Another statistic that gives some insight into the types of attacks that are going to be popular this year is that web attacks were up 56% in 2019. About 1 in 10 URLs leads to a malicious site, making browsing the web somewhat of a minefield if you don’t have web protection like DNS filtering to warn your users of a dangerous page.
Formjacking is a popular way to steal login credentials and credit card details from legitimate webforms using a code that infects the website and circumvents where the form data is sent. It’s estimated that 4,800 websites are compromised with formjacking code every single month.
Is Your Security Plan Ready for 2020’s Emerging Threats?
If you’re unsure whether your current security plan can handle what’s coming to attack your network this year, let C Solutions help! We can do a full security assessment and let you know whether you’re good to go, or could use some additional cybersecurity strategies.
Schedule your free security consultation today! Call 407-536-8381 or reach us online.