They say that hindsight is 20/20, but when it comes to cybersecurity in 2020, foresight is crucial. With 2019 more than halfway finished, companies are already having to prepare for the cyber threats they'll face in 2020. Although attackers are constantly looking for new exploits and strategies to defraud and damage companies, some older threat strategies remain amongst the most frequent threats to a business’ cybersecurity.
What are some of the top cybersecurity threats to look out for in 2020?
A few of the biggest threats include:
1) Phishing/Social Engineering Attacks
2018 saw an enormous amount of phishing attacks against all kinds of targets. According to statistics reported by Small Business Trends, "1 in every 99 emails is a phishing attack. And this amounts to 4.8 emails per employee in a five-day work week." Consider just how many emails are sent every single day—which is over 269 billion emails a day if statistics cited by Inc.com are accurate. Furthermore, as stated by Small Business Trends, "Close to a third or 30% [of] phishing emails make it past default security."
What's a Phishing Attack?
Phishing attacks are a kind of social engineering attack where the attacker generates a fraudulent email, text, or website to trick a victim into surrendering sensitive information—such as login credentials for work, passwords to online accounts, credit card info, etc.
Of all the threats on this list, phishing emails are among the gravest because they can trick an employee into giving up their legitimate access credentials, and then abuse those privileges to wreak havoc on your business’ systems.
Plus, as time goes on, more attackers are using phishing strategies because of how cheap, effective, and easy they can be to pull off. It's a low-risk, high-reward strategy for cybercriminals that can they can use with only a minimal investment to time and effort.
How Can I Prevent Phishing Attacks?
Some effective counters to phishing and other social engineering attacks include:
- Providing training to employees so they can recognize a phishing attempt;
- Employing a policy of least privilege for user accounts in your system—limiting the access of each user to the bare minimum needed for them to fulfill their job; and
- Using custom anti-phishing solutions to detect falsified emails that contain dangerous links or requests for information from phishers.
By doing these three things, you can minimize the risk and potential damage of phishing email attacks.
2) IoT-Based Attacks
The number of internet-connected “smart” devices in homes and businesses are starting to increase. The problem is that not all of these smart devices have strong security installed—creating openings for attackers to hijack these devices to infiltrate business networks.
FireEye’s annual threat report outlined the threat of IoT-based attacks, stating that:
“Reaper, a malware that exploited vulnerabilities in IoT devices to gain access and spread itself. The end result of these types of attacks is that threat actors can enlist millions of compromised IoT devices to drive largescale attacks, including the distributed denial-of-service (DDoS) attacks that commonly disrupt and take down website, gaming, and other internet services.”
What's an IoT-Based Attack?
Simply put, an IoT attack is any cyberattack that leverages a victim's use of internet-connected smart devices (such as Wi-Fi enabled speakers, appliances, alarm clocks, etc.) to sneak malware onto a network. These attacks target IoT devices specifically because they are often overlooked when it comes to applying security patches—making them easier to compromise.
How Can I Thwart IoT Attacks?
A key part of preventing IoT-based attacks is having a thorough inventory of all internet-connected devices on your network, and what operating systems they run. Keeping the firmware for these devices up-to-date is also important, as this can help resolve exploits that have been patched by the manufacturer.
When adding smart devices to your business’ offices, make sure to document them, and see if there are any firmware updates that can be run before installing them in your office. Also, carefully consider how each smart device impacts the complexity and cost of executing your security strategies.
Ransomware attacks have been on the decline in general over the last year—at least, ransomware attacks targeting individuals are. As noted by ITPro Today, "The rate of detections within businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That's nearly a 340% increase in detections."
One reason why businesses are being targeted more than private citizens now is that they have more money and motivation to pay ransoms. Another reason cited in the ITPro article is the Bitcoin price crash which made crypto-mining attacks less lucrative—driving cybercriminals to focus on different attack strategies.
How Do Ransomware Attacks Work?
Ransomware attacks generally involve the attacker infecting a victim’s systems with a piece of malware that encrypts all of their data. The victim is then presented with an ultimatum—either pay the ransom or lose their data forever.
In 2020, ransomware is no less grave a threat than it ever was. Every day, businesses face the risk of encryption malware making its way into their systems and destroying their data.
How Can I Stop Ransomware Threats?
There are a few strategies for dealing with ransomware. The first is to use strong perimeter security, such as firewalls, to prevent malware from being uploaded to your systems. Second, individual workstations should have antivirus programs that can scan email attachments for encryption malware.
Finally, having a business continuity/disaster recovery plan in place that includes an offsite backup of all of your most important business data can help to protect your business against loss. If your systems are infected, you can restore your data from the backup.
4) Internal Attacks
One of the biggest ongoing cybersecurity threats faced by any business is its own employees. The inside access that employees have make them capable of inflicting great harm if they choose to abuse their access privileges for personal gain. Or, they may accidentally allow their user accounts to be compromised by attackers, or unknowingly download dangerous malware onto their workstations.
Whether through intentional malfeasance or by unwitting accident, the biggest risk to any cybersecurity architecture is from the employees who use network resources on a daily basis.
Why Are Insider Attacks a Threat?
The reason why insider attacks remain one of the biggest cybersecurity threats to watch for year after year is that they have an enormous potential to cause damage. One disgruntled or careless employee can break your network security open wide enough to allow for a major data security breach.
Additionally, these attacks can be hard to predict and prevent without thorough preparation.
How Can I Prevent Insider Attacks?
To minimize risk in case of an internal attack, one of the best things that any business can do is to use a policy of least privilege to limit what systems and IT resources any user can access to the minimum required for their job. That way, if an employee’s user account is compromised or intentionally abused, the damage caused can be kept to a minimum.
While not a foolproof plan, it can limit your exposure to risk. Also, revoking a user account’s access privileges once it has been compromised can help to contain the attack and prevent the account from being used to do more damage in the future.
5) Asynchronous Procedure Calls in System Kernels
A while back, Ars Technica reported on a major security flaw found in some Huawei MateBook systems that ran the company's PCManager software. According to Ars Technica, "The company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges." This would allow any attackers aware of the flaw to totally bypass a device's security by using asynchronous procedure calls (APCs) to interrupt system processes and force malware code to run.
What's an Asynchronous Procedure Call?
As explained in the Ars Technica artilce, APCs, "Are a way to temporarily direct a thread to stop running the function it's running. Instead, they switch to running a different function; when that different function finishes, the tread resumes the original function from where it left off." The problem driver in the article was meant to be a means of ensuring the software it was part of would keep running in case it crashed, but it also posed a serious cybersecurity risk.
Basically, they're a way to interrupt processes and force new ones to run, often undetected by the system's user since the interruption is in the system kernel—something most non-IT people don't even think about.
How Can I Prevent Asynchronous Procedure Call Attacks?
The thing with the APC risk highlighted in the article is that it represents a pervasive cybersecurity risk—the threat of unpatched security vulnerabilities. It wasn't designed to be a malware program or threat, but it could have easily abused to breach cybersecurity protections.
One of the best ways to counter such threats is to proactively work to update your organization's systems and to remove unsupported software that you don't use.
6) Uneven Cybersecurity Protections (i.e. Security Gaps)
According to data from the 2019 Verizon Data Breach Investigation Report, the majority of cyberattacks (52%) featured “hacking.” Hacking can be defined as direct intrusion attempts made by people outside of your organization attempting to bypass your perimeter network security in some fashion.
While hacking attempts have declined in proportion to other attack methods over the years (it used to be 60% of intrusion attempts in 2016), the danger that these outside attacks pose has not lessened at all. Many hacking attempts try to leverage security gaps to bypass a company’s network security.
Why Are Security Gaps/Uneven Protection Surfaces a Threat?
Hacking attacks can target numerous vectors, but they typically try to probe a business network’s weakest defenses. An uneven security layer between your network and attackers can serve as the entry point they need to penetrate even the toughest defenses—all because ONE asset on your network lacks some key security measure used to protect everything else.
An example of this would be the JP Morgan Chase data breach from 2014. As noted in a New York Times Dealbook article published after the breach, “JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.” Although the bank had dual-factor authentication (DFA) to counter password theft-based cyber threats, because one asset on the network didn’t have that authentication upgrade, it became an easy entry point for what was, at the time, one of the biggest bank breaches in history.
How Do I Avoid Having Security Gaps?
If you apply a new security solution to your business network to counter some specific type of cybersecurity threat, it’s important to make sure that the solution is applied to the entirety of your potential “attack surface.” Otherwise, the one asset on your network that isn’t protected as well as everything else could become the vector for an attack.
Here, performing regular IT asset audits is important for verifying the status of all the assets on your network and making sure that every cybersecurity solution is applied consistently throughout. Risk assessments can further help you prioritize what kinds of solutions need to be applied and identify gaps in your cyber threat protection. Some businesses even use professional security architecture implementation services from a managed security service provider (MSSP) to ensure that there are no gaps or flaws in their cybersecurity protections.
7) Unpatched Security Vulnerabilities and Bugs
Other attackers may target known security bugs in popular business software programs—bugs that often have readily-available fixes. All too often, these security updates/patches are not applied to vulnerable software, however. This leaves the business network exposed to outside attack and compromise.
What is a Security Vulnerability/Bug?
A security vulnerability (or security bug) is an unintentional glitch or programming flaw in a computer software or operating system that attackers can use to illicitly access systems or cause harm.
Sometimes, these flaws can arise not from a single software or operating system’s flaws, but from the interactions between two different programs—making it harder to predict when a bug will appear.
How Can I Deal with Security Vulnerabilities and Bugs?
The best solution for defending against intrusion attempts that leverage unpatched vulnerabilities is to create and maintain a rigorous patching schedule. At least once every few weeks, all software programs on the network should be checked to see whether there are any available security patches from the software developer. Any out-of-date software should be patched to the latest security version.
If a software program is no longer supported by the developer, it may be time to uninstall that program and replace it with a newer one that does the same tasks. Making sure every piece of software and IT asset on your business network has the latest security patches can be crucial for preventing a data breach (or, at least minimizing your risk of one).
8) DDoS Attacks
Distributed denial of service (DDoS) attacks remain a significant cyber threat to many organizations. These attacks are designed to overwhelm a victim’s network resources so they cannot process legitimate traffic on their network. The methodology of these attacks can vary from one to the next, and may involve varying levels of complexity. This is part of what makes DDoS attacks such a worrisome cybersecurity threat.
Why Are DDoS Attacks a Threat?
The ability of DDoS attacks to paralyze operations for businesses of all sizes alone make them a credible threat. However, that’s not the only reason these cyberattacks are considered highly dangerous.
As noted in a Securitymagazine.com article, “DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress.” By using DDoS attacks as a distraction, attackers can distract your cybersecurity team—much like how a stage magician redirects the attention of his audience so they can’t see through the trick.
How Can I Beat DDoS Attacks?
The specific countermeasures for a DDoS attack can vary depending on the methodology of the attack. For example, there are volume-based, protocol-based, and application layer attacks. A solution that might mitigate a volume-based attack, such as simply adding sufficient capacity to handle the fake bandwidth (which is highly inefficient at any rate), wouldn’t be able to counter a protocol-based or application layer DDoS attack. A better solution might be to blacklist IP addresses that are identified as being part of a DDoS attack, but that still may not work for all DDoS attack types.
Thwarting DDoS requires a well-considered cybersecurity strategy that takes a look at the different kinds of DDoS threats you network faces, your available resources, and how to best counter specific DDoS attack types. Here, having the help of a specialized cybersecurity service provider can be invaluable, since they will likely be familiar with the current cybersecurity threat environment and which types of DDoS attacks you’re likely to encounter.
It may even be necessary to set up a disaster recovery (DR)/business continuity (BC) solution to help you minimize the impact of a DDoS attack.
Need help guarding your business against the countless cybersecurity threats it faces? Contact us today for more cybersecurity advice, or to set up a cybersecurity architecture review for your business!