They say that hindsight is 20/20, but when it comes to cybersecurity in 2020, foresight is crucial. With 2019 more than halfway finished, companies are already having to prepare for the cyber threats they'll face in 2020. Although attackers are constantly looking for new exploits and strategies to defraud and damage companies, some older threat strategies remain amongst the most frequent threats to a business’ cybersecurity.
What are some of the top cybersecurity threats to look out for in 2020?
A few of the biggest threats include:
1) Phishing/Social Engineering Attacks
2018 saw an enormous amount of phishing attacks against all kinds of targets. According to statistics reported by Small Business Trends, "1 in every 99 emails is a phishing attack. And this amounts to 4.8 emails per employee in a five-day work week." Consider just how many emails are sent every single day—which is over 269 billion emails a day if statistics cited by Inc.com are accurate. Furthermore, as stated by Small Business Trends, "Close to a third or 30% [of] phishing emails make it past default security."
What's a Phishing Attack?
Phishing attacks are a kind of social engineering attack where the attacker generates a fraudulent email, text, or website to trick a victim into surrendering sensitive information—such as login credentials for work, passwords to online accounts, credit card info, etc.
Of all the threats on this list, phishing emails are among the gravest because they can trick an employee into giving up their legitimate access credentials, and then abuse those privileges to wreak havoc on your business’ systems.
Plus, as time goes on, more attackers are using phishing strategies because of how cheap, effective, and easy they can be to pull off. It's a low-risk, high-reward strategy for cybercriminals that can they can use with only a minimal investment to time and effort.
How Can I Prevent Phishing Attacks?
Some effective counters to phishing and other social engineering attacks include:
- Providing training to employees so they can recognize a phishing attempt;
- Employing a policy of least privilege for user accounts in your system—limiting the access of each user to the bare minimum needed for them to fulfill their job; and
- Using custom anti-phishing solutions to detect falsified emails that contain dangerous links or requests for information from phishers.
2) IoT-Based Attacks
The number of internet-connected “smart” devices in homes and businesses are starting to increase. The problem is that not all of these smart devices have strong security installed—creating openings for attackers to hijack these devices to infiltrate business networks.
FireEye’s annual threat report outlined the threat of IoT-based attacks, stating that:
“Reaper, a malware that exploited vulnerabilities in IoT devices to gain access and spread itself. The end result of these types of attacks is that threat actors can enlist millions of compromised IoT devices to drive largescale attacks, including the distributed denial-of-service (DDoS) attacks that commonly disrupt and take down website, gaming, and other internet services.”
What's an IoT-Based Attack?
Simply put, an IoT attack is any cyberattack that leverages a victim's use of internet-connected smart devices (such as Wi-Fi enabled speakers, appliances, alarm clocks, etc.) to sneak malware onto a network. These attacks target IoT devices specifically because they are often overlooked when it comes to applying security patches—making them easier to compromise.
How Can I Thwart IoT Attacks?
A key part of preventing IoT-based attacks is having a thorough inventory of all internet-connected devices on your network, and what operating systems they run. Keeping the firmware for these devices up-to-date is also important, as this can help resolve exploits that have been patched by the manufacturer.
When adding smart devices to your business’ offices, make sure to document them, and see if there are any firmware updates that can be run before installing them in your office. Also, carefully consider how each smart device impacts the complexity and cost of executing your security strategies.
Ransomware attacks have been on the decline in general over the last year—at least, ransomware attacks targeting individuals are. As noted by ITPro Today, "The rate of detections within businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That's nearly a 340% increase in detections."
One reason why businesses are being targeted more than private citizens now is that they have more money and motivation to pay ransoms. Another reason cited in the ITPro article is the Bitcoin price crash which made crypto-mining attacks less lucrative—driving cybercriminals to focus on different attack strategies.
How Do Ransomware Attacks Work?
Ransomware attacks generally involve the attacker infecting a victim’s systems with a piece of malware that encrypts all of their data. The victim is then presented with an ultimatum—either pay the ransom or lose their data forever.
In 2020, ransomware is no less grave a threat than it ever was. Every day, businesses face the risk of encryption malware making its way into their systems and destroying their data.
How Can I Stop Ransomware Threats?
There are a few strategies for dealing with ransomware. The first is to use strong perimeter security, such as firewalls, to prevent malware from being uploaded to your systems. Second, individual workstations should have antivirus programs that can scan email attachments for encryption malware.
Finally, having a business continuity/disaster recovery plan in place that includes an offsite backup of all of your most important business data can help to protect your business against loss. If your systems are infected, you can restore your data from the backup.
4) Internal Attacks
One of the biggest ongoing cybersecurity threats faced by any business is its own employees. The inside access that employees have make them capable of inflicting great harm if they choose to abuse their access privileges for personal gain. Or, they may accidentally allow their user accounts to be compromised by attackers, or unknowingly download dangerous malware onto their workstations.
Whether through intentional malfeasance or by unwitting accident, the biggest risk to any cybersecurity architecture is from the employees who use network resources on a daily basis.
Why Are Insider Attacks a Threat?
The reason why insider attacks remain one of the biggest cybersecurity threats to watch for year after year is that they have an enormous potential to cause damage. One disgruntled or careless employee can break your network security open wide enough to allow for a major data security breach.
Additionally, these attacks can be hard to predict and prevent without thorough preparation.
How Can I Prevent Insider Attacks?
To minimize risk in case of an internal attack, one of the best things that any business can do is to use a policy of least privilege to limit what systems and IT resources any user can access to the minimum required for their job. That way, if an employee’s user account is compromised or intentionally abused, the damage caused can be kept to a minimum.
While not a foolproof plan, it can limit your exposure to risk. Also, revoking a user account’s access privileges once it has been compromised can help to contain the attack and prevent the account from being used to do more damage in the future.
5) Asynchronous Procedure Calls in System Kernels
A while back, Ars Technica reported on a major security flaw found in some Huawei MateBook systems that ran the company's PCManager software. According to Ars Technica, "The company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges." This would allow any attackers aware of the flaw to totally bypass a device's security by using asynchronous procedure calls (APCs) to interrupt system processes and force malware code to run.
What's an Asynchronous Procedure Call?
As explained in the Ars Technica artilce, APCs, "Are a way to temporarily direct a thread to stop running the function it's running. Instead, they switch to running a different function; when that different function finishes, the tread resumes the original function from where it left off." The problem driver in the article was meant to be a means of ensuring the software it was part of would keep running in case it crashed, but it also posed a serious cybersecurity risk.
Basically, they're a way to interrupt processes and force new ones to run, often undetected by the system's user since the interruption is in the system kernel—something most non-IT people don't even think about.
How Can I Prevent Asynchronous Procedure Call Attacks?
The thing with the APC risk highlighted in the article is that it represents a pervasive cybersecurity risk—the threat of unpatched security vulnerabilities. It wasn't designed to be a malware program or threat, but it could have easily abused to breach cybersecurity protections.
One of the best ways to counter such threats is to proactively work to update your organization's systems and to remove unsupported software that you don't use.
Need help guarding your business against the countless cybersecurity threats it faces? Contact us today for more cybersecurity advice, or to set up a cybersecurity architecture review for your business!