ml

Many security experts would probably agree that 2019 was a very interesting and challenging year. According to a Forbes report, 2019 saw more than 3,800 publicly disclosed data security breaches in the United States within the first 6 months.

The year 2019 witnessed some very large, disturbing, and public-profile information security breaches.

According to the Ninth Annual Cost of Cybercrime Study Report published by Accenture in 2019, the average number of security breaches grew by 11 percent since 2018.

Some of the security breaches recorded in 2019 include (presented in descending breach reported date order):

Gekko Group, a subsidiary of Accor Hotels, in November 2019 with over 660,000 customer records exposed

Quest Diagnostics in June 2019 with about 11.9 million patient records affected

First American Financial Corporation in May 2019 with about 885 million records of mortgage transactions affected

Facebook in April 2019, via third-party hosted servers with over 540 million records exposed

Capital One in March 2019 with over 106 million breached customer information

Fornite, owned by Epic Games, in January 2019 with about 200 million users affected worldwide

We are now only the third day into the new decade and already a retail foreign-exchange specialist company; Travelex; was reportedly forced to shut down its online services following a virus attack on its systems.

Cybersecurity and cyberattack issues are becoming ever-increasing struggles for businesses and organisations. And these can so easily affect all organisations, regardless of size.

With new risks & threats emerging every other day, the risks of compromising customer or employee data are becoming ever increasingly challenging to organisations as more severe consequences are being put in place and followed through by regulatory agencies.

Reputational damages caused by security incidents and data breaches could be incalculable.

So, with 83% of enterprise workload expected to move to the cloud by the end of this year, here are some security risks and threats that I expect (predict) to cause major headlines this year:

Ransomware

It is reported that a business will fall victim to a ransomware attack every 14 seconds in 2019 and every 11 seconds by 2021. This suggests that a similar prediction for 2020 will put the figure less than every 11 seconds. That is appears to be a worrying prediction.

Ransomware attacks were very prevalent in 2019. With the increase in sophistication and complexities; particularly enterprise ransomware; I envisage this trend will continue in 2020, particularly against healthcare organisations, small businesses, schools, and local government institutions.

Phishing & Social Engineering

According to the 2019 Data Breach Investigation Report published by Verizon, 32% of data breaches involve phishing.

And according to the 2019 Internet Security Threat Report (ISTR) published by Symantec, phishing security incidents have declined year on year for the last four years; I expect this trend to continue.

Formjacking

The report by Symantec reveals that formjacking remains the greatest threat to online retailers and other organisations within goods supply chain. I expect to see this trend continue to rise.

Internet of Things (IoT)

Gartner projects that there will be around 20.4 billion IoT devices by the end of this year (i.e. 2020).

Symantec reports that, in 2018, network routers accounted for 75% of infected devices, and connected digital cameras accounted for 15% of infected devices. Understandably, routers were the most targeted devices simply because they are gateways (i.e. entry/exit points) from internal networks to the internet.

China, North America, and Europe collectively represent two-third of installed and in-use IoT devices, with consumer items (smart televisions, virtual assistant smart speakers, smart refrigerators, digital set-up boxes, etc.) representing more than 60% of IoT connected devices.

Adoption of 5G technologies, infrastructure, and systems is expected to have a global reach in 2020, and this should give rise to a plethora of new IoT devices.

I envisage that there would be an increase in the number of devices at risk as more consumers and businesses introduce more IoT connected devices to more everyday activities.

Malware

According to a study by Accenture, the average cost of a malware attack on a company is $2.6 million.

Another similar study by IBM, indicates that the average cost of a data breach is $3.9 million.

Given the magnitude of potential damages this could cause to organisations, this appears to be one area of risks and attacks that shows no sign of letting off in 2020.

Mobile Devices

Mobile devices used within corporate environments remain high risk concerns to businesses.

Symantec reports states that, in 2018, 1 in 36 mobile devices had high risk apps installed, and infections on mobile devices were up by a third when compared to 2017.

Mobile devices will become prime phishing attack vectors as attackers continue to employ machine learning and artificial intelligence in attacks.

I envisage that this upward trend is expected to continue in 2020, especially with the anticipated advent of 5G networks and even more mobile devices.

Internal Actors

Insider attacks are forecast to rise in 2020. This is a high impact, high severity, and high probability risk because of the potential for disgruntled or careless employees to inflict great harm on any organisation.

One-third of data breaches involved internal actors.

The human factor remains the weakest link in cybersecurity implementation. Blackmails, hefty bribes, threat to life & family members remain enough duress to make hereto loyal employees to reluctantly reconsider their decisions and choices.

It’s important to emphasise that, as far as regulatory laws and legislation are concerned, the final responsibility and accountability for protecting data in the cloud lies with the organisations that choose to use cloud services, and not the cloud service providers.

This, therefore, mandates that businesses & organisations must ensure that the appropriate and fitting risk mitigating plans, incident response plans, monitoring, controls, and reporting are put in place.

The report by Verizon indicated that 56% of breaches took months to discover. I envisage that effective cyber and information security strategies and implementations could help organisations promptly identify risks, respond and manage security incidents & events.