The landscape of threats facing businesses and organizations in terms of cybersecurity is massive. Not only is it huge and overwhelming, but it’s always changing and evolving. In many ways, organizations and government entities are all embroiled in a cybersecurity war at all times.
A new report recently came out from 4iQ, a cybersecurity and intelligence firm. The report looked at data breach incidents from 2018 and found that these attacks were up 420% from 2017. Additionally, the same report indicates 14.9 billion records were exposed in 2018, which was up from 8.7 billion in 2017.
It’s important to be proactive and look forward to see these changes before they have the potential to cripple your organization. From the large details, such as training employees on phishing attacks to the smaller details, such as IPAM or IP address management, how do you know where to put your attention and focus?
The following are some of the most relevant cyber security trends for this year and things to make sure you’re ahead of.
What’s the Deal with Ransomware?
Ransomware is losing steam. Cybercriminals are looking at other options that will make them more revenue. That doesn’t mean this threat has altogether disappeared, but the number of these attacks that occur is going down.
The reason that ransomware attacks are less common is that there are more effective ways to make money and they require fewer skills.In fact, criminals can buy ready-made attack packages on the dark web,and they don’t even require tech skills to use them.
The Proliferation of Devices
A big issue a lot of organizations face currently is how to deal with mobile devices including those that are managed as well as unmanaged. This has become particularly prevalent with the growth of IoT. Many connected devices have very little security, which then means more vulnerabilities for enterprise networks.
Companies and enterprises are going to have to start laying clear guidelines to maintain security and control over both managed and unmanaged devices.
Phishing Attacks Aren’t Letting Up
While ransomware may be on the decline, phishing attacks aren’t. Phishing attacks are still the most common type of IT security threat,and they’re becoming more advanced and sophisticated in their approach. There are not long the obvious phishing attacks of the past—for even an expert it can be tough to spot these attacks now.
According to a study cited on Forbes.com, at the end of 2018 online phishing attacks were up 297% over the previous year.
Most of these emails come from familiar, trusted sources. They’re tailored and personalized, as well as being localized.
Spear phishing attack trends will focus on exploiting the trust people have with the people they regularly communicate with.
Specifically, one area some experts are saying could be problematic this year and beyond is with mortgage wire fraud. Home buyers will be duped into sending their closing fees to a hacker by a wire transfer. The hacker will be breaking into the system of the lender or the title agent to facilitate this, where they’ll access a list of deals nearing close.
Implementing GDPR Requirements
The General Data Protection Regulation (GDPR) is just now really starting to be put into global practice by companies. With the massive scale and reach of this legislation, businesses are struggling to make sure they have the necessary guidelines in place to ensure they are compliant.
Implementing GDPR has led some companies to appoint data protection officers who are responsible for all aspects of compliance with this law.
In the U.S. there may be some adoption of similar practices at the state level. .For example, the California Consumer Privacy Act has become law and is being implemented in 2020.
Small Businesses Are Increasingly Targeted
Finally, the concept of small businesses being a prime cyber attack target isn’t new, but it continues to become more relevant. Small businesses have less stringent security measures in place,and it’s easier to penetrate their systems.
Large businesses and enterprises have invested quite a bit into protecting their systems, while small businesses still tend to hold onto the outdated concept that they’re too small to care about.
Hackers are targeting small business vulnerabilities,and then they’re able to commit fraud and identity theft by accessing identity records maintained by these small organizations.
Even small businesses with a tiny budget are going to have to start allocating resources toward advanced cybersecurity.