Cybersecurity 2020 Snapshot
by Serena Raymond on Mar 29, 2020 12:00:00 AM
This post on cybersecurity 2020 isn’t about cybersecurity hindsight. We’re putting this year-to-date under a microscope and observing exactly where cybersecurity stands.
We’re going to explore external influences on cybersecurity, trends we’re seeing in the space, and what it means for businesses everywhere.
Coronavirus effect on cybersecurity 2020 at-a-glance
You didn’t think you were going to get through an entire blog post without someone bringing it up, did you?
Coronavirus is having a serious impact on cybersecurity in 2020. It’s not just affecting our health, it’s impacting our normal lives and how we work. And it’s not just all about the risks that remote work can bring.
It’s creating a large distraction for businesses as a whole. As healthcare providers, government agencies, and small businesses shift gears to address general business concerns because of COVID-19, some of us are forgetting that security threats are still out there. In some cases, resources are being redirected and opening businesses up to major data breaches.
The following trends in cybersecurity would have likely been on this list even without coronavirus. However, COVID-19 is amplifying these concerns, as cybercriminals exploit universal distraction for their own gain.
So while you could theoretically omit the coronavirus from a list of cybersecurity trends in the year 2020, you wouldn’t be looking at the full picture. It continues to have an impact on everything we do, and cybersecurity is no exception.
Mobile threats should be taken seriously
You’re not just using your phone to play Candy Crush. You’re sending work emails, checking work applications, and accessing critical information.
Just because you’re on your personal phone, doesn’t mean your business data isn’t at risk.
All of the threats you can find on your work laptop, you can find on your cell phone. Companies need to make sure their employees are accessing applications securely and stress the importance of updating software.
Employees are especially likely to fall victim to phishing attacks on their cell phones, when they’re likely reading messages quickly between meetings or after work. Understanding this is the first step in mitigating the threat of mobile attacks.
Security in the cloud
Cloud security is a broad term that refers to security of cloud data, applications, and infrastructure. Unfortunately, because this is such a broad term, people have differing views of what cloud security really is.
When one person refers to cloud security, they might mean securing cloud services. Someone else might mean protecting the connection between the user and cloud applications.
For our purposes, it’s everything related to the cloud. And at this point in time, most everything is in the cloud. Which means you need to protect it. As 2020 marches on, cloud security will become even more important. Especially with so many remote employees now accessing cloud applications with insecure devices.
AI: Everyone has it
AI and machine learning isn’t just a cybersecurity trend. At this point in 2020, all forms of technology claim to be relying on machine learning in some way.
Machine learning will continue to be a big sticking point in the cybersecurity industry. To innovate and grow, companies need to adopt cybersecurity.
But when we say “everyone” has AI, we really mean it. It’s even suggested that hackers might be using AI to deploy malware.
In 2019, AI-generated audio was used to impersonate a CEO’s voice and trick employees into handing over actual cash.
Hackers are smart, and while the good guys use their AI to keep them out, expect to see more of an AI arms race through the end of the year.
State-sponsored cyber attacks
After the RSA conference in February, we walked away knowing that government cybersecurity was going to be a big deal.
With the distraction that is coronavirus, an upcoming 2020 election, and peace talks with the Taliban, this will certainly remain a huge cybersecurity threat globally.
We’re only three full months into 2020, and this has already been an exceptionally active year from a government perspective. By that, I mean on a global scale swift government action has become a necessity.
As mentioned previously, all of these moving parts are creating a lot of distractions, which increases the likelihood of state-sponsored attacks. It’s also creating a lot of opportunities for individual cybercriminals (or small cybercriminal gangs) to capitalize on.
Ransomware never sleeps
It doesn’t matter what the crisis is: wildfires, hurricanes, or contagious diseases. Cybercriminals are deploying ransomware attacks to target your fears.
One new ransomware attack targets healthcare workers using coronavirus as the bait. And it’s working.
The goal of a ransomware attack is to hold something hostage and ask for payment in exchange for the release of what was taken hostage. As an example, your browser may be “taken hostage” and “require” payment to become unlocked. Or, a hospital or other essential service might be locked from viewing sensitive patient data, and the only recourse would be to pay the fee.
Not only is ransomware a concern-of-the-moment because of coronavirus, but attacks are expected to rise regardless. Ransomware-as-a-service is a growing (and lucrative) trend for cybercriminals.
Much like you’d grow a typical business, ransomware providers are forming partnerships and supply chains for these attacks. Expect to hear the term “ransomware-as-a-service” more throughout 2020 as “organized crime” takes on a new meaning for the future.
Businesses are at varying levels of preparedness
While not unique to 2020, it’s very likely that businesses will go from varying levels of preparedness to unprepared as a whole. Because of the economic effects of coronavirus, we expect to see more companies slashing budgets where they need to and inadvertently exposing their businesses to cyber attacks.
We can still move toward a new secure future for all industries, but I presume we’ll be seeing the effects of the coronavirus in cybersecurity (and so many other fields) for the next few years.
If you’re a managed service provider looking to guide your clients through this uncertainty, we wrote a guide with our friends at Huntress Labs. This guide will help you work with your clients, whether they’re looking to grow their cybersecurity maturity or are now budget-conscious because of outside forces.
When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.