By Murali Urs
Cybercriminals are launching more attacks than ever and adapting their techniques to trick more victims and make more money. In 2019, they unleashed a variety of new types of attacks and used a range of new tactics to try to increase their success. From spear phishing and sextortion to account takeover and ransomware, the threat landscape continues to evolve, and attacks are becoming more targeted, sophisticated, and costly.
With the arrival of the new year, many organizations in India are increasing their digital spending. But they are also more prone to certain serious cyber threats that prevail. Considering a volatile threat landscape, one of the key concerns for companies is how prepared they are for cyber-attacks and malware. Businesses of all sizes, and the service providers need to be prepared to adapt their approach to defending against these threats. Many attacks are designed to evade traditional email security, including gateways and spam filters. Many of these threats and challenges are a continuation of past trends. Below are major ones that organizations will need to gear up for in 2020.
Email – Still a Top Threat Vector
Clicking on a link in an email has very often led to successful cyberattacks. That is what makes e-mail one of the easiest and most effective way for cyber-attackers to harvest user credentials and personal information. Also, to install malware on a target’s machine. In 2020, CISOs must do more to make this channel more resilient to threats. Such as investing in cyber-security infrastructure, enforcing adequate policies and security training programmes, utilizing AI-powered tools to detect spear-phishing and other fraudulent messages, etc.
The BEC and Deep Fakes
Business email compromise (BEC) attacks cost organisations millions of dollars every year. In the months to come, highly targeted attacks and conversation high jacking will proliferate as mechanisms for BEC – making these threats even more convincing, and ultimately more costly. Organisations will need to raise staff awareness about the threat with their internal training programmes. More focus needs to be put on technologies and processes designed to spot and block attacks.
There’s also another arguably bigger threat that is growing rapidly – “Deepfakes”. These are AI-based spoof images, videos and audios created using computers and machine learning software – to make them seem real, even though they are not. They will be used to propagate disinformation and even trick employees into making wire transfers. The threat will need advanced tools, strong cybersecurity solutions and improved employee training in order to be mitigated.
The advent of digital transformation in companies has led to the advent of cloud platforms – like hybrid and multi-clouds. But this has also given rise to high-level security concerns as well as complexities that many in-house security teams are not equipped to manage.
Over the coming year, we will see growing data leaks stemming from misconfiguration of cloud infrastructure. Along with an increasing number of data breaches where hackers capitalise on internal mistakes to make off with sensitive data. This could also result in unauthorized information disclosure and data tampering.
Its 2020, and ransomware is here to stay. This year, hackers will go extra lengths to make sure their attacks are successful – deploying file-less malware techniques, RDP compromise and lateral movement to stay hidden until the time is right to strike. The average ransom demand is increasing too, and cybercriminals will find critical times to make these demands.
Supply Chain Cautions
How important supply chains are for modern organizations is a well-known fact. And that is what makes them a potential security risk. Hackers will become increasingly adept at exploiting supply chain relationships, to further their own interests. In 2020, we will see more attacks on managed service providers (MSPs), which provide a handy stepping-stone into client networks. We will also see digital campaigns targeting the supply chain. CISOs will have to revisit their SLAs and partnership agreements – to guarantee a baseline level of cybersecurity among all their suppliers. They will need to develop their defences knowing that a breach is inevitable.
The cyber security industry is developing new technologies to mitigate the emerging threats targeting segments such as email security, data protection & cloud security. Business leaders need to be aggressive about data security now more than ever.
(Disclaimer: The author of this article is Country Manager-India at Barracuda Networks and views expressed here are his own and need not be those of the publication)