Although cyberthreats carry over and intensify every year, there are always new and evolving risks businesses must be prepared to repel. Many threats will be rooted in the most common cybersecurity challenges all businesses face with new branches designed to exploit operational technology (OT) and information technology (IT) convergence. The latest 2020 cybersecurity risks are a blend of next generation and virtually new threats so here are 5 risks you need to consider in the new year.
1. Evolving Cloud Security Risks
Although SMBs are at different points in the journey, most have begun the move to the cloud through software-as-a-service (SaaS) offerings that have increased access, versatility and management simplicity for their IT teams and workforce. But every advance can bring challenges with security as organizations misinterpret the shared responsibility model between cloud providers and businesses. This leads to businesses overlooking gaps in the security approach to their cloud infrastructure.
Office 365 instances are an example where many organizations are unprepared to address the changing threat landscape that attackers see as the gateway to the business’s most sensitive data. This has given rise to IP theft, data leakage, credential cracking, and O365-specific attacks.
The challenge is more than an offshoot of the lack of clarity regarding the shared security model between cloud providers and businesses.
A recent Barracuda Networks report showed 40 percent of IT organizations aren’t doing enough to protect Office 365 data, which was detailed in a Dark Reading article. These challenges will continue to evolve in 2020 and beyond with emerging O365 phishing and malware attacks that are the next generation of attacks like KnockKnock.
2. An Evolving Phishing Landscape
While phishing and whaling threats have been around for some time, attackers are constantly evolving their methods of attack. A cybersecurity risk that will surely grow in 2020 and beyond is known as voicemail phishing schemes. Often considered an offshoot of AI-driven deep fakes, these business email compromise (BEC) attacks occur via voicemail phishing scams. They are prevalent with business email systems where fake audio files are used to prompt a user to give up their passwords to retrieve what is in reality a fake voicemail message.
A recent McAfee report shows how these combination of phishing and whaling scams targeted organizations from many industries like finance, IT, retail, insurance, manufacturing, healthcare and others. A wide range of employees were targeted, from middle management to executive level staff.
There are also evolving phishing threats via SMS (smishing) and over the phone (vishing). While 2-factor and multi-factor authentication can provide an effective bulwark against these voicemail phishing scams, far too many businesses have yet to implement effective identity management across cloud services.
3. Mobile Malware
As BYOD and mobility have become ubiquitous across SMBs mobile attacks have begun to evolve with 2020 cybersecurity risks now growing among the countless devices connected to the network. The potential for any mobile device accessing the network without being properly secured is a potential attack vector. Cyberattacks are poised to take advantage of this and will continue to evolve different means to do so in 2020 through malware.
4. Reruns of Old CVEs
January 2020 saw the end of life for Windows Server 2008 R2 and Windows 7 and many businesses are still using devices with this operating system. This will result in many new vulnerabilities which can only be overcome through patching or replacement of the OS.
These make for an easy asset attack vector for threat actors to be able to exploit old vulnerabilities and new threats that take advantage of a lack of patching. The major concern for businesses using this OS is many will find the cost of replacement difficult. Others will be dealing with small IT teams without enough time to undertake such a complex project.
5. Internet of Things (IoT) Threats
Businesses of all sizes are incorporating more IoT devise for monitoring tracking and collaboration just to name three areas. But IoT is still in the evolutionary stage so many devices are still not designed with security in mind. A recent report revealed a 55% hike in the number of IoT threats from 2018.
This will become a growing problem in 2020 and beyond as these devices are added to the business network. Every device connected to the network poses a potential vulnerability that bad actors will seek to exploit and gain a stronger foothold and access within the business.
As the year progresses, businesses will have to adapt to evolving forms of cyberattacks while preparing to defend new attack vectors that come with emerging technology. With endpoints constantly growing beyond the edge of the network, 2020 cybersecurity risks will require holistic security solutions that are innovative, resilient and adaptable.