Cybercrimes are becoming more frequent and more damaging. As the world becomes increasingly digitized, cybersecurity can no longer be put on the backburner. Every October, National Cybersecurity Awareness Month (NCSAM) is held to raise awareness of the growing concerns of the safety and security of the digital world.
For NCSAM 2019, we’ve put together a guide of some of the biggest shifts happening in the cyberspace. Here are the cybersecurity trends to watch going into 2020:
1. The Phishing Landscape Evolves
Hackers are developing increasingly more sophisticated phishing methods, posing as reputable companies or familiar individuals to trick users. Email will continue to dominate as the most frequent form of phishing, but mobile attacks are on the rise, and phishing attacks are occurring via sms (smishing) and over the phone (vishing). While phishing isn’t new, these types of cyber attacks are increasing in frequency. Phishing has topped ransomware as the top cyber insurance claim, accounting for roughly one quarter of all claims, according to a report by AIG.
2. BYOD Enhances the Workplace, but at a Steep Cost
More workspaces are allowing the use of personal devices for work, providing the flexibility of remote work, increasing productivity, and cutting costs. But bring-your-own-device (BYOD) comes with security risks, including increased risk of data leaks, malware infection, and exposure to vulnerabilities due to lack of device management. Security managers are now under the strain of added IT infrastructure to keep up with this cybersecurity trend. BYOD is likely not going away any time soon, but the cyber risks will continue to grow. Creating processes and protocols for a BYOD policy can help find a happy medium between the risk and reward.
3. More CISOs Earning a Seat at the Table
Of all the cybersecurity trends, this one might just be our favorite. While in the last few years we’ve been seeing an increase in the prominence of the CISO, the amount of CISOs in the boardroom is finally catching up. A stronger relationship between CISO and board indicates cybersecurity is at the forefront of the board agenda.
4. Growing Security and Privacy Concerns Increase Pressure for Regulation
The last few years saw a sharp increase in security and privacy legislation, and there are no signs of this trend slowing down. Grey areas in compliance are driving the demand for more regulation – from both consumer and business. In fact, US tech leaders from the Business Roundtable signed a letter urging congress to create a comprehensive consumer data privacy law. The letter was signed by 51 CEOs from major tech companies including Amazon, IBM, and Salesforce. This indicates that consumer trust is becoming a priority amid large scale data breaches.
5. Surge in Ransomware Attacks Targeting Local Governments
So far this year, over 55 cities and towns have been targeted with ransomware. Such attacks strain local government budgets that are designated for public amenities and can cripple these organizations and municipal entities. These events highlight the need for local governments to invest in cybersecurity with the same urgent approach seen in the private sector.
6. Cybersecurity Automation Boosting Security Staff Effectiveness
Automation is stepping in to lend a hand in cybersecurity. In a field plagued with high turnover rates and shortage of expertise, automation has been found to increase productivity and improve the ability to prioritize threats at higher speeds. Automation can never replace human staff, but it can add another layer of security and prevent downtime.
7. Cyber Warfare Threats Increase
On a global scale, we’re seeing a growing threat to nations and their civilians with state-sponsored cyber warfare attacks that can penetrate energy grids and nuclear programs, DDoS attacks that can disrupt critical services, and social engineering attacks that can be used to infiltrate systems and spread misinformation. A particularly concerning aspect of cyber warfare is that it can become difficult to track the source of the attack and determine if the attackers are in fact state-sponsored or lone actors.
8. AI Swiftly Becoming a Double-Edged Sword
This cybersecurity trend is quickly taking the industry by storm. The benefits of artificial intelligence (AI) are tremendous, particularly in cybersecurity. In fact, 61% of enterprises say they can’t detect breach attempts today without the use of AI. But as AI becomes essential to cybersecurity, what will prevent malicious actors from reaping the benefits of this innovative technology? At present, cyber attacks are debilitating, with security departments strained, understaffed, and underqualified. With AI and machine learning, we could see cyber attacks like spear phishing and malware at a much larger scale that becomes impossible to manage.
9. Strict Cloud Security Measures Lead to End-User Trust
Confidence in cloud computing is increasing. Though major data breaches in 2018 and 2019 were caused by misconfigured cloud security measures, most notably the recent Capital One data breach, cloud providers are implementing stricter security controls and testing security features more regularly, leading to reports of stronger end-user confidence.
10. Focus Shifts to Third Party Vendor Security
It’s no longer enough to have a stellar cybersecurity strategy; third-party vendors must also be diligently assessed. But managing third-party vendor risk has proved to be a challenge. Hackers use smaller, third-party vendors as an entry to larger enterprises. In fact, 69% of businesses reported they suffered a breach resulting from vendor access.
What’s not changing:
Human error and employee negligence are still the leading causes of data breaches
Human error continues to drive record numbers of data breaches, showing that the biggest cybersecurity threats are within your company. Training can reduce risk. Through cyber literacy training, employees can go from being the weakest link in your security to becoming your organization’s ‘human firewall’.
The skills gap crisis continues to loom over the industry
According to the Cyber Security Jobs Report, there will be 3.5 million unfilled cybersecurity positions worldwide by 2021, with cybersecurity unemployment rates at 0%. The effect this skills shortage has had on the industry has been profound, leaving security departments overworked, under-trained, and under high stress.
Don’t wait for NCSAM to arrive before considering reviewing your cybersecurity strategy. As these outlined trends see wider adoption, the cybersecurity landscape has the potential to change drastically. As it stands, cybercimes vary in complexity and severity, making it hard to keep up. But keeping these trends on your radar going into 2020 is paramount to ensure you stay protected.
Cyber threats are constantly evolving, so at Cybint, we develop and update our content with emerging and forecast threats in mind. Get in touch to find out how we can minimize your organization’s risk effectively and efficiently with our state-of-the-art learning platform.