The Top Data Security Threats of 2020
In a survey conducted by NASCIO, the National Association of State Chief Information Officers, the number one priority of CIOs for 2020 was cybersecurity and risk management.
Cybersecurity has been a big concern for many CIOs and major corporations over the last decade, and the number of resources needed to manage cybersecurity threats continually evolves and grows as our technologies become increasingly advanced.
If you are concerned about your company’s cyber safety, then you may need to account for more cybersecurity resources through strategic budgeting, establishing security frameworks, data protection, and protection against third-party risks.
Information Security Forums’ annual Threat Horizon’s report predicted that for 2020, large organizations should be prepared for a major shake-up in the industry. Their three main themes for cybersecurity in 2020 are concerning: looming conflict, technology outpacing control, and pressure skewing judgment.
With these cybersecurity predictions and the reports of other reputable cybersecurity watchdogs in mind, let’s outline the top data security threats that your company might face in 2020.
Cybersecurity Trends for 2020
Not only do organizations need to be prepared for cybersecurity threats based on advancing technology, but there are three major political shifts occurring in the United States in 2020. These shifts could have long-term effects on both international and trade relations.
On January 1st, 2020, the California Consumer Privacy Act (CCPA) went into effect, which changes the way that businesses must report on the collecting of consumer data.
November 3rd, 2020 is the date of the next Presidential election in the United States and depending on the outcome, there could be more big shifts in cybersecurity laws on the horizon.
Additionally, by October 1st, 2020, all state-issued identification cards, like driver’s licenses, must be issued under the compliance standards of the 9/11 Commission’s recommendations that were passed by the US Congress in 2005. This means that REAL IDs will be the only IDs accepted by federal agencies such as the DHS and the TSA, causing a potential disruption in the travel market.
Outside of these known events, Forbes warns us about
“…the impact of emerging technologies such as AI, 5G, and quantum computing and evolving technologies such as the internet of things (IoT), things that move (autonomous vehicles and mobile phones), and the cloud; the role cybersecurity will play in the presidential election; the emerging global cyber war; the increasingly targeted and profitable ransomware attacks; the sorry state of personal data privacy; the significant issue of the best way to deal with identity and authentication; the new targets and types of cyber attacks; how to fix cyber defense; the important role people play in cybersecurity and what do about the cybersecurity skills shortage; and the good, the bad, and the ugly of the business of cybersecurity.”
This is not to say that the 2020 outlook is grim, but it will be a trying and testing year for those companies who might not have the capability to protect against the large range of threats that exist.
Here is a closer look at some of the threats that are on the rise so you and your valuable business assets can be better prepared and protected.
Exploiting individuals
One of the primary concerns in 2020 is the inability to keep up with the growing sophistication of phishing attacks.
While phishing may sound like old news, but phishing attacks are changing their approach methodology to target individuals.
This will mean that you might be receiving a personalized email so the phishing disguise has changed. We’ve seen a rise in text-based phishing scams, for example, that base part of the message on known data from an individual.
Data can also be hacked through bulky enterprise systems. When attacks are able to exploit a security vulnerability on a large system, then they are able to send bulk, algorithm-based attacks that can become easily lost and trick individuals into accepting unknown malicious malware.
Similarly, these types of phishing attacks can open new vulnerabilities that lead to ransomware. These vulnerabilities are targeted with exploit packages, which do not need to be downloaded in order to infect an entire system. So long as an attacker is able to exploit a vulnerability on a large system, they are then able to access the data across a wide range of individual profiles.
Ransomware attacks are no longer random. Instead, high-net-profile individuals are targeted. Ransomware is being supported with the rise in cryptocurrencies since it allows for the payment to be anonymous.
Weaponizing IoT and cyber attacks
The rise of the Internet of Things, AI, driverless cars, satellite-based GPS phones, and automated technology spells a high level of risk for companies who are increasingly automating their services.
While these adaptations are normal, if not expected within fast-paced markets, this means that businesses need to be accounting for security risks in items that were not previously a risk.
The risk of weaponizing IoT does not only mean government systems are at risk – even though this is ultimately the case.
For example, state-sponsored cyber attacks are becoming an increased risk for large enterprise hacking and cyber-physical attacks infiltrating the military industry.
These attacks can lead to individual risks, such as attacks on personal data, or bigger picture large-scale data manipulation in terms of government records, health information (and medical records), and state security.
We know this to be a risk as the New York Times reported in 2018 that the U.S. Weapons Systems are increasingly vulnerable to hacker exploits.
Third-Party Vendors
Third-party vendors are a major way for hackers to infiltrate high-profile victims. So while the vendor might not be aware of the attack, they can still create useful vulnerabilities that hackers can exploit.
In 2019, the U.S. Customs and Border Protection fell victim to an attack filtered through third-party vendors. Additionally, even though a majority of businesses work through third-party vendors, only 52% of them reported having security standards in place to protect their company’s data against sensitive breaches.
These numbers persisted despite a reported 60% of data breaches having involved third-party vendors, according to the report on Security Risks of Third-Party Vendor Relationships published by RiskManagementMonitor.com.
Mitigation
Mitigating the variable ways that a company and its data can come under threat is daunting. At present, there needs to be an increase in creative ways to protect against these threats, and a lack of in-house cybersecurity professionals in most organizations is leading to many threat-points remaining vulnerable.
Increasingly, AI is used to interpret security readings by companies that process a large amount of data, such as banks and telephone companies.
According to Justin Silver, a Ph.D. and Manager of Data Science and AI Strategist at PROS, “…there will be increasing scrutiny and attention given to interpretability of AI in order to support organizational adoption of AI solutions. With this, we will see an increase in legal and technical experts focusing on how to effectively audit AI algorithms for bias. Human-interpretable models that account for biases such as gender or race will help prevent occurrences such as the recent gender-based Apple Credit Card algorithmic misstep.”
Data security can also be observed through remote computer monitoring and the use of on-site computer monitoring software.
Different from anti-malware software, monitoring software and employee tracking software, detects outliers in the network, aberrances in user or network activity, abnormal changes in their work habits, and the use of access codes.
Computer monitoring can drastically lower the level of risk faced by businesses of all sizes. Using a monitoring software tool can quickly identify potential vulnerabilities and eradicate massive holes in your security infrastructure, protecting you from insider threats as well as external breaches or risks that may be lingering on the doorstep.
By SoftActivity Team