First, the threat environment will only continue to grow in 2020. And will likely bring even more new challenges with it, according to researchers and cybersecurity experts. Analysed the industry’s current state and packaged up to top five cybersecurity predictions for 2020.
Threat hunters will help boost the importance of proactive security.
Threat hunters are researchers on ethical safety driven by a strict set of guidelines. They peruse the web seeking security threats, leaked data and unsecured databases. This all with the sole purpose of disclosing their findings responsibly to the companies affected. Often these companies have critical security vulnerabilities which could open their business to potential threats. Through revealing these security vulnerabilities upon discovery. The act of good faith provided through threat hunters can save organizations over $427 per minute. However, since they can only detect and report security flaws appropriately, and not prevent them. Threat hunters alone cannot be count on to provide robust “proactive protection” in the same way as automate security solution can.
While threat hunters continue to gain recognition and publicity for their efforts in 2020. And analysts expect that they will help raise awareness of the need for aggressive protection for an online presence for any individual or business.
California Consumer Privacy Act (CCPA) is the new cyber sheriff in town.
Next, with the CCPA being enforced just weeks away, it will be important to see how this law on privacy will affect the cybersecurity environment by 2020. The CCPA seeks to improve privacy and consumer protection protections for citizens of California. Or any other entity doing business with California. The CCPA legislation would likely set the bar for an improvement in cybersecurity policies. And given the focus on protecting consumer privacy. In addition, organizations that fail to protect user data because they do not have reasonable security policies. And procedures in place may theoretically face legal action by any person whose data was involved in a breach. However, analysts expect at the CCPA to set the tone for stronger cybersecurity efforts going into the presidential elections in 2020.
SMS phishing attacks will be the new phish in town.
Phishing is a common attack used by cybercriminals to trick individuals into providing personal data. Or login credentials through a “spray and pray” method that can reach a mass audience, typically via email. However, SMS phishing is starting to gain serious traction. And researchers believe these attacks will be difficult to mitigate in 2020. Malicious text messages are at the centre of SMS phishing, and like email phishing. With this they aim to trick users into taking action that puts them and their personal data at risk. They are difficult to prevent because as of today. There is no way to proactively stop or block these types of messages. Given that over 2.5 billion individuals have a smartphone or mobile device, it’s likely that SMS phishing will become just as prevalent as email phishing, if not more so.
Stealthier cross-site scripting attacks will continue to take centre stage.
It’s no wonder that stealthy attacks tend to be the top threat to watch for. Stealthy attacks, known for their ability to silently infiltrate and kill, are incredibly hard to detect and are only becoming more sophisticated. Security research reveals that cross-site scripting (XSS) led the way in stealthy methods of attack, with 1.6 million website pages scanned revealing a vulnerability to cross-site scripting.
Cross-site scripting is a popular stealthy attack method among cybercriminals as it enables them to directly steal an end-user’s login session token or credentials. Next, this allows the attacker unauthorized access to numerous accounts or servers, putting the end-user’s information at risk. A prime example of a cross-site scripting attack is altering website code through input fields. This activity initiates a fake alert to the end-user, asking them to sign into a specific account or application. By doing so, the end-user unknowingly provides their credentials to an attacker. Given their growing popularity and effectiveness, researchers predict cross-site scripting will continue to dominate in 2020.
Internet of Things (IoT) devices will be a cybercriminal’s “fifth column” in 2020.
IoT devices are popular among consumers who thrive on efficiency. They provide users the ability to secure their homes, operate their TVs, and use voice assistants to add a level of convivence to their daily tasks.
These devices rise in popularity, so will their ability to be compromised due to the nature of how they are designed.
While, if a manufacturer hardcodes a master password within the device’s firmware. Then, the device becomes extremely vulnerable from a security perspective, especially if an attacker can locate and download the password to access the device. As the popularity of IoT devices continues to grow, researchers predict the number of compromised devices will follow suit. Seems like, this will likely be the case until standardized regulations are put in place. And manufacturers are required to comply with these standards.
History has shown that with every new year comes new trends and security threats that are stealthier. And more sophisticated than ever before and predict 2020 will be no different. The first step website owners should take to protect themselves from cybercrime in the coming year is to be proactive about security by taking the following steps:
- Implement good cyber hygiene practices such as using strong passwords or a password manager.
- Update your CMS core files, ecommerce platforms, and plugins to protect your website and visitors from cross-site scripting attacks.
- Implement a website scanner to scan all site files and databases for malware and remove them as soon as they are detect.
- Use a web application firewall to filter bad traffic and stealthy attacks away from your website.
- Educate yourself on how to spot email phishing and SMS phishing by looking for grammatical errors, suspicious email addresses, and suspicious text messages.
Finally, the coming year it will be interesting to see what cybercrime has in store. The research team will closely monitor these five predictions throughout the coming year. And will continue to share new information and security best practices to help ensure customers stay protected in today’s digital world.
