With the COVID-19 virus on everybody’s mind, it’s hard to believe that there are any other issues that people are concerned with. However, with the prediction of a vaccine that will help to mitigate the pandemic and let everyone live without fear of catching the virus, the country is slowly moving back to it’s “normal,” which is now dubbed the “new normal.”
Nonetheless, there is a lot of discussion about cybersecurity. Recent breaches with airlines and hotels, along with a deep concern for the 2020 election in November. has spurred renewed interest in cybersecurity.
Foreign actors are being blamed and identified for their role in our past election, and are being vehemently watched this election to ensure that there is no cyber interference in our upcoming election. States have been given millions of dollars in federal monies to prevent any attacks on their voting systems, and new software is being developed and distributed daily to ensure that the latest voting machine firewalls are secure.
The fact that cybersecurity is a topic on the news almost daily is helping to broaden awareness about the need for vigilance and is helping to keep people aware of the trends taking place this year. Here are some of the key trends to watch for.
As in the past, data breaches top the 2020 list of trends for cybersecurity. Concern over possible data breaches has helped to spur new efforts to bolster web application security to prevent new breaches. Past data breaches have been extremely costly to companies who had their data compromised, including Target, Equifax Credit and many other companies.
While the Target data breach in 2013 exposed many customers’ personal and financial information to be compromised, it also cost Target over $300 million to settle various lawsuits and to provide credit monitoring for customers who had their information stolen. The Equifax breach in 2018 cost the company $1.4 billion in settlement fees and related costs. So you can see why there’s renewed vigilance on data breaches.
Of course, it’s not only large companies and organizations that are affected by data breaches. Individuals are faced with privacy and financial breaches as well, breaches that could cost thousands of dollars and tie up their credit for years. Now, many people are being vigilant about who they talk to, text with or email to, because that’s how the cybercrooks get into their computers. People are using Nuwber, an online tool used to verify the actual identity of people they’re in contact with. It’s one tactic, but it’s an important one that’s helping to prevent identity and data theft.
Phishing scams are as old as the Internet, with the only difference being they’re more advanced. Cybercrooks can duplicate a website and “spoof” it, so while you think you’re clicking on a legitimate site, you’re not. You’re actually going to a duplicate website that looks like the one you know, but it really isn’t. Once you’re there, you’re asked to put in your personal data like name, phone number, credit card info, address, the list goes on and on. And then they’ve got you! No legitimate website will ask you for credit card info over the Internet – none! So if that’s what you’re seeing – close it out immediately. As with other data breaches, use Nuwber to verify the phone or email of the site claiming to be a legitimate website and see if it’s not set up as a scam. Once you have verified who you’re dealing with, just click away if it’s not legit.
The costs of the data breaches illustrate why it’s so critical to have cybersecurity professionals working to ensure that the breaches don’t happen again to other companies. But the problem is that there aren’t enough cybersecurity professionals available to maintain secure data and prevent new attacks. For example, 2 out of 3 companies worldwide complain that there aren’t enough professionals available to hire. However, there are new software products available that allow small teams of professionals to monitor and prevent data breaches, which will help until the hiring gap can be filled. More training and higher salaries will ultimately help to mitigate the hiring problem.
Cloud-based threats are growing daily, and as more and more companies store data in the cloud, the risk is growing stronger. While it was once thought of as a barrier to cyber attacks, it is now a target of cyber criminals. Companies and organizations or all sizes and types are now faced with threats to their data from the same black hats that they were trying to escape from. They’re finding that manual security apps are no longer enough to protect their data, and are switching to more robust automated web applications for security. One automated proof-based web scanner that tests the vulnerability of the organization’s data from breaches is from NetSparker, which is used by many top companies like Intel, Microsoft and many others.
Look around any company and you’ll find employees using a variety of tablets, cell phones and other mobile devices. While this treat is still in the growing stages, it is indeed a threat to companies and organizations. As more and more employees use the mobile devices, the threats will increase as well. Once an employee accesses data from the company’s mainframe on a mobile device, that makes the device vulnerable to malware, ransomware and other nefarious tools. The key is training employees about the inherent risks involved in using the mobile devices to connect to the network and implement various safety protocols in each individual.
You’ll hear it or see it on the news everyday – “China hacked into the United State’s. Defense Department’s computer system,” or “North Korea has been accused of hacking into corporate websites to steal proprietary secrets.” As political tensions rise, more and more of these actions and the reporting of them will continue to increase. One of the tactics used is ransomware – locking a company’s or official state computer and only releasing it when a ransom is paid, often in the millions of dollars. Payment is officially frowned upon, but it’s often less expensive to pay the ransom than it is to try to unlock the computer.
As IoT, or the Internet of things, is on the increase, their threats to the various IoT tools increases as well. The risks come in through routers or NAS servers, and are based on unencrypted personal data, firmware updates that haven’t been verified and other devices used to steal personal data from a computer. Education is the best defense of these on-going security mistakes, as is having resources in place to ensure that all equipment such as routers and servers meet industry standards against being compromised.
Artificial Intelligence (AI) is increasingly being used for everything from facial recognition software to language processing. The problem comes in when cybercriminals decide to utilize the AI’s algorithms to develop sophisticated malware and breach computer systems. And that criminal activity is on the rise. AI and machine learning is rapidly being used on a multitude of products, and the more it’s used the more criminal activity is being employed by cybercriminals. Fortunately, there is now automated software available to automatically scan for criminal activity, which helps to deter the breaching of servers and other system devices.
Because of the breaches of Experian and Target, the general public is well aware of cybersecurity issues, and that’s a good trend for everyone. The more knowledge gained by the public, the better off we’ll all be, because the awareness level will increase by a huge margin. This ties into the education of all involved about the threats to privacy and data, and the more we know about them, the better we can monitor the criminal activity that’s tied to computer criminal activities.
If you have a “smart key” for your vehicle or you transport goods, you may be at risk for cyber threats. Increasingly, crooks are using the bluetooth signals of a vehicle’s smart key to start, and steal the vehicle! It’s the same with cargo, once they have access to the vehicle, the cargo is history. Sadly, this convenience trend will ultimately transfer to the vehicle’s cargo as well. The answer is to educate the vehicle owners and keep watch on who gains access to the smart key, while using tools to turn off the device when not in use. The more new devices with this technology, the more we’ll be hearing about this new criminal activity.