A Look Forward to 2020 and a New Decade of Cybersecurity Threats
Cybersecurity has become a chess match (albeit a fast-paced version) between enterprises and online criminals as they to try to out-maneuver one another. Staying up to date on the latest cyber threats is imperative for organizations that want to remain secure―and competitive―in today’s mobile business environment.
However, with data breaches making headlines on an almost-daily basis, it’s obvious that cyber attackers are successfully casting a wider net―targeting more small businesses and consumers. 2019, alone, was a landmark year for data breaches, as it had more than 3,800 breaches—a more than 50-percent increase over the last four years. Not only is the number of attacks increasing, so, too, is the quality of each attack as criminals employ increasingly more complex technologies and sophisticated tactics aimed at gaining access to personal and private data. As long as the cyber threats continue to evolve, companies will continue to spend to protect their assets. Global security spending is predicted to reach $128 billion by 2020.
At the beginning of 2019, we made several trend predictions here on the Digital Resolve blog based on what we were hearing from and seeing through our customers’ deployments:
- Ransomware attacks would continue, but shift toward consumers;
- Real-time analytics would take a huge leap forward;
- Criminals would move away from bigger, more obvious targets;
- Zero Trust would go mainstream; and
- Convenience-for-good-security trade-offs would fall out of favor.
While many of those predictions materialized and will continue to impact enterprises in 2020, there are new trends that we should expect to see in the new year.
Phishing Will Still Be Alive and Well―and Even More Sophisticated
While phishing has been around since the mid-1990s when attackers targeted AOL users, it continues to be a persistent and viable security threat. In other words, if fraudsters weren’t having success with this approach, it probably would have fizzled out for more opportunistic endeavors. Phishing was the most effective attack vector in 2019. At least one in every 99 emails was reported as a phishing attack. And, this threat will continue to evolve and be a top threat for 2020 because email remains the easiest way to crack user cybersecurity. A multi-pronged approach using multifactor authentication along with other credential management and behavioral monitoring and analytics can go a long way in providing real-time protection against potential risks.
Regulations Will Grow Tighter
Last year, we wrote about several industries and governments developing and implementing new security regulations, procedures, and policies―some mandatory and some voluntary. And, we don’t expect that trend to subside going into the new year. Already, the California Consumer Privacy Act (CCPA) has gone into effect, and by Oct. 1, 2020, anyone wishing to fly on a commercial carrier or access federal facilities in the United States must have a REAL ID source of identification. Compliance with cybersecurity regulations has created challenges for many organizations as they struggle to strike a balance between policy, good security, business productivity and user convenience. There are cost-effective solutions in the marketplace that can accomplish all four needs. Enterprises just need to do their due diligence.
Human Error and Employer Negligence Will Continue to Drive Data Breaches
With the number of reported data breaches on the rise, more than half of all C-suite executives (53 percent) and nearly three in 10 small business owners (28 percent) who suffered a breach reveal that human error or accidental loss by an external vendor/source was the cause of the data breach. We’ve talked previously about how insider breaches—those caused by employees within an organization—are among the costliest and hardest to detect (whether malicious or accidental). As more organizations allow employees to use their personal devices for work, either onsite or remotely, these same companies are exponentially increasing their security risks (see phishing above). Employee training, along with a comprehensive online security solution that monitors every user interaction and transaction to uncover suspect behaviors across the entire enterprise, will help organizations significantly reduce their risks in today’s mobile business landscape.
Synthetic Identity Fraud Will Become Even More Prevalent
According to the Federal Reserve, synthetic identity fraud is the fastest growing type of financial crime in the United States. And, it’s costing companies considerable amounts of money (with the average charge-off balance per instance of synthetic identity fraud placed at $15,000). Synthetic identity theft is a type of fraud in which a criminal combines real (i.e. social security number) with fake (i.e. newly created name) to produce a new identity. Fraudsters may open accounts and use them responsibly for a certain period of time in order to build up the credit score and history, racking up fraudulent charges along the way. They may then turn around and use the information to create their fake identities to pose as a fraud victim and get their credit line restored. Depending on enrollment or biographical data alone is not enough to stop fraudsters. Financial services organizations need to institute ongoing identity management solutions that proactively provide security throughout the entire lifecycle of any account.
While the last decade has delivered cybersecurity to the forefront of the list of challenges businesses now face, there, unfortunately, doesn’t appear to be any sign that this topic will be abating. Therefore, in order for organizations to minimize the impact of cyber threats heading into the next decade, they need to incorporate proactive and comprehensive security planning that includes all stakeholders― from the C-suite to the enterprise IT department, to employees and partners as well as any third-party vendors with innovative solutions that can help create a stronger cybersecurity program.