Cyber Security Trends 2020 – How Unprepared Are We?
By Yash Mehta
Spending on cybersecurity is on an explosive rise. When new ransomware attacks occur every 14 seconds followed by infiltration attempts on large volumes of data putting millions of people at risk, cybersecurity ought to be discussed. As we usher into 2020, the scope of discussion has gone beyond the upcoming security products & services to new innovations in hacking. If you haven’t woken up to combat such attacks, you could be the next target.
Before 2019 ends, the US alone would have had spent USD 45 billion and that’s not just any other market cap figure. As per IDC, global spending on cybersecurity will touch USD 103 billion.
Increased Router-based attacks
Being positioned at the heart of the network operations, Routers monitor all the devices and hence, are low hanging fruits for hackers. Since they aren’t updated as frequently as recommended, Routers are prone to a series of attacks. Moreover, there is a swathe of models from different brands which makes it complicated for the manufacturers to upgrade or offer replacement to the older devices.
Such attacks are targeted to retrieve configuration files by exploiting commands such as SNMP and SMI. As per a report from Akamai, flaws in UPnP implementations empowered hackers to inject NAT rules while affecting 65,000 routers and 4.8 million more at risk.
Last year, Kaspersky reported a similar attack wherein systems in Russia and Iran were left with an ASCII rendition of the American Flag followed by a message ‘Don’t mess with our elections’.
Given the increase of routers under attacks, users, at homes, agencies and offices must take essential steps to ensure basic security. More than just changing the default router password in settings, it’s high time that users act proactively and learn about the security of their routers. They can access the router settings via the default IP 192.168.1.1 which is pre-specified by the router companies.
Henceforth, enabling WPA2 encryption, updating the router, using VPN and other 3rd party services can help to cut down the risks by 70%. In certain cases, changing the default IP altogether can curb the vulnerabilities.
Growth of 5G & increasing threats in the cloud
With impressive infrastructure deployments already in progression, 5G is prepared to grow in major markets such as India. In fact, IoT device manufacturers are experimenting with devices connecting directly with the 5G networks while not depending upon the Wi-Fi routers anymore. However, eliminating the central point of controlling networks at homes and small offices has raised the fears of making devices prone to more attacks. Routers are helpful in monitoring all the devices in the network and their absence means screening each one of them manually.
Following up with abundant data streaming capacities provided by 5G networks, cloud storage may not be the securest of all anymore. Given such bandwidth efficiency to back-up, upload and download huge volumes of data, hackers have already discovered their newer targets. At the enterprise level, this gets scarier as on-premise migration to the cloud continues to grow explosively . However, by 2020, 80% of such deals will attach network firewalls and secure web gateways to cloud-based access security brokers (CASBs).
Increasing use of mobile as an attack vector
By the end of 2018, mobiles had already topped the list of potential gateways to infiltration and hacking attempts. Since all our communications, whether personal or professional have moved to the mobile, we are inching towards a greater risk of exposing ourselves to the unknown, unintentionally. As per the RSA’s Current State of Cybercrime Whitepaper, 70% of fraudulent transactions were triggered by a mobile device in 2018. Not to miss, the 680% rise in frauds from mobile apps since 2015.
Phishing is back – stronger & scarier
Phishing may be old yet practiced full throttle. In fact, it has expanded into different versions such as smishing (phishing through SMS) or vishing (phishing through live calls). As per Verizon’s Data Breach Investigation Report 2019, phishing accounts for 32% of data breaches and 78% of cyberespionage incidents. These actions across emails, SMSs, social media posts and IRS phone calls lure the victim to give up personal information such as login credentials, or OTPs including transactions. Despite aggressive awareness campaigning, impersonating a reputed brand and extracting valuable information from the customer hasn’t stopped and it doesn’t look like stopping in 2020.
Going forward – hacking will get more innovative
Before you thought of deploying AI to predict attacks, hackers had already implemented strategies to dodge your preparations. Besides using automation for phishing (sending emails, social media messages), it could scan millions of systems, identify the ones most vulnerable and launch mass data infiltration attacks. Therefore, such abusive use of Artificial Intelligence deserves superlative defense such as – 50% of enterprises pledge to utilize AI tools to secure their systems.