Q1 2020: Key Trends In Cyber Security

Uploaded on 2020-04-28 in NEWS-Cybersecurity News, FREE TO VIEW

The first quarter of 2020 will be remembered for the sudden impact and likely long-term consequences of the coronavirus pandemic.The impact of the widesperad international lockdown and the perhaps never-to-reversd trend towards remote working has dominated the cyber security world for the past month. But that is not the whole story and alongside the worldwide response to Covid-19 there are some other emerging trends.

Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers and experts view these key cybersecurity trends as critical to understand in 2020.

Ransomware Makes Coronavirus Worse. Last year we saw ransomware taking on big industries and also governments and healthcare facilities. Bad actors are taking things to the next level through collaborative partnerships. Brace yourself for more intensive attacks and a new modus operandi. Instead of just encrypting your data, bad actors are now also threatening to sell it or disclose it. It seems that cyber criminals also value the ability to multitask, and they’re now extorting even higher ransoms.

Data Breaches and Phishing.Protection from phishing attacks is one of the top trends in cyber security. It has been on the list of cyber security trends for a while and won’t disappear anytime soon.Most verified data breaches appeared to be phishing and phishing isn’t limited to emails.  Cyber criminals are also tricking victims into handing over personal data, different kinds of credentials (like login), and sending their money directly. Among other rapidly growing phishing channels are SMS, chats on social networks like Facebook or LinkedIn and phone calls involving a real person. Scams connected with Social Security number and people pretending to be an employee from a bank, or a government department for instance telling you your car tax needs immediate payment, or an enterprise like Microsoft asking for your private data.

Insecure personal data destabilises the digital society. In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013. The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. This example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behavior.

Smart insecure consumer devices are expanding. Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices are increasing every year, as these types of device are quickly becoming an integral part of everyday life. 

It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for cyber security has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Medical devices raise the risk of an internet health crisis. Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the internet as part of the Internet of Medical Things (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. 

In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem, especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for cyber security. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Cyber-Attacks on Vehicles. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit, some with direct security implications. Broad cyber-attacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Supply chains are under attack. With the goal of greater efficiency and lower costs, smart supply chains leverage IoT automation, robotics and big data management, those within a company and with their suppliers. 
Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. 

Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyber-attacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Vulnerabilities in real-time operating systems.  It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. An estimated 200 million IoT devices are at risk of remote code execution attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. 

Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates might not be effective for much longer.

EC-Council:       Help Net Security:      Smart-Energy:       Security Boulevard:         Tech Funnel


You Might Also Read: 

The Most Common Cyber Attacks:

 

 

« Every Single Employee Requires Cyber Security Training
Ransomware Authors Go Beyond Malicious Encryption »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.