Q1 2020: Key Trends In Cyber Security

Uploaded on 2020-04-28 in NEWS-Cybersecurity News, FREE TO VIEW

The first quarter of 2020 will be remembered for the sudden impact and likely long-term consequences of the coronavirus pandemic.The impact of the widesperad international lockdown and the perhaps never-to-reversd trend towards remote working has dominated the cyber security world for the past month. But that is not the whole story and alongside the worldwide response to Covid-19 there are some other emerging trends.

Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers and experts view these key cybersecurity trends as critical to understand in 2020.

Ransomware Makes Coronavirus Worse. Last year we saw ransomware taking on big industries and also governments and healthcare facilities. Bad actors are taking things to the next level through collaborative partnerships. Brace yourself for more intensive attacks and a new modus operandi. Instead of just encrypting your data, bad actors are now also threatening to sell it or disclose it. It seems that cyber criminals also value the ability to multitask, and they’re now extorting even higher ransoms.

Data Breaches and Phishing.Protection from phishing attacks is one of the top trends in cyber security. It has been on the list of cyber security trends for a while and won’t disappear anytime soon.Most verified data breaches appeared to be phishing and phishing isn’t limited to emails.  Cyber criminals are also tricking victims into handing over personal data, different kinds of credentials (like login), and sending their money directly. Among other rapidly growing phishing channels are SMS, chats on social networks like Facebook or LinkedIn and phone calls involving a real person. Scams connected with Social Security number and people pretending to be an employee from a bank, or a government department for instance telling you your car tax needs immediate payment, or an enterprise like Microsoft asking for your private data.

Insecure personal data destabilises the digital society. In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013. The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. This example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behavior.

Smart insecure consumer devices are expanding. Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices are increasing every year, as these types of device are quickly becoming an integral part of everyday life. 

It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for cyber security has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Medical devices raise the risk of an internet health crisis. Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the internet as part of the Internet of Medical Things (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. 

In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem, especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for cyber security. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Cyber-Attacks on Vehicles. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit, some with direct security implications. Broad cyber-attacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Supply chains are under attack. With the goal of greater efficiency and lower costs, smart supply chains leverage IoT automation, robotics and big data management, those within a company and with their suppliers. 
Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. 

Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyber-attacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Vulnerabilities in real-time operating systems.  It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. An estimated 200 million IoT devices are at risk of remote code execution attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. 

Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates might not be effective for much longer.

EC-Council:       Help Net Security:      Smart-Energy:       Security Boulevard:         Tech Funnel


You Might Also Read: 

The Most Common Cyber Attacks:

 

 

« Every Single Employee Requires Cyber Security Training
Ransomware Authors Go Beyond Malicious Encryption »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.