Q1 2020: Key Trends In Cyber Security

The first quarter of 2020 will be remembered for the sudden impact and likely long-term consequences of the coronavirus pandemic.The impact of the widesperad international lockdown and the perhaps never-to-reversd trend towards remote working has dominated the cyber security world for the past month. But that is not the whole story and alongside the worldwide response to Covid-19 there are some other emerging trends.

Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers and experts view these key cybersecurity trends as critical to understand in 2020.

Ransomware Makes Coronavirus Worse. Last year we saw ransomware taking on big industries and also governments and healthcare facilities. Bad actors are taking things to the next level through collaborative partnerships. Brace yourself for more intensive attacks and a new modus operandi. Instead of just encrypting your data, bad actors are now also threatening to sell it or disclose it. It seems that cyber criminals also value the ability to multitask, and they’re now extorting even higher ransoms.

Data Breaches and Phishing.Protection from phishing attacks is one of the top trends in cyber security. It has been on the list of cyber security trends for a while and won’t disappear anytime soon.Most verified data breaches appeared to be phishing and phishing isn’t limited to emails.  Cyber criminals are also tricking victims into handing over personal data, different kinds of credentials (like login), and sending their money directly. Among other rapidly growing phishing channels are SMS, chats on social networks like Facebook or LinkedIn and phone calls involving a real person. Scams connected with Social Security number and people pretending to be an employee from a bank, or a government department for instance telling you your car tax needs immediate payment, or an enterprise like Microsoft asking for your private data.

Insecure personal data destabilises the digital society. In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013. The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. This example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behavior.

Smart insecure consumer devices are expanding. Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices are increasing every year, as these types of device are quickly becoming an integral part of everyday life. 

It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for cyber security has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Medical devices raise the risk of an internet health crisis. Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the internet as part of the Internet of Medical Things (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. 

In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem, especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for cyber security. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Cyber-Attacks on Vehicles. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit, some with direct security implications. Broad cyber-attacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Supply chains are under attack. With the goal of greater efficiency and lower costs, smart supply chains leverage IoT automation, robotics and big data management, those within a company and with their suppliers. 
Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. 

Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyber-attacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Vulnerabilities in real-time operating systems.  It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. An estimated 200 million IoT devices are at risk of remote code execution attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. 

Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates might not be effective for much longer.

EC-Council:       Help Net Security:      Smart-Energy:       Security Boulevard:         Tech Funnel


You Might Also Read: 

The Most Common Cyber Attacks:

 

 

« Every Single Employee Requires Cyber Security Training
Ransomware Authors Go Beyond Malicious Encryption »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

RFA

RFA

RFA is a unique IT, financial cloud and managed cyber-security provider to the financial services and alternative investment sectors.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Cyber Unit

Cyber Unit

Cyber Unit offer next level protection from cyber attacks in packages and pricing options that are accessible to smaller organizations.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.