The Biggest Cyber Attack Of 2020 Has ‘Already Happened’

Uploaded on 2019-12-18 in NEWS-Cybersecurity News, FREE TO VIEW

The biggest cyberattack of 2020 has “already happened”, according to Amanda Finch,  CEO of the Chartered Institute of Information Security (CIISec). 

Her words are a wake-up call to organizations to take pre-emptive action against future, and potentially catastrophic, cybersecurity breaches.  The vulnerabilities that will underscore next year’s landmark breaches are most likely already in place.

Security-breach news became so common in 2019 that readers' eyes often glazed over at the headlines. Cybercrime-as-a-service (CAAS) is poised to become a significant cyber attack trend  in 2020. Ransomware and phishing, as in 2018, were out of control; state-run hackers were working around the clock and making money; passwords were leaked; sophisticated malware attacks kept spreading; data was breached. 

Following the first full year of the General Data Protection Regulation (GDPR), a set of international rules set by the European Union in May 2018, governments around the world are beginning to implement coherent data privacy rules, 

Future Attacks
“Cyberattacks do not happen in an instant,” Amanda Finch told TechHQ. “From the initial breach to detecting the attack, to eventual resolution, reporting and any action by regulators can take months or even years. “As such, the biggest attack of 2020, that will affect the most people, cause the greatest reaction in the industry, and result in the greatest damage to the organisation, has almost certainly already happened.”  Finch added that the hypothetical breach is “most likely a skeleton waiting to emerge from an unknowing organisation’s closet.”

Breaches in the Making
The statement serves as a reminder that most breaches can be traced back to human error and a lack of robust policies throughout an organisation, despite the security measures the business might have in place. Meanwhile, attackers often enter systems months in advance, remaining undetected, making proactive threat-hunting missions a necessarily vital part of an organisation’s defense. 2019 has seen no shortage of headline-grabbing data breaches. Perhaps one of the most damaging to a brand was that of Capital One, whose server breach exposed personal information belonging to some 106 million of the bank’s customers and applicants in the US and Canada. Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, Social Security numbers, and linked bank account numbers.  

This year has also seen a surge in US ransomware. The attacks, which have taken place across cities in US states, such as New York, Florida, Texas and Maryland have disabled vital city infrastructure and communications, the pace of attacks exacerbated throughout the year, attackers likely heartened by some victims’ willingness to hand over the multimillion-dollar payouts demanded. 

Meanwhile, Norwegian manufacturing giant Hydro was one among severl other firms struck by Lockergoga malware. Likely stemming from a misjudged email link click, the entire business was brought offline across 22,000 computers within 170 sites across 40 countries worldwide. 

With cyberattacks continuing to prove fruitful, and methods of hackers ever more sophisticated, 2020 will inevitably witness its fair share of high-profile breaches unfolding. 

“To avoid becoming this victim, organisations need to be sure they can both prevent attacks, and identify the signs of a breach so they can mitigate any damage,” said Finch. 

Cyberattacks can carry an extraordinary level of damage to a business, to reputation and customer trust, and the cost of reparations and down-time. Businesses may be tempted to invest in brimming cybersecurity armories, most businesses have 50 defense tools in place at one time, according to Ovum, an “enormous” part of infosec management comes down to people, Finch said. 

“Organisations must have the right people, with the right skills, occupying the right roles....Investing in equipping staff with the best training, not only in the security team but across the whole organisation, will also be critical in defending against attacks. Ultimately, organisations can either prepare for the worst now or learn a very expensive lesson later.” 

Even if a business falls victim to an attack,  proving that thorough mitigation efforts were taken can reduce the various impacts of a breach. 

 According to a survey of M&A experts by (ISC²), while 86 percent said a publicly reported breach would detract from an organisation’s valuation, a previous breach is not a deal-breaker if the company can demonstrate it acted with the correct procedure at the time.

CIISec:          TechHQ:         eWeek:    

You  Might Also Read:

Creating A Cyber Incident Response Policy

2020 Cyber Attack Predictions:

 

« Insiders Are Cyber Criminals Favourite Connection
AI Market Forecast To Be Worth $190b By 2025 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.