Top Cyber Threats For Business In 2020

Uploaded on 2020-01-31 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The security threat has seen an unparalleled increase in IT systems and AI analysis which has benefits but is also set to make 2020 a real cyber security problem for most businesses. 

As organisations as diverse as hospitals, banks, schools, and retailers continue to grow their digital infrastructure, they’re in danger of unwittingly expanding their attack surface, offering new opportunities for hackers to make money. Furthermore, the average ransomware payment is growing as criminals become more sophisticated in their attacks.

Attackers focused on larger targets and honed their attacks using social engineering. There is a rising use of ransomware strains that tend to demand higher ransoms, like SamSam and RyukRecently, a top energy executive was tricked into transferring £200,000 of company money to fake recipients  following a phone call from that appeared to come from his boss at the German parent company. 

The average ransomware incident lasted 6.2 days and cost $54,904 in downtime, and the average ransomware-related downtime increased 47% over Q3.

The biggest factor in that increasing downtime is the rising number of compromised backup systems. 75% of organisations that paid a ransom had their backups encrypted by ransomware too. Professional services is the hardest-hit sector at 22.4%, followed by software services (13.8%) and financial services and healthcare, the latter two sectors each garnering 12.1%.

An effective response to these threats will require a blend of best practice basics and a willingness to embrace new security technologies. That’s because, although there will be new hacking tools and techniques to tackle over the coming year, many of the challenges facing organisations will be a continuation of current trends.

Here Are Six Top Threats To Watch Out For:

Leaking Email: Email remains the number one threat vector for global organisations. It continues to be the easiest and most effective way for cyber-attackers to harvest user credentials and personal information, and/or install malware on a target’s machine. In 2020, Chief Information Security Officers CISOs must do more to make this channel more resilient to threats, by investing in Domain-based Message Authentication, Reporting and Conformance (DMARC), enforcing Multi-Factor Authentication (MFA), improving security training and awareness programmes and enforcing other policies such as disabling macros.

New AI-powered tools are becoming more widespread, offering an innovative and more effective way to detect spear-phishing and other fraudulent messages.

Email Fakes and Compromise: Business Email Compromises (BEC) cost organisations $1.3 billion in 2018, half of the total losses associated with global cyber-crimes reported to the FBI that year. Organisations are going to need to build staff awareness raising about the threat into their internal training programmes, as well as rolling out technologies and processes designed to spot and block attacks. 

Deepfakes: An potntiallyy bigger threat is from  AI-based spoof videos and audio. These so-called “deepfakes” are already being used to trick employees into making wire transfers. This is likely to be just the tip of the iceberg, and will need advanced tools and improved employee training to mitigate.

Cloud Platforms: The most obvious manifestation of digital transformation investment is increased spending on cloud platforms. But the advent of hybrid and multi-clouds is creating complexity that many in-house security teams are ill-equipped to manage. 

Ransomware: Over the past 12 months, we’ve seen an evolution of one of the biggest threats of recent years, as cyber-criminals refocused their ransomware campaigns on fewer targets. But that doesn’t mean your business is safe in 2020. In fact, the hackers are going to extra lengths to make sure their attacks are successful, deploying fileless malware techniques, RDP compromise and lateral movement to stay hidden until the time is right to strike. 

Best practice security steps like Multi Factor Authentication (MFA), network segmentation and prompt patching can mitigate many attacks, while regular on- and offline back-ups are essential.

Supply Chain Problems: Modern organisations are nothing without their supply chains. Whether it’s a bakery relying on providers of flour, water and energy, or an online retailer with an expansive ecosystem of digital suppliers, these networks provide the products and services essential to business operations. But they’re also a potential security risk. Hackers will become increasingly adept at exploiting these supply chain relationships to further their own ends.

In 2020 there will be more attacks on Managed Service Providers, which provide a handy stepping-stone into client networks, and digital skimming campaigns targeting the supply chain. The GDPR brought in strict new rules designed to improve transparency and accountability for just these circumstances. 

Chief Information Security Officers would do well to revisit their Service Level Agreements and Partnership agreements to guarantee a baseline level of cybersecurity among all their suppliers, or they will also risk the wrath of the regulators.

Barracuda Blog:      Infosecurity Magazine:      CityAM:       FBI IC3

You Might Also Read:

Why An Effective Security Culture Is Essential For Your Organisation:

Hackers Steal $50 Million From Leading Aviation Design Company:

 

« Britain Allows Huawei 5G Network Access Against US Advice
President Putin Addresses The Russian Tech Gap »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.