Five Risks That Will Define Cyber Security In 2020

Uploaded on 2020-01-20 in NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Resilience

2019 was a bad year for data security. By virtually every metric, it was the worst ever. Simply put, companies and their leaders must acknowledge and appreciate the growing consequences of a data breach. Unfortunately, there is no indication that 2020 will be any better.

While organisations are increasingly aware of the importance of cybersecurity, most are struggling to define and implement the required security measures. 

According to the Ponemon Institute’s / IBM 2019 Cost of a Data Breach Report, the average cost of a data breach climbed to nearly $4m, the highest amount on record. The number of data breaches increased by 54% in the first half of 2019, with nearly 4,000 publicly disclosed breaches during that time. In total, more than 4.1 billion records have been exposed this year. The number of data breaches in 202 will likely reach an all-time high this year. 

As more corporate infrastructure moves to the cloud, so will the focus of criminals. The good news and bad news following this trend is “conducting an attack will become harder and the actions of threat actors will become more sophisticated or more frequent, relying on chance rather than planning,” according to Kaspersky.

Driven by the high cost of sophisticated malware-based attacks, a rise in insider attacks are forecast for 2020.

“Direct attacks on infrastructure… is becoming much more expensive, requiring more and more skills and time for the attacker,” says Kaspersky. Increasingly, consumers and regulatory bodies are holding companies accountable for data breaches. Moreover, regulatory oversight like GDPR and CCPA are indicative of a growing regulatory trend that collectively raises the importance of data security in the year ahead.

For those charged with protecting company data, today’s expansive threat landscape can feel overwhelming, leading to increased levels of exhaustion and burnout. However, not all threats are equally prescient, as some are more likely and ominous than others.

Here Are Five Cyber Risks That Will Endanger Company Data In 2020

Insider Threats

While cybersecurity often elicits images of ominous criminals operating in backrooms, one of the most significant data security threats is likely lurking in the cubicle next door. Employees represent a significant threat to data integrity. Verizon’s 2019 Insider Threat Report estimates that insider threats cause more than a third of all data breaches. This threat category is uniquely nuanced, as things like intentional data theft, accidental sharing, and other data disclosure methodologies combine to create a robust threat that companies will need to address in 2020.

With a broad collection of employee monitoring and endpoint data loss prevention software available, every company can be equipped to defend against insider threats. As the consequences of a data breach continue to escalate, securing data against this known variable is a critical step to ensuring data integrity in the year ahead.

Phishing Scams

Despite their best efforts, phishing scams are inevitably making their way into employees’ inboxes, putting company data at risk each time. Unfortunately, the deluge of data available from previous data breaches is being repurposed to craft authentic-looking messages that are increasingly difficult to detect.

In the year ahead, increased personalisation and other deceptive tactics, like HTTPS encryption, will become normative, increasing the impetus for companies to provide awareness training to keep them aware of the threats landing in their inboxes.

Exposed Databases

Cloud computing is among the latest trends for enterprises and SMBs alike. As the vast majority of businesses move their operations to the cloud, this transition presents an opportunity for data exposure. This technological oversight can have severe consequences for data security. For instance, in November, a cybersecurity researcher discovered 1.2 billion records exposed on a single server, a surprisingly routine incident that underscores the threat of exposed databases to data security.

In 2020, companies need to understand that technological advancement can’t come at the expense of data security, and locking down these resources is often as simple as checking and rechecking that critical company data is password protected and not openly exposed to anyone able to locate it.

IT Admin Burnout

Cybersecurity professionals are faced with an incredible task. While they are defending against thousands of attacks every day, cybercriminals and internal bad actors only need to be successful once to inflict serious damage on a company. As a result, cybersecurity professionals are burning out and leaving the profession at a record rate. It’s estimated that 65% of IT professionals consider quitting their jobs, and a similar number are open to leaving the professional altogether.

This problem is endemic all the way to the highest levels of a company where chief information security officers have an average tenure of 18 to 24 months, which is, on average, more than four years less than other c-suite positions.This high-stress, high-turnover environment puts data at risk, as a lack of continuity and unfilled positions create an environment where hackers can thrive.

To assuage these concerns, companies need to prioritise automation as much as possible. In this way, they can protect their networks against insider and external threats without inundating cybersecurity staff with a continual deluge of risks to assess.

Wrong Priorities

Despite the overwhelming evidence that data loss is one of the greatest threats facing companies in the digital age, there is growing evidence that c-suite executives are failing to appreciate the risks. In a survey of Australian CEOs, only 6% recognised that they had experienced a data breach, while 63% of CISOs noted a data loss event. Similarly, only 26% of CISOs indicated that their company was ready to respond to a cyber threat, while 44% of CEOs thought their company was capable of a rapid recovery.

Taken together, these numbers are indicative of one of the most notable threats to data security: indifference.  However, for companies that identify and respond to the most probable data security threats, it can be a differentiating factor, allowing them to thrive in 2020 and beyond.

Please contact Cyber Security Intelligence as we can help your company with economic cyber employee training and cyber audits to significantly reduce your security risks.

Threatpost:         HelpNetSecurity:        NetsParker: 

You Might Also Read:

Cyber Security in 2020 Will Be Defined By Connectivity:

Mitigating IoT Cyber Risks: Training Is The First Step:

 

 

« The Scope Of A Cyber Security Audit
AI Satellite Image Analysis Will Be Regulated »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Chatham House Cyber Conference

Chatham House Cyber Conference

14 June 2023 - Connect with cyber security experts and senior policymakers to explore the role of cyber security in the global economy and how to deliver an open and secure internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Herjavec Group

Herjavec Group

HG's Managed Security Services practice is SOC 2 Type 2 certified and defends your organization from increasingly sophisticated, targeted cybercrime threats.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

Sungard Availability Services (Sungard AS)

Sungard Availability Services (Sungard AS)

Sungard AS partners with customers around the globe to understand their unique business needs and provide production and recovery services tailored to their requirements.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.