Q1 2020: Key Trends In Cyber Security

Uploaded on 2020-04-28 in NEWS-Cybersecurity News, FREE TO VIEW

The first quarter of 2020 will be remembered for the sudden impact and likely long-term consequences of the coronavirus pandemic.The impact of the widesperad international lockdown and the perhaps never-to-reversd trend towards remote working has dominated the cyber security world for the past month. But that is not the whole story and alongside the worldwide response to Covid-19 there are some other emerging trends.

Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers and experts view these key cybersecurity trends as critical to understand in 2020.

Ransomware Makes Coronavirus Worse. Last year we saw ransomware taking on big industries and also governments and healthcare facilities. Bad actors are taking things to the next level through collaborative partnerships. Brace yourself for more intensive attacks and a new modus operandi. Instead of just encrypting your data, bad actors are now also threatening to sell it or disclose it. It seems that cyber criminals also value the ability to multitask, and they’re now extorting even higher ransoms.

Data Breaches and Phishing.Protection from phishing attacks is one of the top trends in cyber security. It has been on the list of cyber security trends for a while and won’t disappear anytime soon.Most verified data breaches appeared to be phishing and phishing isn’t limited to emails.  Cyber criminals are also tricking victims into handing over personal data, different kinds of credentials (like login), and sending their money directly. Among other rapidly growing phishing channels are SMS, chats on social networks like Facebook or LinkedIn and phone calls involving a real person. Scams connected with Social Security number and people pretending to be an employee from a bank, or a government department for instance telling you your car tax needs immediate payment, or an enterprise like Microsoft asking for your private data.

Insecure personal data destabilises the digital society. In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013. The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. This example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behavior.

Smart insecure consumer devices are expanding. Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices are increasing every year, as these types of device are quickly becoming an integral part of everyday life. 

It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for cyber security has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Medical devices raise the risk of an internet health crisis. Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the internet as part of the Internet of Medical Things (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. 

In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem, especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for cyber security. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Cyber-Attacks on Vehicles. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit, some with direct security implications. Broad cyber-attacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Supply chains are under attack. With the goal of greater efficiency and lower costs, smart supply chains leverage IoT automation, robotics and big data management, those within a company and with their suppliers. 
Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. 

Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyber-attacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Vulnerabilities in real-time operating systems.  It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. An estimated 200 million IoT devices are at risk of remote code execution attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. 

Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates might not be effective for much longer.

EC-Council:       Help Net Security:      Smart-Energy:       Security Boulevard:         Tech Funnel


You Might Also Read: 

The Most Common Cyber Attacks:

 

 

« Every Single Employee Requires Cyber Security Training
Ransomware Authors Go Beyond Malicious Encryption »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.