Q1 2020: Key Trends In Cyber Security

Uploaded on 2020-04-28 in NEWS-News Analysis, FREE TO VIEW

The first quarter of 2020 will be remembered for the sudden impact and likely long-term consequences of the coronavirus pandemic.The impact of the widesperad international lockdown and the perhaps never-to-reversd trend towards remote working has dominated the cyber security world for the past month. But that is not the whole story and alongside the worldwide response to Covid-19 there are some other emerging trends.

Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers and experts view these key cybersecurity trends as critical to understand in 2020.

Ransomware Makes Coronavirus Worse. Last year we saw ransomware taking on big industries and also governments and healthcare facilities. Bad actors are taking things to the next level through collaborative partnerships. Brace yourself for more intensive attacks and a new modus operandi. Instead of just encrypting your data, bad actors are now also threatening to sell it or disclose it. It seems that cyber criminals also value the ability to multitask, and they’re now extorting even higher ransoms.

Data Breaches and Phishing.Protection from phishing attacks is one of the top trends in cyber security. It has been on the list of cyber security trends for a while and won’t disappear anytime soon.Most verified data breaches appeared to be phishing and phishing isn’t limited to emails.  Cyber criminals are also tricking victims into handing over personal data, different kinds of credentials (like login), and sending their money directly. Among other rapidly growing phishing channels are SMS, chats on social networks like Facebook or LinkedIn and phone calls involving a real person. Scams connected with Social Security number and people pretending to be an employee from a bank, or a government department for instance telling you your car tax needs immediate payment, or an enterprise like Microsoft asking for your private data.

Insecure personal data destabilises the digital society. In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013. The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. This example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behavior.

Smart insecure consumer devices are expanding. Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices are increasing every year, as these types of device are quickly becoming an integral part of everyday life. 

It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for cyber security has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Medical devices raise the risk of an internet health crisis. Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the internet as part of the Internet of Medical Things (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. 

In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem, especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for cyber security. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Cyber-Attacks on Vehicles. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit, some with direct security implications. Broad cyber-attacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Supply chains are under attack. With the goal of greater efficiency and lower costs, smart supply chains leverage IoT automation, robotics and big data management, those within a company and with their suppliers. 
Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. 

Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyber-attacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Vulnerabilities in real-time operating systems.  It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. An estimated 200 million IoT devices are at risk of remote code execution attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. 

Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates might not be effective for much longer.

EC-Council:       Help Net Security:      Smart-Energy:       Security Boulevard:         Tech Funnel


You Might Also Read: 

The Most Common Cyber Attacks:

 

 

« Every Single Employee Requires Cyber Security Training
Ransomware Authors Go Beyond Malicious Encryption »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Japan Cybersecurity Innovation Committee (JCIC)

Japan Cybersecurity Innovation Committee (JCIC)

JCIC is an independent and not-for-profit thinktank to establish a secure and safe digital society.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

IONIX

IONIX

IONIX is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your real attack surface and its digital supply chain.