As 2019 comes to a close, one prediction for 2020 has been nearly universal among IT experts – cybersecurity attacks on businesses will continue to increase. For organizations with the right cybersecurity measures in place, this should not cause panic. On the other hand, this may be a cause for concern among others with (or without) IT defenses that are lacking key elements for the new decade.
Tech Radar recommends that enterprises maintain immaculate overall cyber hygiene practices from a top-down level by employing a variety of tools and protective measures so they can both prevent and effectively respond to attacks.
A Varonis article reports that the most common methods expected to be used in cyberattacks against IT systems in 2020 include phishing, social engineering, Distributed Denial of Service and notably, ransomware. Experts have formed a consensus that the use of the latter type of attack will continue to increase, particularly targeting government and healthcare IT enterprises for data. According to The SSL Store, email phishing attacks are still predicted to be the main way in which hackers and cyber espionage operations breach private IT networks of all sizes.
According to the experts, here is a list of five essential cybersecurity elements that a business should use in its IT operations to reduce cyber risk as much as possible in 2020:
1. Move operations and storage to the cloud as appropriate
Businesses are increasingly realizing the benefits of using cloud-based services for their IT networks, and as evidence, Forbes predicts that more than 80% of enterprise workloads will use the technology to some extent in 2020.
When using a cloud solution, businesses should not get too comfortable and think that the provider’s own cybersecurity resources are capable of completely handling data protection round-the-clock, as organizational input is required. Still, without proper security measures set up and in place when configuring cloud services as a result human error, they are more likely to become targets for hackers, according to CRN.
2. Use AI
To avoid the security pitfalls caused as a result of uncontrollable human error, many experts predict that artificial intelligence will be heavily embraced and implemented by organizations in different forms for cybersecurity purposes, stated Forbes. According to SSL Store, 79% of more than 1,400 IT professionals surveyed recently claimed that they either have cybersecurity automation tools currently in place or plan to use them in within the next three years. Overall, the use of AI is highly recommended for organizations with understaffed IT or cybersecurity departments to increase efficiency.
3. Mobile, IoT protection
According to Varonis, statistics show that there have been recent large increases in the number of hacked mobile and IoT devices, which are used more in workplaces each day and have now become common targets for attacks. According to Varonis, 61% of organizations have reported IoT security incidents at least once, while IoT devices typically fend off 5,200 attacks each month, on average. In addition, Symantec reported based on a recent study that high risk applications were installed in every one out of 36 mobile devices.
To ensure that mobile and other IoT devices are not vulnerabilities providing hackers with attack vectors into your business’s IT network, proper security measures and user permissions should be set in place. Employees can be trained on how to safely use their devices (for example, proper file sharing or email management, per IT Toolbox) to instill best practices that can further help to avoid vulnerabilities created by human error or social engineering.
4. Ransomware protection
Ransomware has been perhaps the most daunting threat to U.S. businesses’ IT operations in recent years, and with worst-case consequences that were incredibly costly. Varonis reported that these attacks on enterprises increased by 12% in 2019 over 2018 and cost businesses $133,000, on average, yet in certain cases some came at a heavier price to those affected. For example, in 2019 multiple state and local government operations were impacted and entire healthcare operations closed down as a result of ransomware breaches, according to SSL. In total, ransomware attack costs amounted to $10 billion this year.
As a part of proper cyber hygiene, there are several key tools that businesses and governments should use to keep their IT networks and data safe. Namely, these include employee cyber safety training and comprehensive cyber security assessments that may include regular penetration testing to simulate one or more cyberattacks, according to Dark Reading.
“Ransomware…will continue to plague state and municipal agencies lacking appropriate skills, controls, and ransomware countermeasures…we predict there’s a 20 percent chance this could escalate to a national level,” Enterprise Strategy Group Senior Principal Analyst and Fellow Jon Oltsik told Forbes, further predicting that “at least” three U.S. states will declare ransomware-related states of emergency in 2020.
5. Comply with new data protection and privacy standards
To help deter cyberattacks, new legislation has been passed by certain governmental authorities globally that imposes harsher penalties and consequences for noncompliance in protecting sensitive data, such as patient files or consumer transaction records. Two examples are the European Union’s General Data Protection Regulation and the California Consumer Privacy Act – Google’s noncompliance with the former came with a $57 billion violation fine issued by a French data protection agency, according to Forbes.
To avoid noncompliance, most businesses predict that they will need to increase their spending and have better metric-recording tools in place to prove they are obeying the rules. As a result, it might be wise to ensure that new investments in this area serve a greater purpose for the sake of longevity.