In our now constantly digitally transforming business landscape every year will bring new and evolving cybersecurity threats and challenges. Trend Micro has recently published its key cybersecurity expectations for 2020.
Cybersecurity for next year and beyond, says Trend Micro, needs to be viewed “through many lenses,” and it adds:
“The old paradigm, where networks are isolated behind a company firewall, is behind us. Gone are the days of using a limited stack of enterprise applications. The current paradigm demands a wide variety of apps, services, and platforms that will all require protection. Layered security that is applied to various implementation efforts and keeps up with ecosystem shifts will be crucial in tackling the broad range of threats.”
It’s an important introduction, and one that for us here at The Defence Works points to a need for awareness of the changing digital landscape. For small businesses it may be time to break away from the daily demands of revenue generation and consider the threat of cybercrime and data breaches more attentively.
It’s estimated that 60% of small businesses close within six months of a cyber-attack. Many never recover financially or from the loss of reputation a cyber or data breach can create.
Trend Micro’s report is comprehensive, and it is here to read, so let’s take a look at a just a few key points:
Attackers move faster than system and software vulnerabilities are patched
Trend Micro says:
“System administrators will need to be vigilant when it comes to not only the timeliness of patch deployments but also the quality of the patches they deploy.”
Many breaches and successful cyber attacks occur via outdated software and unaddressed system vulnerabilities. Malware is often also hiding in outdated websites. It’s not just giant enterprises who need the latest software, every application, website, and digital asset, needs to be regularly assessed.
Artificial intelligence creates new threats
We’ve seen this in recent cyberattacks such as with the energy company CEO. “Deepfakes” are attacks that see social engineering and imitation taken to the next level. Trend Micro says:
“AI technology is being used to create highly believable counterfeits (in image, video, or audio format) that depict individuals saying or doing things that did not occur.”
Deepfakes are being used to target executives and manipulate employees, they can be hard to spot and they can cost millions.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Supply chain attacks may pick up pace
A growth in outsourcing means that attackers can bypass a businesses cybersecurity measures and attack through a potentially less defended third-party supplier. Trend Micro recommends:
“Enterprises should perform regular vulnerability and risk assessments and implement preventive measures, including thorough checks on providers and employees who have system access.”
Remote or home workers also add new risks to corporate networks, and the move to the cloud means that even more employees and contractors are accessing systems away from a businesses core operation. Yet this remote activity needs to be protected as much if not more than any other. Trend Micro says:
“More compromises in cloud platforms will happen in 2020 by way of code injection attacks, either directly to the code or through a third-party library. Malware injection can be done in an attempt to eavesdrop or take control of a user’s files and information on the cloud.”
IoT devices could be used for “espionage and extortion.”
As scary as it sounds it is true. Cybercriminals are taking more time to create targeted individual attacks just as with deepfakes. Trend Micro expects these illicit actors to use “machine learning and AI to listen in on connected devices in enterprise settings, such as smart TVs and speakers.” It adds:
“They can use language recognition and object identification to snoop on personal and business conversations. From there, they can identify a set of targets for extortion or gain a foothold for corporate espionage.”
Attack surfaces are widening and it’s vital to ensure every “smart” device and phone, and every IoT enabled item of equipment is included in security protection, processes, monitoring, and constant re-evaluation.
Trend Micro concludes that collaboration with security experts needs to happen to mitigate risks and allow “defenders” to have visibility and control, adding:
“Real-time and zero-hour detection will also be crucial in proactively identifying known and unknown threats.”
Security experts can be internal to an organization or external. The key takeaway here is the need for “collaboration.” This collaboration to fight cyber threats needs to take place between every element of any business.
A breach of any kind can destroy a business. Employees are encouraged to do their best to ensure revenue generation and company reputation. In the same way, every person within a business should understand the damage an attack or breach can cause and how they can help to fight this risk.
Want to help secure your organisation? Sign up for a free demo and find out how we’re already helping organisations just like yours.
Subscribe to the Proofpoint Blog