The turn of the calendar to a new year is always a time filled with promise for what’s in store and what new initiatives will help your business grow over the next 12 months. It’s also a time to prepare for any new security threats that may be coming your way.
Data security is now one of the main risks for business continuity, which basically means something like a ransomware attack could not only mean days of downtime but also make it hard for you to come back at all from a devastating attack.
During the third quarter of 2019, the average ransomware payout rose to $41,000.
Downtime costs run in the range of $84,000 to $108,000 per hour, and downtime incidents average 200 minutes, which is over 3 hours. That’s a hit not many companies can afford to take.
The best defense is a good offense, and when it comes to your network security that means knowing what risks are emerging as major threats in 2020. Being prepared allows you to train your employees on dangers to watch for and beef up your firewall, web, and application security.
Emerging Cyber Security Threats to Watch Out for This Year
When budgeting for employee awareness training and other IT security needs for 2020, be sure to include protection against these following threats that have been on the rise.
Windows PowerShell Attacks
When we say “emerging” we really mean it in the case of Windows PowerShell attacks. They increased 1,000% in 2018 and remained a major threat throughout 2019.
PowerShell attacks are popular because they’re “fileless,” meaning there’s no malware-laden file for an anti-malware program to find. Instead, they cleverly send malicious commands to a legitimate Windows process.
Using limitations on the types of programs that PowerShell can execute and advanced threat protection programs that look for suspicious behavior, rather than just malware code, you can help protect your network against this growing danger.
Security Threats and Attacks on Mobile Devices
Mobile use is dominating our internet use as a whole, which is why mobile malware and mobile payment attacks have been increasing. Expect mobile security to be a major attack vector in 2020.
More payment transactions are now being made on mobile devices than desktops, which makes them lucrative targets for hackers trying to gain access to mobile wallets and mobile banking credentials.
If you haven’t yet put a mobile device security plan into action at your office, this year’s definitely the one to do that (sooner rather than later).
Phishing has gone from emails from a “Nigerian Prince” to spoofed Office 365 emails inviting you to share a file that look just like the real thing.
Phishing hybrids continue to grow, branching off from email phishing. You’ll now see phishing taking multiple routes, such as:
- Via text message
- Using WhatsApp and other messaging programs
- Social phishing on Facebook, LinkedIn, and others
- Phishing targeted at Office 365 users
User data security awareness training is one of your best defenses against phishing hybrids, because they’re squarely targeted at your employees.
Smart Gadgets (IoT Devices)
By 2022, there are projected to be 13.6 smart devices per person. This includes smart watches, speaker assistants (like Echo), smart locks, cameras, whiteboards, and more.
Businesses are taking advantage of smart devices that allow them to connect not only with other people, but equipment such as manufacturing sensors, the problem is that all these smart gadgets mean more endpoints to your network that can be hacked into.
Not changing the default name, password, and security settings on IoT devices is one major cause of breaches. As your office becomes “smarter” it’s important to include any new smart gadgets in your overall network security and monitoring plan.
Ransomware Continues to Grow
Ransomware has been around for a while, but it’s continuing to grow both in quantity of attacks and in ransom demands. Every time an organization has to pay a ransom in hopes of getting their encrypted data back, it emboldens cyber criminals to attack again.
The threat is getting so bad that in October of 2019, the FBI issued a public service announcement titled, “High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations.”
Ransomware protections include having multiple layers to your cybersecurity strategy, including malware detection, anti-phishing applications, and a recurring security awareness training program.
Insider Security Threats/Credential Theft
Hackers know that if they can get their hands on the login credentials of a legitimate user to your system, especially an administrator, they can gain access to all types of sensitive data.
This has led to a rise in credential theft resulting in an increase in insider threats to your network. While insider threats can also come from your employees, in many cases they’re the result of hackers getting their hands on login credentials.
The best safeguard to insider threats is to ensure you’re using good password security and employing the use of backstops like multi-factor authentication.
Is Your Cybersecurity Plan Ready for 2020’s Threats?
The new year is a perfect time to do a security review to ensure your cybersecurity plan is ready for new and emerging threats. B-Comp Services can perform a full review of your data security strategy and give you suggestions for any potential vulnerabilities.
Contact us for a free IT security consultation today at 303-282-4934 or through our contact form.