5 cybersecurity predictions for 2020
2019 is almost over and it’s time to review what’s waiting for us in 2020. 2019 has been an eventful year, with many data breaches, cyber attacks, ransomware, etc. 2020 will not be any different, it might actually be worse. We’re likely to see hackers changing their targets, switching methods but they’ll still be as dangerous as they have been in the previous years.
Without further ado, in no particular order, here are 5 cybersecurity predictions of 2020.
Third-party vendors will put companies at risk
Companies outsourcing tasks to third-party vendors is becoming more common, but it also brings new risks. According to cybersecurity company Symantec, supply chain attacks increased by 78% in 2018. That’s just in 2018, in the last year, there were many cases where third-party vendors were exploited to target a business or organization. Many data breaches of 2019 (including Target and DoorDash) were performed through third-party vendors.
It’s often the case that third-party suppliers are the weak link that allows hackers access to a company’s systems. That is largely due to the suppliers not being able to afford satisfactory level of cybersecurity. Since third-party vendors allow much easier access, hackers will continue to perform supply chain attacks in 2020, likely more so than in the previous years.
There will be more attacks on cloud services
The cloud has been relatively safe from cyber attacks up to now, with hackers having little interest in it. However, with businesses migrating their servers and data to the cloud, it’s becoming increasingly more attractive for cyber criminals. The cloud will store a business’s most important data, and if an attacker manages to breach it, there will be havoc.
Hackers operating ransomware in particular will increasingly target the cloud, particularly of companies and organizations that cannot afford to have any downtime, such as the healthcare industry. Past instances have shown that targeting local governments or healthcare organizations is not beneath cyber crooks, and it’s likely that these attacks will be even more common in 2020.
Cyber attacks targeting the healthcare industry and local governments will increase even more
The past couple of years have shown that targeting healthcare organizations and local governments is profitable for cyber criminals. Not only do they store highly valuable data but in some cases, they are also more prone to paying the ransom because of how negatively downtime affects them or how expensive restoring systems would be otherwise. Cyber crooks are exploiting this opportunity as much as possible, and more than a hundred ransomware attacks have affected local and state governments in 2019.
Cyber security experts always warn victims against paying the ransom but it’s not quite so simple when not paying means governments cannot function normally. Ransomware attacks can affect emergency services and everyday functions, and some local governments choose to give into the demands in order to restore everything quicker. Jackson County, Georgia, government officials made the decision to pay $400,000, Riviera Beach, Florida, paid $600,000, and Lake City, Florida, paid $500,000. Many local governments refuse to pay but restoring systems takes a while and costs millions of dollars.
This trend of attacking governments and health care organizations is not going away, and the number of attacks will likely only increase in 2020.
Businesses will invest more into cybersecurity
Cyber attacks are no longer a possibility for businesses, they are an inevitability. Preparing an organization for a cyber attack should become a priority for many. And with so many organizations suffering cyber attacks in the last couple of years, it’s likely that more and more businesses will realize this. Thus, companies will spend increasingly more on cyber security.
It’s not just about protecting its users, it’s also about the huge fines imposed on companies by authorities for failing to protect user data in case of a cyber attack. For example, the UK Information Commissioner’s Office is intending to fine British Airways with €204 million for the data breach the airline suffered in 2017. With GDPR in effect, companies that do not ensure users’ data security face a fine of up to €20 million or 4% of their annual turnover.
If companies want to avoid cyber attacks and stay on top of the game, they will need to invest more money into cybersecurity and plan ahead.
Phishing attacks via mobile will increase, and so will ones targeting businesses
Phishing will continue to be a dangerous nuisance in the future, but it will likely use mobile devices as primary targets. Many people are familiar with email phishing attempts, and many email providers are able to block phishing attempts, malicious links and dangerous files. Thus, switching targets would make sense.
Users are less cautious when using mobile and because mobile phishing is not as common yet, they’re more likely to fall for an attempt than when using a computer. It’s also more difficult to spot a phishing attempt when on mobile, which will attribute to the increased amount of attacks in 2020.
According to Verizon’s 2019 DBIR report, 32% of data breaches in 2019 involved phishing. The percentage will likely only increase in 2020 as many employees are still careless and press on links and attachments they shouldn’t. And if businesses do not invest in phishing prevention and cybersecurity in general, they will likely come to regret it later.