In 2020, Cyber threats have grown in their size and complexity since the pandemic hits the world tremendously. Today, we’re going to be talking about the top cyber threats of 2020, and how these could shape information security threats for your personal and business activities moving into 2021.
These cyber threats are emerging rapidly in cloud-based businesses, which has been compounded by the number of people working remotely due to the pandemic. This has led millions of businesses to adopt new techniques and deploy advanced technologies to protect them from these cyber threats- but the risk of your orgnanisation being targeted by a cyber threat persists.
I believe we will all be responsible for our own security – no vendor, service provider, or even government entity will save us.
Sean Martin
These organisations are now investing a huge amount of money in anti-virus and malware software to protect against cyber threats. The threat is not going away anytime soon. New threats like voice phishing, ransomware campaigns and business email compromise (BEC) attacks have become a sad reality of conducting business in the modern era.
As per the ACSC Cyber Threat Report 2020, Cybercrime is one of the most serious threats facing businesses in Australia and worldwide. Cyber threats remain the most significant threats in terms of their overall volume and their impact on individuals and businesses. With that in mind, let’s discuss these emerging cyber threats of 2020 and learn the easy ways to reduce the cyber threats vulnerabilities and fix these problems coming into our daily routine.
Click here for your Free ISO 27001 Gap Analysis Checklist
Top Cyber Threats of 2020
1. Phishing Attacks:
Phishing is a method to gather personal information and attack someone’s identity through various tactics, both simple and sophisticated. It is a web-based software that aims to steal the information of the general public using SEO tools. It is a type of attack that a person could get in the form of a message or an email with the link to download something. If you are shopping for something online on an e-commerce website, you can directly share your card details while trusting the vendor and their information security systems. At the same time, you would presumably never shop on any website that looks untrustworthy or share your details with them.
The hackers then come into action to take advantage of this trust. They disguise themselves as a legitimate e-commerce web developers and make you confident enough that you are safe to share your details with the site. The moment you share your details with that website, the hacker can steal your information instantly. Remaining vigilant and only using legitimate applications and websites while carefully identifying the difference between real or fake websites can protect you from a phishing attack or e-commerce scam like this.
“If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.”
― Stephane Nappo
2. Remote working: Endpoint Security
The potential of coming into contact with cyber threats, specifically targeting remote workers and their endpoint security is huge post-pandemic. While companies might be using remote work policy, likely, this policy does not address security threats while working remotely, let alone propose solutions. COVID-19 is sending shock waves around the whole world. This pandemic has stopped people and continues to pose a huge threat for employees working remotely to contact these cyber threats.
When an employee is working remotely with an unsecured system, a hacker can encounter their endpoint security. An endpoint is a connection between the sender and receiver from the devices, e.g., laptops and computers, to transfer the data between their device and the organization’s system. Each connecting endpoint poses a large potential threat that could be hacked by a threat actor at any time. Implementing safe procedures and policies using VPNs and giving limited access to users are the best minimum information security measures you can implement to avoid these threats.
3. Cloud Jacking:
Cloud jacking occurs when a cybercriminal gains access to your cloud account’s server and steals your personal and potentially financial information from a cloud account. Cybercriminals often use this activity to conduct cyber crimes and create cyber threat campaigns- such as identity theft.
These cloud hackers mostly target bigger businesses that often secure confidential, sensitive information on cloud servers. Some major cloud jacking tracks are easy for hackers to break the fake protection layer. When it relates to sensitive information, these security breaches can be horrifying for the clients, partners, and the businesses’ own reputation.
Cloud jacking is not simply a one-time offense, as it creates a web of victims. There are several things you can do to protect your business, clients, and partners from falling victim, require strict, multi-factor user authentication, limit internal access to your cloud server with stronger passwords.
4. Internal Threats:
The 2019-2020 Verizon Data Breach Investigations Report (DBIR) shows that 34 percent of breaches involve an organization’s internal staff. These internal threats involve malicious attacks, the negligent use of systems and data by employees. To protect against these threats, organizations need to quickly and accurately detect, investigate, and respond to issues that could be indicators of insider attacks. Common antivirus and anti-malware tools are usually not effective against these threats, as internal threats require specialized tools.
These tools detect internal threats by monitoring below points:
- Unauthorized logins approvals.
- New apps are installed on locked computers or other electronic devices.
- Recently granted admin rights to a device.
- New devices on restricted networks.
These tools may combine machine learning and artificial intelligence to identify anonymous malicious activity, suspicious changes, and threats caused by system misconfigurations in a short span of time. Cyber threats can present themselves in a concise span of time, so the tools you’re deploying should be sophisticated enough to combat them accordingly.
5. 5G – Wi-Fi Vulnerabilities:
The constant search from the cyber community to fill the gaps to protect their internal and outer information security has never been achieved. Attackers will undoubtedly find new vulnerabilities in the 5G-to-Wi-Fi handover that employees, be them remote or in-house, rely upon to conduct their work.
The launch of the Apple iPhone 12 in 2020 is beginning to push consumers to switch to 5G networks. With these 5G networks rapidly emerging, many consumers are switching wifi services for cellular services. As a result, they end up delivering their information to cloud hackers. The software vulnerabilities in this handover process provide an opportunity for hackers to compromise security in several ways.
As we all know, 5G is steadily spreading over across the world. It is available actively more in public areas like airports, shopping centers, and hotels, etc. The electronic information of users on their cellular-enabled device is communicating via Wi-Fi access points. These wifi access points send signals, potentially to hackers, where they attack your identity and conversation recorded. Technicians predicted that with the new complex transition from 5G -to- Wi-Fi, hackers could leave security vulnerabilities that will likely be exposed soon.
In the end, we must be aware that staff will always be both an organization’s greatest asset and greatest risk, especially in the context of cybersecurity. One wrong click by a staff member, whether intentional or not, can destroy networks and reputations. Improving staff awareness of cybersecurity issues and threats, including the risk environment for your organization, needs to be a priority for all businesses.
If you’re interested in training your staff with the best practices of online security, you should consider getting your organisation certified to an Information Security Management System like ISO 27001.
