The Internet Crime Complaint Center (IC3) of the FBI has reported that the cost of cybercrimes doubled last year to a whopping $2.7 billion.
The IC3 reported that most of the complaints included personal data breaches, extortion, non-payment/non-delivery scams, and romance or confidence fraud.
What does that mean for your business?
With cybersecurity threats on the rise, it is crucial for your company to prepare for potential cyber threats you might face in 2020 and beyond.
Although attackers are constantly looking for new ways to infringe on the security of organizations, some strategies can help you combat these threats.
Table Of Contents
Top Cybersecurity Threats and How to Prevent Them
Here are some of the biggest cybersecurity threats that you should watch out for in 2020:
1. Phishing/Social Engineering Attacks
Phishing attacks are a type of social engineering attack during which the attacker creates a fraudulent text, email, or website that looks legitimate and tricks the user into providing sensitive information.
[Don’t confuse phishing with the above :)]
That sensitive information may include:
- Financial information
- Credit card info
- Passwords for online portals
- Corporate data
Phishing attacks are the most commonly used attacks by cybercriminals to target employees to gain access to sensitive information such as administrative account credentials.
Attackers then abuse those privileges to steal data, make it inaccessible or wreak havoc in your organization.
How big of a threat is this?
According to a report, 1 in every 25 branded emails is a phishing attack with over half of all phishing emails containing malware.
Generating phishing emails is effective, cheap, and easy which is why many attackers rely on these strategies to target companies.
With a minimal investment of time and effort, cybercriminals rely on this low-risk and high-reward strategy to attack companies.
How Can You Prevent Phishing/Social Engineering Attacks?
You can minimize the risk and potential damage caused by phishing and social engineering attacks by taking preventive measures such as:
- Provide regular training to employees to educate them about the latest phishing trends and how attackers can attempt to trick them via phishing emails, texts or websites.
- Use anti-phishing software or tools that detect fraudulent emails containing dangerous links or requests asking for credentials or any kind of sensitive information.
- Employ the policy of least privilege access for accounts in your system to limit the access of each user to the minimum required for them to complete their tasks.
These are some of the most effective ways to prevent phishing and other social engineering attacks.
As the name indicates, ransomware is a form of malicious software that encrypts and locks a victim’s system or computer data, and then demands a ransom for restoring access.
Ransomware holds your personal information hostage, keeping you from accessing your data including financial information, photos, documents, etc.
It can be deployed in various forms. While some variants are more dangerous than others, they all have one thing in common: ransom.
Some of the most common types of ransomware include crypto-malware, where the attacker encrypts things like your hard-drive, computer system, files, folders, etc.
Another popularly used ransomware attack is lockers, where the attacker completely locks out the victim from their devices or computer, making it impossible for them to access any applications or files.
Ransomware is one of the most dangerous malware attacks as attackers might not give the victim the decryption key, even after the victim has paid the ransom.
Hence, it can be quite complex to regain access to your device or data after a ransomware attack.
How Can You Prevent Ransomware Attacks?
Ransomware is a profitable market for cybercriminals. It’s difficult to completely prevent this type of attack. However, you can take preventive measures to protect yourself from these malicious attacks.
Here are a few effective steps that you should take to prevent ransomware attacks:
- Keep your software up-to-date: It may sound simple but keeping your software up-to-date can empower your system and its data with better security standards and protect you from cyberattacks.
- Be wary of unknown emails or attachments: Ransomware attacks are mostly delivered by emails. Attackers know how to work their way around legitimate emails and can easily replicate branded emails and ask you for sensitive information. Avoid opening attachments or emails from untrusted or unfamiliar sources.
- Use cloud storage: Many cloud services retain previous versions of folders, files, and other data, allowing you to decrypt them in case attackers encrypt it.
- Regularly backup sensitive information: Even if you pay the ransom to the attacker, chances are they might ask for more money or never bother to release access for your data. So it’s better to regularly backup all your sensitive files and data. In case of a ransomware attack, you can simply restore your data from the backup instead of paying the ransom.
3. IoT-Based Attacks
Insecure IoT (Internet of Things) devices have become one of the biggest cybersecurity threats for many businesses around the world.
While social engineering attacks and financial data theft continue to be among the top security threats, the prospect of hackers attacking wireless devices and using them as a weapon against companies or customers is becoming a greater concern.
Businesses are increasingly connecting devices to their networks, and then failing to regularly update the software. Insecure IoT devices connected to an open network or internet are a disaster waiting to happen at any moment.
In IoT-based attacks, cybercriminals sneak malware onto a network by using a victim’s internet-connected smart devices such as appliances, enabled speakers, Wi-Fi, alarm clocks, etc.
Attackers target IoT devices because their security is often overlooked, making them much more vulnerable and easier to hack.
Attackers can hack unsecured security cameras, for instance, and then use them as beachheads to gain access to the rest of the company’s network. Or they can combine multiple devices or networks together into botnets and launch dangerous DDoS attacks.
How Can You Prevent IoT-Based Attacks?
Cybercriminals often exploit vulnerabilities of IoT devices to gain access and spread malware. By doing so, they can enlist millions of devices connected to the compromised network and drive large-scale attacks.
Here are a few effective ways to thwart IoT attacks:
- Create a thorough inventory of all the internet-connected devices on your network and track which operating systems they run. Separate these devices into a separate subnet with restricted access.
- Ensure that your firmware is updated for all these devices
- Examine how each device impacts the entire network and the cost of implementing enhanced security measures in them.
4. Credential Stuffing
Credential stuffing is the process of automating the injection of breached login credentials to fraudulently gain access to user accounts.
In such an attack, a large number of breached credentials are automatically entered into websites until they are matched with an existing account, which the attacker can hack for their purposes.
Why should you be concerned about this type of attack?
Credential stuffing is one of the most commonly used attacks to take over user accounts.
The attacker usually acquires spilled credentials from a password dump site or a website breach. Then they check these stolen credentials against multiple websites such as social media sites, or bank websites.
A successful login allows the attacker to take over the user’s account and carry out malicious activities such as stealing credit card info, transferring money into their own account, using store value, etc.
How Can You Prevent Credential Stuffing?
To protect yourself from credential stuffing, consider taking the following measures:
- Implement multi-factor authentication for account logins.
- Use different passwords for every program or account your employees’ access. So if an attacker hacks into one user account, they won’t be able to access more accounts.
- Create a strong password policy such as unique passwords, or complex passwords that entail a combination of uppercase letters, lower case letters, numbers, and special characters. Do not allow users to use passwords that have been compromised (see https://haveibeenpwned.com/).
5. Database Exposure
Database exposure is often the aftermath of a security breach.
It can occur in various ways – hackers might steal login credentials through malware or social engineering attacks to gain access.
These databases may include sensitive information such as bank credentials, financial records, customer contact information, or identity records such as social security numbers.
For instance, if a database exposure occurs that releases the names, contact numbers, email addresses, and birthdates of users, an attacker might leverage that information for identity theft or potential social engineering cyber attacks.
How Can You Prevent Database Exposure?
A database exposure could jeopardize a company’s reputation and impact its credibility.
Here are a few impactful ways to protect your organization from a potential database exposure:
- Keep physical hardware in a secure and locked facility if you have a private server. In case if your building is robbed, it helps to prevent theft and keeps unauthorized personnel from accessing sensitive information.
- Implement a strong web application firewall and a database firewall that will protect your data on the internet.
- Give limited access to users.
- Encrypt the data on your server and keep a regular backup.
- Ensure all applications that interact with the database undergo security reviews.
6. AI-Powered Cybersecurity Threats
Cybercriminals continuously acquire knowledge of the latest security developments and learn how to use sophisticated methods like AI models to breach an organization.
They are well aware of the capabilities of AI and generate intelligent malware programs that self-propagate over a network or system.
For instance, AI-enabled attack vectors insert malicious links into existing email threads. Similarly, AI-powered attacks can do a robust impersonation of a colleague to help ensure that an attack such as phishing, fraud, etc is exploited.
Moreover, hackers also leverage application features as an AI trigger to carry out security breaches or cyber-attacks. These app features can range from identity management features to authenticating processes like visual or voice recognition.
Many apps use these features, and hackers can easily use them to their benefit by feeding weaponized AI models, deriving private keys to determine the time and place of the malware, and conducting security breaches at their will.
How Can You Prevent AI-Powered Cybersecurity Threats?
The rise of AI-powered cybersecurity attacks has become a concern for many businesses.
Here are some useful tips that can implement in your organization to protect it from such cyberattacks:
- Install antivirus software on your devices and computer systems. Make sure you keep it up-to-date.
- Use a Virtual Private Network (VPN) as it obscures your physical location and IP address that can help you go a long way in enhancing your security setup.
- Whitelist applications that are allowed to run on your network and prevent all unknown applications.
- Implement robust logging and alerting to detect unusual activity.
7. Insider Attacks
Insider attacks are one of the biggest cybersecurity threats that companies have to watch out for year after year.
One careless mistake by an employee or a deliberate action that compromises the security of an organization can cause potential damage.
Access to sensitive information and crucial data enables employees to abuse their access privileges for personal gain. Or they may unknowingly download malware onto their work devices and that malware can further cause havoc.
Whether through an unwitting accident or intentional malfeasance, employees can put the entire organization at risk, making it vulnerable to security breaches.
These attacks are difficult to predict and prevent without proper preparation.
How Can You Prevent Insider Attacks?
There’s no one-stop solution to prevent insider attacks because of their unpredictability and complex nature.
Preventive measures and ways to contain a breach caused by an insider include:
- Have security policies and guidelines and ensure that your employees are complying with them.
- Implement the policy of least privilege access to limit what IT resources and systems any user can access to complete their jobs.
- Make sure you revoke a user account’s access privileges if it has been compromised as it will help contain the attack and prevent more damage from happening to the system.
- Have robust logging that feeds into a Security Information and Event Manager (SIEM) with rules that alert on unusual behavior.
In the ever-changing cybersecurity landscape, there is a constant rise of both cybersecurity solutions as well as threats.
While simple tactics such as keeping your software and systems up-to-date play an important role in protecting your organization against cybersecurity threats, you should not overlook how attackers are using more sophisticated technologies such as AI to target companies.
Make sure you’re implementing robust strategies such as those above to help protect your organization and its data.
Author Bio – Aaron Cure
Aaron Cure is the Principal Security Consultant at Cypress Data Defense and an instructor and contributing author for the Dev544 Secure Coding in .NET course.
After 10 years in the U.S. Army, I decided to switch my focus to developing security tools and performing secure code reviews, penetration testing, static source code analysis, and security research.
- Comparison and Differences Between IPS vs IDS vs Firewall vs WAF
- 11 Best Open Source Firewalls Comparable to Commercial Solutions
- What is a Network Security Key in Home Wireless Networks?
- 7 Types of Firewalls in I.T and Computer Networks Explained
- Scanning and Fixing the BlueKeep (CVE-2019-0708) RDP Vulnerability