Due Diligence – 5 Emerging Threats You Should be Preparing for in 2020.
September 22, 2020
5 Emerging Threats You Should be Preparing for in 2020.
By Wes Britten
Throughout the last decade, new digital threats have emerged from many different avenues of attack. Not all those threats result in what me might call a ‘typical breach,’ where PII is stolen or financial information is compromised and then sold on the dark web. Any breach of secured data for any reason poses a huge problem to businesses in all sectors, and with new methods of attack being discovered all the time, it is more important than ever to do our due diligence on and mitigate these emerging threats wherever we can.
- Insider Threats
Insider threats are one of the most dangerous threat vectors a business can face. This is partly because they come from a trusted source, and because employees are often privileged to have access to the most sensitive information a company holds. In 2019, it is estimated that up to 64 percent of all cyber-related incidents occurred due to insider threats.
There are several different types of insider threat that can have far-reaching financial and reputational consequences to affected businesses.
- Corporate Fraud. The average instance of fraud takes 16 months to be discovered and can have huge financial implications, especially in smaller organizations. Although this can sometimes be difficult to spot without forensic financial analysis, keeping an eye out for employees that have personal issues like debt, divorce or legal problems, might provide an early indication that increased monitoring could be required.
- Insider data theft. A malicious employee with access to sensitive data has the potential to cause significant harm to a business. This can be mitigated somewhat by segregating responsibilities and giving employees the lowest access levels possible.
- Negligence. Often caused by the lack of adequate training, carelessness during online activities can quickly result in malware or ransomware infections. The best way to mitigate this is to regularly evaluate cyber awareness and other training programs in order to keep staff trained to the highest feasible standard.
- Technology Upgrades
Technology upgrades are always a threat, and we live in a time where they happen almost constantly. Keeping up with new tech, and with the new ways that your tech can be compromised, is a constant battle. One of the biggest technological upgrades will come in the form of 5G cellular networks. 5G will increase the speed of data transfers and will require more robust security measures. Deploying it to new locations and in new ways will reveal new security issues that will need to be mitigated.
- Phishing and SMishing
Phishing is obviously not a new threat and most people are aware of what it is and how to avoid it, but it still poses one of the most significant threats to businesses around the world. Cyber awareness training, even on a very basic level, can help to mitigate the risk posed by phishing.SMishing is short for “SMS phishing” and utilizes a text message that encourages a recipient to download a malicious file within the message. With the increased use of third-party messaging apps like WhatsApp, LinkedIn direct messages, or Slack, these messages can be received both on a mobile device and in a desktop computer environment, making networked devices more vulnerable to them.
- Targeted Ransomware
Ransomware has been around for several years now and has proven itself to be a particularly effective money-making activity for criminals. It is difficult to make a decision on how to proceed when affected by ransomware, which is one of the reasons why some businesses pay the required ransoms in order to restore access to their systems or data. Understanding how to recognize a ransomware threat can be the key to responding appropriately and to securing your data.
- Stay up to date. Staying on top of official software and security updates is an important part of keeping your devices and networks secure.
- Run regular Security Scans. Scanning regularly will allow you to identify malicious software quickly and act to remove it before it becomes a problem.
- Education and training. Most attacks, including ransomware, begin with employee or user negligence. Keeping everyone trained and aware is the best way to secure your data.
This one may sound a little far-fetched, but it is a legitimate security threat to businesses and is becoming harder to detect. Deepfakes are digital representations produced by sophisticated artificial intelligence that can yield fabricated images, video or audio that appear to be real. In 2019, a US energy company was defrauded of $243,000 when a deepfake was used to produce fraudulent audio of the company’s CEO. There is no doubt that more attempts will be made to utilize this technology, using deepfakes of decision-makers to deceive employees into transferring funds or making other critical decisions. It may be time to start requiring 2-person or 2-factor authentications for more of your business processes.
There are obviously more than 5 emerging threats that you should be prepared for, and securing your data against, but doing so for just a few can have the positive side-effect of securing against many others. Being positively engaged in both staff awareness and in following security threats and solutions will have the biggest benefits to your business.