Cyber Security Trends in 2020Updated: January 09, 2020
At every beginning of a new year, people start searching for new trends - in every domain. The cybersecurity isn't left out either, because those working in this domain should be prepared for new forms of cyberattacks. In this way, they'll know how to act or to prevent various situations.
Still, the common person should be interested in this, too. Why? Because we are spending most of our day online, and we are exposed to a tremendous amount of possible hacks. Even though the terminology might not be as easy to understand as it is in other areas of work, we should be informed at all times; at least read a bunch of news regarding cybersecurity, and try to understand them at a minimum.
As 2019 is about to end - we still have two months ahead, it's not like hackers will stop what they're doing at 23:59 on 31st of December, and then start with new, fresh types of attacks. Some of the attacks that were considered successful in the past will still continue, some maybe posed an interest in the last month. It's all about what's working and what is not. Specialists are trying to "look into the future" while analysing the past, so that they can make predictions about the cyber security and malware trends for the upcoming year.
It's not like security threats will simply stop - cyber criminals are, too, investing time and resources in finding out new ways of attacks, and improving the ones that worked in the past.
Here are is the cybersecurity landscape in 2019. You'll find reports from Symantec, FireEye, Cisco and Kaspersky Lab.
Only in 2020 these companies will be able to create a cyber security report on 2019. Until then, let's take a look at the 2019 cyber security trends, then at the 2020 ones, after which we can compare them.
A phishing attack is when the cybercriminals tries (and succeeds) to get hold of the victim's private information (credit card data, passwords, credentials). Cybercriminals do this using two methods:
1. Tricking the user to give private information - This is achieved by creating compelling messages that convince the user to visit a third party website that will collect data.
2. Using call-to-actions so the user installs malware - The user is persuaded into clicking to download an attachment that will install malware on the victim's device.
This type of attack was a trend in 2019, because it's quite easy to trick people into doing the actions above. Also, cybercriminals were shifting away from targeting a company, to targeting specific person's (such as the executive manager, for example). They started creating emails which are more personal, making them harder to be considered as a threat.
As we were (and still) are on the developing path regarding IoT, cybercriminals were seeing this as an opportunity to attack. To refresh your memory, IoT comes from Internet of Things, and it refers to any device that is "smart" and connects to the Internet. Anything from a smart speaker, to your fridge.
The market for these kind of devices was supposed to grow in 2019, and it did; we are all into comfort, and making our lives easier with a smart home, right? But this comes with a small/big cost - these devices don't have the security as proper as it should be, and cybercriminals can take advantage of this. They can hack one of your devices, then hack your whole network. In other situations, they can even cut you out if you don't do as they say.
And this kind of attacks don't happen just in people's homes, they happen in companies, too; hackers have more to gain from attacking a company.
As we are constantly tied to at least one mobile device, it's no surprise that hackers are trying to push more attacks towards them. It's just like in using ads: find out where your audience is spending time, and push more ads towards that medium.
These attacks can be used in fraud actions, because using a mobile device to make payments is, usually, a much simpler process (or this is what it wants to be). You can authorise a payment with your fingerprint or with your face. According to RSA, more than 80% of fraudulent acts come from mobile devices (source)
Another way in which mobile devices can be used in attacks is when the cybercriminal wants to get into the network of a company. It will be much easier to crack the mobile device of an employee, and then make his way through the network, instead of trying to crack the network itself.
As every good thing has it's bad part, Artificial Intelligence doesn't stay away from this. Cybercriminals are finding new ways to attack, methods that can, actually, make their "job" easier. They can set up some kind of AI mechanism that can do the job for them.
Besides this, setting up an AI system or an automated one means that there should be a higher level of security, as these systems will not be monitored constantly - they will be set to to their job and that's it. Cyber criminals can take a big advantage from this, exploiting the artificial intelligence or the automated part.
Being able to reach your data whenever you want, from wherever you want is becoming a major necessity, I would say. Companies are shifting towards using cloud services, and cybercriminals will have another "window open".
As more and more companies are starting to use cloud-based services, cyber criminals will push their attacks towards those clouds. Even more so, most of the companies don't have the resources to build their own cloud service, so they use third-party companies. Here's a risk of those companies being attacked, as they might not have a super-secure system, or they have a bug, etc., putting more companies (their clients) at risk of data breaches.
Just above I've inserted the idea of the supply chain with the specialised companies that offer cloud services. The idea of a supply chain is, at the end, to have maybe a smaller cost, but better people doing it. For example, you company won't have to focus on delivery, marketing, or other services, because you "hired" other companies specialised in doing these things. Instead of finding the perfect employees that will deal with those tasks, you prefer having other companies engaged in these things, because their focus will be much higher.
Of course, this approach can come with some other costs, like harder communication and lack of control, as well as supply-chain cyber attacks. Cyber criminals started in 2019 to focus on this part, and they will continue to do it in 2020, because they can "perfect" this approach. Most of the time, the supply chain companies lack the high levels of security that the company who hired them has, so hackers see this as a big opportunity.
It will be great for companies that use supply chain firms to make sure they are choosing the right ones, ones that do care about their security and privacy.
I'm quite amazed at how this phishing didn't stop yet, at how people are still falling in the trap. On a personal note, I thought that my generation (around 25+ years old now) and the younger generations are smarter and more skeptical to what they receive through email and SMS. I thought that only the older people where amazed at the fact that someone new sent them an email with a link they were told to click on. But I am so wrong.
Apparently, teenagers and young adults (those that are between 12 and 20+ years old) think that everything that's online it's true. Or at least the majority does. But where is the sense of "wait, I shouldn't click on a link just because it came on Skype, from my friend. Maybe I should ask the person directly, before checking-out the link"? I truly hope this will change soon.
Taking this into consideration, phishing attacks are here to stay even in 2020, with even more types of attacks. Cybercriminals will be making things ever harder, as they will send out even more personalised emails, in order to better trick the receiver. And they've come up with different kinds of phishing attacks, that will most certainly be used:
- - email phishing
- - pop-up phishing
- - tech cold call scams
- - fake results phishing scams
- - voice phishing scams
- - pharming
- - spear phishing
Here are more details about them, as well as ways to protect yourself agains them:
We are at the beginning of a new era with the 5G network. More and more devices will be connected to the Internet, in your home, as well as around the cities. And cybercriminals have been waiting for this as you'd wait for the meal to come at lunch. Why? Because it poses a much bigger opportunity to attack the smart devices and to, maybe, take control.
Of course, engineers will develop smart devices with better security systems, but that doesn't mean that cyber criminals won't still focus, at least in 2020, in trying to hack everything in the IoT world.
There is still a big trend in moving towards cloud, as it can be easier to access, and cheaper to maintain. But big companies, who may have experienced some cloud outages, might rethink their strategy. Companies might start looking in 2020 into some hybrid environments, ones that can assure them more that they will not suffer severe damages in case of an outage. It will be like having a back-up electric generator - the power is off, but you will still be able to get some power on in certain areas, just to keep the business going, instead of full stopping for long periods of time.
There's a big potential regarding AI in cybersecurity. This is mainly due to an increase (which has been on the rise for a couple of years) in developing a better AI world. Developers are focusing on automation, and on creating intelligent software that can help them do stuff more efficiently and more quickly.
Of course, this is the case in cyber security, too, as Artificial Intelligence is constantly being improved. With the help of AI, companies will be able to track down possible attacks even before they can happen, or at least much more earlier than a human can do. And in 2020, the work towards improving this AI area, will continue.
Of course, cyber attacks directed towards mobile devices will certainly not stop. It's not like we, people, will stop using smartphones or tablets, hence hackers will still try to perfect the existing attacks, as well as find new types of attacks in 2020.
As Artificial Intelligence will continue to be improved and developed, cyber criminals will, too, be there to improve their attacks towards AI software in 2020.
So taking all of this into consideration, 2020 will be a year that will bring a new horizon regarding Internet communication, through 5G, as well as another year where cyber criminals will perfect the attacks that worked well in the past. Also, they will focus on the new opportunities the year will bring, in terms of IoT and 5G. We will not be spared from phishing attacks, as they are still one of the "best" ways to cyber attack somebody; especially when now there are so many types (even voice cal phishing).
On the other hand, cloud services will be rethought as a strategy, as companies will start to think about hybrid environments. Artificial Intelligence is, too, being developed in every single area, and it will most certainly be in the cybersecurity domain - recognising cyber attacks much more earlier, among other features.
In terms of protecting yourself in the online world, I would say that 2020 should be the year where you, as an individual, invest much more time in getting to know more about the Internet world. This means that you should focus more on how to protect yourself online, how to keep your privacy, and what to do if you've been hacked. The online world isn't going anywhere, nor hackers will. It will only grow bigger, so you might as well be prepared.