The 2020 state of cybersecurity: 2 ways enterprises need to prepare
Securing all forms of data is, and will continue to be, an ongoing challenge for individuals, organizations and enterprises as we head into 2020. Just look at the past year—one of the most notable cybersecurity threats that plagued cities, individuals and other organizations (especially healthcare) was ransomware.
And when you look at the numbers, they’re staggering. As of this past August, 140 ransomware attacks have targeted public state and local governments as well as healthcare providers this year, with two-thirds of publicly known attacks targeting the former. The point is that malicious actors are tenacious, creative, and will keep finding new ways to get what they want: your data.
And, as with every new year, comes new—and often unforeseen or even unfathomable—threats to cybersecurity and the data, apps and technology that we’ve all come to rely on every day. As someone who’s worked in cybersecurity throughout my entire career, there are two things I believe we’ll see make headlines next year that every enterprise should be aware of and prepare for.
The convergence of physical infiltration with cyberattacks, challenging security across the board
Cyberattacks on an enterprise or a government can be carried out remotely but, in 2019, we started hearing more about the physical element added to the mix. Just look at the woman who had a thumb drive loaded with malware that got into Mar-a-Lago. Although she wasn’t able to successfully tap into the network, she still had a convincing enough story to get past physical checkpoints manned by the Secret Service.
And it doesn’t take sophisticated software or intelligence operations to execute these attacks – a well-planned, staged scenario is all it takes. For instance, someone could pose as an electrician to gain physical access to a hospital being built, walking around unimpeded until they find an unprotected device to access the network. I believe we’ll see more of these high-profile, hybrid cyber-physical attacks in 2020.
AI and speech technology will be exploited, making voice a new weapon of choice
If there’s one thing that malicious actors are good at, it’s creativity. We’ll see business email compromise (BEC) extend further over into voice next year.
Even though many organizations have educated employees on how to spot potential phishing emails, many aren’t ready for voice to do the same as they’re very believable and there really aren’t many effective, mainstream ways of detecting them. And while these types of “voishing” attacks aren’t new, we’ll see more malicious actors leveraging influential voices to execute attacks next year.
And it’s not as hard as it sounds—it’s easier than ever to get an audio clip of an executive, CEO or world leader giving a speech and then altering it for nefarious purposes (what’s known as a deepfake). Imagine receiving an urgent call or voicemail from your “boss,” asking to share credentials for a secure platform or system. Without any packaged-up, off-the-shelf solutions to help detect these threats, we’re going to see a lot more voice-related attacks in 2020 that will be harder to identify and even harder to protect against.
With these looming threats, organizations need to be proactive, be vigilant and think like the enemy.
These are just two strategies we’ll see malicious actors exploit next year, in addition to all of the other creative, and yet destructive, ways to gain access to critical data. Keep in mind that these actors have this one goal in mind, because there’s a giant pot of gold at the end of the rainbow.