A variety of new and evolving cybersecurity threats, some featuring the malicious use of artificial intelligence, have IT security professionals on high alert. Researchers predict a rise in the use of fully automated bots that can carry out widespread attacks on their own. The scary potential of such threats is one reason most industry analysts expect global spending on security-related hardware, software and services to increase significantly over the next few years.
As alarming as these emerging threats may be, however, a range of old, familiar vulnerabilities will likely pose the greatest risk to businesses in 2020. Weak passwords, malicious websites and email-borne viruses remain among the most common attack vectors.
Here are five of the top security considerations for the coming year:
Outdated systems. Windows 7 and Windows Server 2008 become dead technology on Jan. 14, 2020. After that date, Microsoft will no longer provide critical updates or security patches, nor will it fix any vulnerabilities discovered after that date. The millions of devices still running these operating systems will be vulnerable to myriad risks. You can bet that cybercriminals are well aware of the deadline and have plans in place to target these systems. If you haven’t already started the update process, it should move to the top of your priority list.
Password exploits. It is estimated that more than 80 percent of all hacking-related breaches leverage weak or stolen passwords. Studies find that millions of people still use easy-to-guess passwords such as “12345,” “qwerty” and “password” on sensitive accounts. Biometrics, keyboard pattern recognition and other authentication technologies are becoming more reliable and may eventually make passwords obsolete. In the meantime, organizations should continue with education and training programs and consider adopting password managers.
Phishing attacks. Microsoft reports that phishing attacks increased by 250 percent this year. Email is by far the most common delivery mechanism, accounting for more than 90 percent of phishing exploits. Organizations can no longer count on basic anti-spam and content-filtering solutions to secure email. AI-powered authentication techniques and header anomaly analysis dramatically improve the ability to block phishing emails. Cloud-based solutions with strong identity and authorization features offer another alternative.
Ransomware. Ransomware attacks on businesses increased by 500 percent this year, according to Malwarebytes. Preventive measures typically focus on educating employees about the dangers of opening unsolicited emails. In addition, email systems should be configured to block executable files. Regular backups with offline storage can help you recover in the event of a successful attack. In 2020, it would also be a good idea to explore emerging AI-powered ransomware prevention products featuring advanced pattern detection capabilities.
Cloud security. The massive breach of Capital One customer data hosted with Amazon Web Services has refocused attention on cloud security. As a result, more organizations are deploying cloud access security brokers (CASBs) that sit between their on-premises IT infrastructure and the cloud to enforce IT policies and access controls. CASBs can also be integrated with firewalls, secure web gateways and web application firewalls to boost cloud security.
Cybersecurity has always been a cat-and-mouse game in which IT pros and cybercriminals continually refine their tactics to stay one step ahead of one another. As technology evolves in 2020, so will the threat landscape. While it is important to understand emerging threats, organizations must also remain vigilant and continue to protect themselves against tried-and-true attack methods.