Techradar gurus predict that 2020 cyber threats will look a lot like the cast of characters responsible for many of the breaches that have occurred over the past few years. Here’s what to avoid in the coming year:
- Email fraud
- Ransomware attacks
- More attacks on cloud environments
What Email Vulnerabilities Will Be Exploited?
Email remains a major entry point for hackers. Credential theft, business email compromise and malware are likely to thwart the efforts of countless network administrators. Here are the areas that are most vulnerable to attack and what to do about it:
- Credential theft is the most effective way to gain access to secured databases. Targeted and mass-mailed attacks are equally effective. It only takes two or three people falling victim to attacks to pave the way for additional phishing emails disguised as trusted senders. It’s important to find out if your company can identify compromised credentials and block phishing emails.
- Business email compromise is sometimes an advanced form of credential theft, with attackers posing as known senders. Attackers also insert themselves into email conversations from internal or external sources. They can then modify key data, such as bank routing information. Some companies have lost millions this way. To protect your company, offer user training to show employees how to avoid suspicious emails.
- Dropping bots and malware: people still attach documents, such as invoices and shipping notices, to emails. Does your company have controls around email to identify and block malware attachments, disguised as legitimate documents?
Will Ransomware Attacks Continue?
Ransomware incidents account for a third of attacks that have the biggest impact. Ransomware causes considerable disruption from financial losses to systems unavailability. Recovery usually takes 5-10 days, with many weeks of validation and cleanup to follow.
For network admins, ransomware attacks often occur after hours or on weekends. Along with upgrades and patching, you should expect to spend more hours testing solutions that arise, such as firewall updates and advanced security protocols.
What Old Tricks Will Be Targeted at Cloud Environments?
Despite the lightning-fast pace of technology, it seems like old enemies will continue showing up where they’re least wanted. Brute force logins, PowerShell and RDP attacks and credential stuffing are not yet things of the past.
However, the battlefield may well move to the cloud, as more businesses migrate to off-premise data storage and application support. To prepare for this new wave of cyberattacks, ensure that your security team or managed service provider has visibility and control over your SaaS, IaaS and PaaS systems.
With the new year looming, now may be a good time to invite in cybersecurity specialists, who can evaluate your system and recommend ways to improve your network’s security and performance.