Mobile, AI and cloud will continue to be exploited by criminals this year as awareness of these risks is not a common practice across organisations. The lack of cybersecurity skills in house, awareness, education, changes to systems along with the growth and development of software are the key areas criminals will be exploiting.
Here is what I believe the year ahead in cybersecurity has in store for us:
Phishing on mobile devices will become more common place and will ultimately lead to corporate attacks as personal mobile devices are often overlooked by large organisations. Personal devices don’t have the same secure gateways, firewalls and phishing prevention that your business has in place.
Key areas of mobile device attack may include but not limited to:
- Sim swaps or cloning
- Personal email
- Social networking apps
- Secure messaging apps
MFA is the new 2FA
Authentication will move from two-factor (2FA) to multi-factor (MFA), including biometrics. Most companies have implemented one-time authorisation codes to provide 2FA, 2FA has been circumvented in advanced phishing attacks To protect against credential theft organisations should consider adopting MFA and biometrics using mobile devices. This strengthens authentication and improves user experience and reduces the risk of mobile device causing security risks to the business.
Organised criminals will move from banking trojans and instead focus on smaller ransomware attacks which are easier to anonymise, easier to exploit, and require a less targeted and organised attack.
UK adoption of 5G infrastructure will become a big part of the technology advances in 2020. This will give rise to an increase in new computing capabilities and a host of new connected devices. This will highlight existing issues such as authentication, confidentiality, authorisation, availability and data security of mobile devices.
Now is the time to review the risks BYOD brings to your organisation and in the future.
Legacy Operating Systems (OS)
These will pose an even greater risk to organisations globally
Support for Windows 7 will cease in 2020 meaning Microsoft will stop patching and updating the OS even when if a significant security vulnerability is found.
Cyber criminals will be exploiting these vulnerabilities to gain access to companies’ systems and data, similar to the incidents we saw when windows XP went end of life. In some cases, IT professionals have reported encountering and supporting even older OS’s.
Licencing of new software and Operating systems will outweigh the financial costs of a serious data security incident so spend the money and reduce your risks
Social engineering attacks on employees will become more common place as the increase in organisation security and awareness makes it more difficult and costly to circumvent.
The human factor is still the biggest weakness in any organisation, and this will continue to be exploited.
Hackers and cyber criminals may offer large amounts of money to insiders to gain access to valuable information. The amount offered is dependent on the insider’s position and level of access within the organisation and type of data that they are trying to access. Recruiting insiders has previously occurred via blogs or forums offering money for information and quire often through blackmail.
As a result, attacks on users in order to obtain compromising data are predicted to increase.
Achieving cyber resilience in your practice or chambers in 2020 with Sprout
To speak with one of our team about cyber resilience challenges and opportunity in the New Year and beyond, please call Sprout IT today on 020 7036 8530 or email us.