Today more and more of government and business’ infrastructure are moving online. As technology keeps evolving at an exponential pace, newer forms of cyber threats are also evolving.
This is making businesses and government agencies vulnerable to cyber attacks and data breaches in which sensitive information can get leaked. Political interference and state-sponsored cybercrimes are also on the rise.
Cybersecurity is unquestionably a growing matter of public concern. Here are a few of the cybercrime trends you need to be aware of.
Social engineering attacks
Social engineering attacks like phishing have always been used by attackers to trick victims into surrendering sensitive information like login details and credit card information. Though most organisations are enhancing their email security to block phishing attacks, cybercriminals are coming up with sophisticated phishing kits that aid in data breaches and financial fraud.
Since phishing is an effective, high-reward, and minimal-investment strategy for cybercriminals to gain legitimate access to credentials, it will continue to be a big cybersecurity threat in 2020. In fact, the 2019 Data Breach Investigations Report by Verizon reveals that phishing remains the number one cause of data breaches globally.
SMiShing (SMS phishing) is another form of social engineering attack that will gain prominence in the near future. The immense popularity of apps like WhatsApp, Viber, Slack, Skype, WeChat, and Signal among others is encouraging attackers to switch to these messaging platforms to trick users into downloading malware on their phones.
Ransomware attacks
Ransomware continues to be one of the greatest threats on the Internet today. Ransomware attacks doubled in 2019 compared to the previous year and the trend will continue this year as well as cybercriminals discover code innovation and newer, more targeted attack approaches. There are also advanced decryption tools available on the market to combat these types of attacks.
Artificial intelligence (AI)
Artificial intelligence is the latest technology tool that is impacting the cyber security landscape. While governments of enemy states are deeply researching and developing AI to cripple each other’s civil and army infrastructure, terrorist organisations and criminal gangs have also started leveraging the power of artificial intelligence for fraudulent activities and financial gain.
So, it’s not just about the war against countries but also the race between phishers, hackers, crackers and data thieves. Cybersecurity experts also have started to tackle threats using AI-driven tools. Since artificial intelligence can learn to identify patterns of cyber attacks, it can also learn to disguise the same behaviour and combat these attacks.
Thus, the simultaneous development of offensive and defensive capabilities of AI systems will become widespread, more available, and simpler to deploy.
5G and IoT devices
5G carriers such as Verizon, who recently signed an agreement with Samsung for their 5G network, are stimulating customers’ expectations about the new technology. As 5G networks roll out, we can expect a dramatic increase in the use of IoT devices. This will result in a massive rise in vulnerability of the network to multi-vector fifth generation cyber threats.
This is because IoT devices and their connections with the network and the cloud are still quite weak and will not be able to manage ever growing personal data that needs far stricter security against theft and breaches. To deal with these issues, we will need a more holistic approach that combines both traditional and modern access controls to protect these networks across various industries.
Vehicle hacking
The cars of today are like moving personal data reserves. They are fitted with a range of GPS devices, in-car communication systems, sensors, and entertainment platforms that make them an increasingly attractive target for hackers and data thieves.
Cyber attackers have already learned to access personal networks through interconnect smart devices and home appliances owing to the lack of security protocols among several device manufacturers and home service providers. Similarly, in the coming years, your car will increasingly become the choice for criminals to gain access to your personal information and to your day-to-day lives. The idea of hijacking self-driving cars may seem far-fetched at the moment, but it’s a serious threat that is already worrying car manufacturers as well as law enforcers.
Cybersecurity skills gap
Hackers and phishers are clearly not stopping, so businesses will have to come up with cybersecurity strategies to stay in business. This is creating a skill gap and the deficit will become a growing matter of concern during the first half of the new decade. From 2014 to 2020, the number of unfilled cybersecurity job positions has increased to 4.5 million from just 1 million.
Therefore, there is going to be a greater need to invest in training existing staff on ways to prevent or mitigate cyber attacks as well as hiring experts with the right skills to detect emerging threats that can make industries lose millions of dollars.
Mobile devices
The emerging cyber threats and the increased use of mobile devices for Internet use, especially social media in combination with inbuilt cameras, makes an ideal target for cyber attackers. With the ever-growing number of mobile users, there is also a rise in employees routinely accessing corporate data and applications through their devices. This gives hackers an opportunity to override conventional secure email gateways and firewalls. As soon as they gain entry into your devices, hackers can steal and manipulate your business data easily. In addition to that, phishing emails, insecure WiFi connections, and mobile spyware further increase the risk of data breaches.
Deepfake
First coined by Reddit users in 2017, ‘deepfake’ is a fake video or audio recording that cybercriminals use for illicit purposes. For instance, amateurs and criminals have created deepfakes by swapping people’s faces in videos or altering its audio track.
This AI-based technology has made steady progress as algorithms are better able to process data today. As the technology matures, cybercriminals use it to foster disruption across various industry segments, mainly financial markets, media and entertainment, and politics. In fact, deepfake can pose a huge threat to the upcoming 2020 elections.
In the business world, these AI-generated fake videos or audios can be used to impersonate CEOs, steal millions from enterprises, spread wrong information about them, and interrupt business operations. In the coming years, deepfake will evolve into a sophisticated and convincing method of forgery, making it a huge cybersecurity threat that organizations need to be wary of.
Quick cybersecurity tips;
m Prioritise cybersecurity by setting up a security strategy to assess and classify the data you handle and the type of security you need to protect them. Run a security audit on a regular basis;
m Focus on cybersecurity awareness. Educate your employees on the importance of data protection and security protocols;
m Create a unique and strong password combination and complement it with two-factor authentication to access the system;
m Invest in cybersecurity tools like antivirus software, firewalls, and other privacy tools to automatically scan threats. Install and update your antivirus software;
m Have a strong backup policy. It will protect you from ransomware attacks;
m Patch and upgrade software on all your servers and devices including mobiles and BYODs;
m Apply end-to-end encryption to all your confidential files; and
m Have regular cyber vulnerability and risk assessments carried out by professionals. This will let you know how secure your network is and how to improve your security posture.
In this age of digital transformation and globalisation, cybercriminals are constantly looking for new exploits and coming up with advanced strategies to defraud and damage institutions and organisations.
In light of this fact, businesses should be mindful of not just the ever-growing number of vulnerabilities but also of the cybersecurity threats that are in store.
Governments too need to be aware of the National Security impact of cybersecurity on critical infrastructure — most of which is owned by commercial companies.
Perhaps a lesson from the Canadians whose nuclear power plants’ air-gapped control systems are still based on DECs 16-bit PDP-11, developed in the 1970s and scheduled to remain in service until 2050!
n Ilaitia B. Tuisawau is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati.com
