Small and midsize businesses (SMBs) are constantly under cyber threats in this dark and scary digital world. Cybersecurity is a major concern for SMBs and also the biggest challenge. To stay a step ahead of cybercriminals you need to be aware of the latest cybersecurity trends, so you can take the required precautions with your data and infrastructure.
Here are five of the most alarming cybersecurity trends you need to look out for going into 2020.
1. Inadequate Cyber Hygiene
A perennial problem is lack of proper cyber hygiene by businesses. Many of the most infamous cyber attacks have been successful because organizations haven’t kept up with the basics, such as applying security patches in a timely manner (e.g. apply critical patches within 30 days of availability).
Businesses need to double down on basic security measures. This means implementing a layered defense including firewalls with malicious site blocking, segmented networks, deploying antivirus and anti-malware clients, keeping software up-to-date with the latest security patches, and last but not least, security awareness training for employees.
2. The Growing Cybersecurity Skills Gap
Cyberattacks have become the new norm together with the crunch in cybersecurity skills. According to the World Economic Forum, the United States has over 200,000 cybersecurity job vacancies and organizations are having a hard time filling these posts. This imbalance creates an environment where hackers can exploit the situation and wreak havoc.
One of the main reasons for this substantial skill shortage is limited cybersecurity budgets in small and midsize businesses to upskill existing employees. Another reason is the general lack of skills due to the traditional approach of education in colleges and universities.
Cybercrimes are increasing at an alarming rate every year. To keep data secure, companies should re-think their approach towards training the right people with the right skills and be open to outsourcing security tasks to service providers when necessary.
The 2019 Kaseya State of IT Operations Survey Report saw a decline in ransomware attacks for SMBs in the past year. Cybercriminals may be moving to other strategies, such as launching cryptojacking attacks against enterprises. (Although, ransomware will continue to be a significant threat).
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. The hacker usually infects the device by getting the victim to click on a malicious link in an email that loads cryptomining code on the computer and proceeds with the mining process that runs in the background.
Cryptojacking code can also disable your antivirus, download other kinds of malware and open up ports to control your infrastructure, leaving you open to additional attacks.
The most alarming thing about cryptojacking is that users generally have no idea that their device has been infected.
4. Insider Threats and Misuse of Privileged Accounts
According to the Verizon 2019 Data Breach Investigations Report, 34% of breaches involve internal actors. Insider actions can be malicious or simply negligent. But, in any case, insiders are and will continue to be a major security threat.
Use insider threat detection tools to detect anomalous activities such as unauthorized logins to restricted computers, new applications installed on locked-down systems, users that have just been granted admin rights, and other behaviors.
Likewise, the years 2018 and 2019 have seen a rise in the abuse of privileged account access. According to Forbes, about 74 percent of data breaches in 2019 started with privileged credential abuse. This trend is expected to continue in 2020 as well. It’s necessary for organizations to keep their privileged accounts secure to avoid security incidents.
Companies can control access to privileged accounts by implementing a privileged access management (PAM) tool that enables you to manage and monitor privileged accounts and the users who have permanent authority to access them.
5. Cloud Attacks on the Rise
According to Verizon’s 2019 Data Breach Investigations Report, misconfiguration of cloud-based file storage accounted for 21 percent of data exposures which included a whopping 60 million records. Cloud-based infrastructure has one major security issue – by being in the cloud, it is exposed to the public internet, which creates more opportunities for attackers to look for vulnerabilities. Factors like poor configuration of cloud, disabled standard security controls and failure to patch vulnerabilities in cloud services have led to gaps in cloud security, creating an increased risk of data breaches.
To keep cloud infrastructure secure, companies must modernize their security policies at the same pace they are adopting the cloud. They can adopt cloud services that offer strong authentication, encryption and audit logging.
SMBs can outsource their cloud security tasks to MSPs that provide efficient cloud security solutions with features like security assessment, identity management, multi-factor authentication, single sign-on, business continuity, and compliance.
Are you concerned about cyber threats that may put you out of business? Join our webinar Top Six Ways to Improve IT Security for Your Business to learn how to meet your IT security challenges and keep your IT environment secure.