The new year is upon us which means it’s time to reflect on the past year and prepare for what may come in 2020. With the threat landscape constantly evolving, it’s important to look ahead at what the future may hold so that we can take action to stay secure in 2020. Here’s a look at what 5 security habits to leave behind while looking ahead at 5 security predictions for 2020.
Source: CompTIA
5 Bad Security Habits to Leave in 2019
1. Weak password security
Although the use of biometrics is steadily increasing, it’s far from the end of using passwords to secure accounts. Unfortunately, it’s hard for people to remember their passwords, which results in people using simple and easily hackable passwords. For the second year in a row, 123456 remains the top worst password of 2019 according to SplashData’s Annual Worst Passwords List. Even worse is that people often reuse passwords across accounts. Hackers need only one good set of leaked credentials in order to access accounts. It’s time to leave the bad password security behind. Each account should have a unique password that includes alphanumeric and special characters.
2. Using outdated tech
As the year ends, it’s time to take stock on your IT infrastructure and upgrade any legacy systems. For example, Microsoft will be ending support for Windows Server 2008 and Windows 7 on January 14, 2020. Using outdated technology puts your infrastructure at risk because these systems no longer receive security updates. This means hackers can exploit vulnerabilities present in these outdated systems and use them to enter your network.
3. Ignorance is bliss
Just because you haven’t been hacked yet doesn’t mean you won’t be hacked in the future. Organizations need to step up their security – whether it’s email, backup or IT management. IT is becoming more integrated into business operations which means the impacts of a cyber threat can be detrimental to your business.
4. Bad third-party partnerships
It’s not only important to implement strong security in your own organization but to also ensure your vendors/partners have strong security as well. According to research from Spiceworks, 44 per cent of organizations experienced a significant data breach caused by a vendor. It’s important to have a formalized policy in place for external partners and to evaluate their security. Things like reviewing vendor security policies or obtaining evidence of security certifications can help.
5. Not enough training
Employees play a big role in your organization’s security. Any employee can accidentally fall for a phishing scam or click on a malicious link that leads to ransomware. You need to secure your systems and your employees. Make security a bigger part of your culture through awareness and accountability. Our Secure IT User Defence solution can help integrate security into your organizational fabric by providing users with online training and simulated phishing testing. The solution also includes dark web monitoring for leaked credentials to prevent hackers from using them to enter your infrastructure.
5 Security Predictions for 2020
1. Deepfake attacks
Deepfakes use machine learning software to superimpose fake images onto existing images and videos to manipulate them. They often look real and can be hard to detect. Forrester predicts that costs associated with deepfake scams will exceed $250 million in 2020. 2019 already had one recorded incident of threat actors using a deepfake voice to scam a CEO out of $243,000 by impersonating his boss through the phone. This was the first noted incident of a deepfake voice being used in a scam. Not much is known about how the hackers were able to replicate the voice. As this technology continues to evolve, we may see similar attacks in the future.
2. Use of AI
In a similar vein as above, AI usage will continue to increase, whether it’s through evolving security products or hackers creating AI based malware. The tools for AI and machine learning are becoming more accessible to hackers which can be used to carry out automated, targeted attacks. As a result, security solutions will be trying to integrate more AI to enhance security defence to help identify attacks. Implementing a security information and event management (SIEM) system that uses behavioural analytics will help defend against these attacks.
3. 5G Issues
5G network deployments are expected to ramp up in 2020. According to IDC, the number of 5G connections is forecast to grow from roughly 10 million in 2019 to 1.01 billion in 2023. As with all mobile networks, the arrival of a new network brings several security concerns. The rollout of 5G is expected to increase the attack surface, which can provide hackers several backdoors where they can enter undetected. 5G is also vulnerable to major security flaws which can be exploited to be used in malicious activities such as snooping.
4. Increase in data privacy
In 2020 data privacy will be a greater priority for organization as new regulations like the California Consumer Privacy Act become effective on January 1st. We already saw greater consumer concern for privacy in 2019 and we can expect this to continue. Many companies are struggling to provide customers with their personal data upon request. According to research by Talend, 58 per cent of companies failed to provide copies of data. Companies will have to gain deeper insights into the type of data they collect, where they store it and how it’s being used.
5. Ransomware will expand
Ransomware continues to be a threat to organizations as it’s becoming more sophisticated. With the increase of ransomware-as-a-service it’s only going to be easier for hackers to continue to profit from these attacks. Many public sectors were targeted by ransomware in 2019, such as municipalities and public-school districts. Expect more targeted attacks across all industries, especially those with poor cyber hygiene. This will make endpoint protection crucial for all organizations.