Seeing the glass half full: 4 cybersecurity trends for 2020:
As data breaches increase, it’s time to sharpen our focus on cyber defense
As we ring in 2020, it’s easy to see the cybersecurity glass half empty. With over $1.5 trillion in illicit profits being acquired, laundered, spent, and reinvested by cybercriminals each year, it feels like we’re fighting a losing battle against an increasingly powerful enemy.
Cybercrime represents big money for cybercriminals, and that equates to big losses in the public and private sectors. The global average data breach cost rose to $3.92 million in 2019, and the average number of records breached per incident surpassed 25,000.
As data breaches increase in volume and severity, it’s time to sharpen our focus on cyber defense. Here are four trends for 2020, and actions your organization can take to improve your cybersecurity outlook in the new year.
1. Continued escalation of targeted ransomware attacks
Ransomware wreaked havoc in 2019.
According to a recent report, at least 103 U.S. government agencies; 759 healthcare providers; and 86 universities, colleges, and school districts were impacted by ransomware last year. It can cost organizations thousands to millions of dollars to recover from these attacks, and because many have yielded six-figure profits, cybercriminals have no incentive to stop.
Making matters worse, some threat actors are stealing data before delivering a final payload of ransomware, threatening companies with data exposure if they don’t pay up. As this trend becomes more common, companies will need to treat ransomware attacks as data breaches and report them as such, which could trigger hefty fines under regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
What you can do: If you’ve already been hit, check online to see if a decryption tool is available. Law enforcement and security companies have released decryption keys for numerous versions of ransomware through a project called NO MORE RANSOM!
Don’t pay the ransom. Yes, restoring systems that have been compromised can be a long and costly process. However, you can’t trust cybercriminals to keep promises and by paying up, you could encourage additional attacks. If you’re unable to function and feel paying is the best way to protect your shareholders, employees, and customers, consult vendor-independent security professionals to verify that the decryption keys will work and the infection can be thoroughly remediated.
Preparation is critical to preventing future attacks. Take backups seriously; ensure you have thoroughly tested your ability to recover systems and data in the event of an attack. Strengthen patch management processes, implement least privilege, and leverage endpoint detection and response tools. Check your cyber insurance for cyber extortion coverage, and perhaps most importantly, provide continuous security awareness training to help employees detect and react to the latest phishing techniques.
2. AI deepfakes add a dangerous twist to business email compromise
We’ve come a long way from laughable Nigerian prince email scams.
Business email compromise (BEC) — when an attacker hacks into a corporate email account and impersonates the real owner to convince employees to transfer funds — cost U.S. businesses nearly $2 billion over the past two years. Deepfake voice attacks are adding a dangerous twist, using artificial intelligence (AI)-generated audio to impersonate an executive’s voice.
The Wall Street Journal detailed how cybercriminals successfully used AI-based software to mimic a chief executive’s German-accented voice and direct another executive to transfer $243,000 to a “supplier.” Symantec reported three similar cases in 2019, in which the victims lost millions of dollars.
C-level executives are attractive targets for this type of attack. Recordings of their voices are often available through media appearances, YouTube videos, and publicized conferences, providing cybercriminals plenty of data to work with.
What you can do: Security awareness is crucial. Training for employees who are authorized to make wire transfers should cover BEC, including the possibility of deepfake audio. They should always be skeptical of “urgent” money transfer requests and take steps to validate them.
Don’t rely on inbound calls for voice verification; implement policies that require the verification process to include outbound calls to a recognized number such as the executive’s desk or mobile number. Consider setting up a verbal keyword that hasn’t been conveyed via email to validate the identity of the authorizing party, or like some organizations, require that multiple executives approve fund transfers over a certain amount.
3. Threat actors exploit false sense of security in the cloud
As organizations rush to adopt cloud services, many have overlooked their own accountability for security, mistakenly assuming the cloud provider handles it. This assumption leads to security holes and misconfigurations, making sensitive data in the cloud a top target for attackers in 2020.
Security in the cloud is a shared responsibility. If you don’t understand your role, you’re putting your company at risk.
Providers such as Amazon, Microsoft, and Google protect the physical infrastructure — ensuring security of the cloud. However, no matter what platform you use, it’s up to you to secure user access, as well as the data you put in the cloud.
A recent study found that 60% of organizations still don’t understand the shared responsibility model.
What you can do: To avoid data exposure as you pursue cloud initiatives, make sure you understand the security capabilities inherent within target cloud environments. Develop a strategy that enables you to align cloud-native and third-party controls, and ensure consistent security across on-premises, cloud, and hybrid infrastructures.
Several controls can contribute to a secure architecture across infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) models:
- Identity and access management (IAM) solutions: single sign-on and access management
- Hybrid multi-cloud solutions: virtual firewalls and security event management
- Data security controls: data discovery and data loss prevention (DLP) tools
- Cloud access security brokers (CASBs)
- Encryption/key management
- API gateways/API management solutions
- IT service management: configuration management databases
While many companies are using platforms such as Microsoft Azure and Amazon Web Services (AWS) to rapidly adopt the cloud from the top down, it’s important to take a programmatic approach to cloud security. Perform a comprehensive assessment to establish security requirements for all impacted data, processes, and applications prior to migration.
4. Rush to implement security automation leads to failure
Organizations are increasingly turning to security orchestration, automation, and response (SOAR) to address staff shortages and integrate point solutions. These tools can increase the efficiency of security operations and free up security personnel from repetitive tasks so they can focus on threats and make better and faster decisions. According to Gartner, 30% of security teams with 5+ analysts will leverage SOAR by 2022, up from 5% today.
While automation and orchestration are among the hottest watchwords for 2020, these are not “plug-and-play” solutions. There are numerous providers with different approaches to choose from, and a significant amount of planning is required for a successful implementation. You can’t automate everything. Attempting to do so will lead to failure.
What you can do: Security automation is a multi-step journey. Before you begin, make sure you understand your goals and have the right resources in place.
SOAR platforms need the right data to function. Solutions such as firewalls, intrusion detection and prevention, ticketing, and team communication systems — along with tool APIs — provide the bare minimum data required to support automation. Relevant, up-to-date threat intelligence provides an additional layer that creates threat context in real time.
Once you have the right tools in place, map out the processes you want to automate over the first year or two. These should include tasks that are well-defined, easily repeatable, and don’t require human intervention.
Vendor-independent technology partners can increase your chances of success by helping you evaluate potential SOAR solutions, introduce the right amount of automation for your current needs, and bring automation together with human insight so you can eliminate the handling of low-level, repetitive tasks and respond faster to threats.
Seeing the glass half full
Like it or not, we’ve entered a new decade in technology. There are more threats on the horizon than we can mention, and cybersecurity is top of mind.
Evaluating your security posture and devising a workable plan of action to address gaps can help your organization achieve security and business goals. Increasing security awareness, taking responsibility for security in the cloud, and streamlining operations will better prepare you to address threats and mitigate risk so you can take a glass-half-full approach to cybersecurity in 2020.
To learn more about best security practices for your organization, contact your SHI account executive.
Aaron Smith and Anne Grahn contributed to this post.