As many enterprises move their operations online, companies of all sizes are facing increasingly dangerous cyberattacks. Market intelligence firm Cybersecurity Ventures predicts that cybercrimes will cost the world $6 trillion annually by 2021.
With these significant impacts, it’s imperative that businesses ramp up their cybersecurity plans, protocols, and measures. It’s also crucial to be informed about the latest in cybersecurity, so your business can prepare for imminent threats.
From the rampant rise of ransomware to the increasing sophistication of supply chain attacks, here are the top cybersecurity trends in 2020.
1. Ransomware attacks are on the rise
Traditional ransomware attacks, in which files and devices are held hostage until a ransom is paid, are more prevalent than ever. According to a report by software company Emsisoft, there were at least 966 successful ransomware attacks in the United States in 2019. The incidents affected government agencies, educational establishments, and healthcare institutions, with damages amounting to over $7.5 billion.
Another report by Cybersecurity Ventures predicts that ransomware damages would cost businesses worldwide $20 billion by 2021. This number is likely to increase as businesses of all sizes continue to grow and rely heavily on digital solutions.
With high-impact ransomware on the rise, organizations must take the necessary measures to prevent these attacks. These include regularly updating programs and being cautious of dubious email links and attachments. Ransomware attacks can be more than just expensive inconveniences; the disruptions they cause can put people’s health, safety, and lives at risk as well.
2. Cryptojacking remains a threat
Cryptocurrency transactions (i.e., buying, transferring, and selling virtual money) are anonymous and untraceable, which is why they're the perfect medium for illegal exchanges. For instance, rather than extort ransom money in trackable, mainstream currencies, cybercriminals can demand payments in cryptocurrency, usually Bitcoin.
Another way to obtain cryptocurrency is through cryptomining, where powerful computers are used to solve complex mathematical problems to earn digital currencies. Cybercriminals use this method to make bank by cryptojacking, or taking over a victim's machines and using their resources to create virtual money.
Cryptojacking remains a threat today, and attacks are typically executed through phishing emails or malicious websites that load cryptomining code on computers when victims click on a malicious link. Either way, the code runs in the background, and the only indication of this is slower computer performance.
The simplest way for a business to thwart this type of cyberattack is to educate employees about its risks and how to recognize a potential phishing attack.
3. Phishing scams continue to evolve
According to the FBI’s 2019 Internet Crime Report, phishing was the most common type of cybercrime last year — 114,000 targeted victims lost over $57.8 million.
And as phishing continues to be profitable, cybercriminals are developing more sophisticated ways to coax sensitive information out of unwitting victims. For instance, they may send a phishing email telling a victim that their account was locked because of security issues. To reactivate their account, they need to click on a link and verify their information. However, this is only a ploy to steal sensitive data.
The bad news is that cybercriminals are constantly adapting and refining their methods, making it difficult to predict and prevent attacks. This year has already seen a number of novel phishing scams, including PayPal scams that collected user credentials and other personal information via a fraudulent login scheme.
4. BEC/EAC scams are gaining traction
The FBI also reported that an estimated $1.77 billion was lost to business email compromise (BEC) scams, sometimes known as email account compromise (EAC) crimes.
BEC/EAC scams are becoming increasingly popular because they're simple to execute and don't require advanced coding skills or malware. Similar to phishing scams, BEC/EAC scams involve compromising or spoofing a legitimate company's or person's email account. But instead of tricking people into revealing sensitive information, cybercriminals trick them into wiring money into the wrong bank accounts using fake invoices and the like.
To mitigate the risks of BEC/EAC scams, businesses must follow cybersecurity best practices — including using antivirus software and spam filters — and always verify the authenticity of emails, warning against replying to and opening links from dubious senders.
5. Supply chain attacks are becoming more sophisticated
In today’s business landscape, it’s not uncommon for organizations to partner with other businesses to carry out their operations. From vendors to logistics companies to warehouse operators, each of these partners form a link within a supply chain. And as supply chains grow more complex, so do supply chain attacks.
A supply chain attack, or a value-chain or third-party attack, occurs when a cybercriminal infiltrates a network through an external party with access to a company’s systems and data. According to a 2018 study by the Ponemon Institute, 61% of US companies have experienced a breach caused by one of their vendors or third parties. This number continues to rise, and as companies rely more on partners, vendors, and subcontractors, it’s critical to manage the risks they present.
How can businesses be protected from growing cyberthreats?
While cyberthreats pose a serious danger to organizations, they’re part and parcel of managing a business that relies on digital solutions. As such, cybersecurity and constant vigilance are necessary to significantly reduce the risk of falling victim to these growing threats.
From employing multiple levels of security to holding regular security awareness training and testing programs to keeping abreast of cybersecurity trends and technologies, there are countless ways to safeguard critical business data.
For peace of mind that your business is protected against evolving cyberattacks, partner with a managed IT services provider (MSP) like Prosum. We will proactively monitor your systems, protect critical data, and keep your business compliant with government and industry regulations. Enhance your cyber defenses now!