This blog was written and produced by Michael Cross, Penetration Tester I at FoxPointe Solutions. Looking to get in touch with Michael? Reach out today: firstname.lastname@example.org.
The 2020 Global Security Report, issued by cybersecurity and managed service provider, Trustwave, is an annual report detailing facts and trends observed in the world of information security. This annual report analyzed the threats and statistics observed throughout the world in 2019, and the respective implications moving forward in 2020 and beyond.
As we close the chapter on one decade and move to the next, it is essential to understand that the tools and techniques used by malicious actors are constantly evolving, and so too must the responses to defend against them. The nature of cybersecurity is one of constant evolution in this regard, but that is not to say it is without some constants.
Principles such as vigilance, awareness, and responsibility will always be paramount in addressing the ever-changing, always adaptive nature of cybercrime. While there is likely very little that one can do about the next advanced zero-day attack, a pro-active approach to information security is one of the best preventative tools to ensure that one’s network or organization is not included as a statistic in next year’s annual report.
That proactivity begins with understanding where the threats are likely to emerge. While nearly all industries faced some sort of cyberattack in 2019, different industries faced different types of attacks, against different environments. Last year, for example, the retail industry predominantly faced external attacks against their e-commerce environment. Conversely, industries such as manufacturing and finance faced attacks against their internal networks. This should be no surprise, as it highlights the fact that attackers focus their attention on the most valuable information.
While different industries experience different types of cyberattacks, one type of attack that was indiscriminately used across all environments was ransomware, which, as the name suggests, is a type of malicious software designed to encrypt and block access to a computer system until a sum of money is paid. This malware is likely the biggest threat going into the new decade, as it is both incredibly easy for an attacker to utilize and, unlike older malwares, when weaponized, can be incredibly lucrative.
Ransomware is emerging as such a threat not only due to its exploitive nature, but because it can be used to target a technical element of a system (unpatched systems, zero-day attacks) as well as the much softer human element. Unfortunately, an unavoidable fact is that any organization’s number one threat to their information security is their own users – the human element. As security software development constantly improves to become more robust and effective, attackers understand that a much easier target is the user himself/herself.
This idea is highlighted in the Global Security Report. In 2018, 33% of all compromises were the result of social engineering or phishing. The following year, that number jumped to 50%. Across all industries, in 2019, the leading cause of internal compromise was social engineering. These numbers make it quite clear that organizations need to regard social engineering as a significant threat moving into 2020 and beyond.
It bears repeating: a proactive approach to cybersecurity is one of the most important elements of an effective information system. Understanding the constantly evolving landscape of threats and exploits, both technical and otherwise, is critical to maintaining an effective security posture.
To learn more about how to design and implement a cybersecurity program that best prepares you against cybersecurity threats in 2020 and beyond, contact our experts at FoxPointe Solutions today.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.