Cybercrime is shaping the way businesses approach information and data security. Based on figures from a report by McAfee and the Center for Strategic and International Studies, malware, social engineering, and other attacks steal roughly $600 billion from the global economy annually, and that number is predicted to go up with the ever-increasing amount of threats and tactics at play. In fact, according to the 2019 CEO Imperative Study, more and more CEOs see cybercrime as the most significant threat to their business’ livelihood.
Unfortunately, even once a vulnerability gets resolved, attackers find new ways to exploit others and continue to evolve their tactics with the available technologies. Based on FireEye’s M-Trends 2020 report, threats transcend operating systems and device types. For 2020 and the future, cloud computing is a particularly large target. As pointed out by Forbes, over 80 percent of all business workloads harness cloud technology in some form. In fact, 2019’s Capital One breach illustrates how cloud technology, even through third-party services, doesn’t fully secure customer data.
Yet, the M-Trends report indicated detection efforts are improving. Global-level dwell times—or the period it takes for the threat to be detected and completely removed—decreased from 78 days in 2018 to 56 days at the end of 2019. Internal intrusions, researchers found, also declined 12 percent over that period. However, detected external threats went up 12 percentage points, although stronger reporting, compliance changes, and law enforcement involvement likely fueled the uptick.
Dedicated cybersecurity teams look out for and respond to these threats. More and more, professionals within these departments have earned at least a bachelor’s degree in cybersecurity. Today’s programs cover the latest tactics and threats and prepare students to pass the required certification exams and succeed from day one on the job.
As we head into a new decade, here are the most significant threats cybersecurity professionals need to anticipate:
More Sophisticated Phishing
Anyone who has sat through Payment Card Industry (PCI) compliance training is familiar with standard email and phone phishing tactics. Yet, because employees are more alert to these threats, cybercriminals are refining theiter strategies and purposing different media. As a result, Verizon’s 2019 Data Breach Investigations Report indicates that phishing continues to remain the top cause of data breaches across the globe.
Among these more sophisticated strategies, SMS phishing—also known as SMiShing—targets chat apps like Slack, Skype, and WhatsApp to influence unsuspecting users to download malware onto their phones. Conversations may appear to be from a familiar user or involve a fundraising effort the user may have participated in.
Building upon this last point, spearphishing creates more targeted threats that, compared to past schemes, seem nearly indistinguishable from their authentic counterparts. Among them, cybercriminals may spoof TLS Certificates—the green lock indicating a site’s secure encryption—when redirecting users to a malicious website. Another strategy, artificial intelligence–driven social engineering may involve gathering information about a particular individual or even spoofing their voice for messaging through video clips or recorded phone calls. Although any individual is susceptible to this risk, company CEOs and other high-ranking officials are common targets, as are politicians during campaign season. This information is then repurposed for malicious emails, phone calls, or SMS messaging to sway employees into handing over company or customer information, passwords, cloud access, or even company funds to the cybercriminal. Utilizing this method, machine learning–compiled company or employee information may be used to exploit chatbots to access a network.
Advanced Ransomware Attacks
Although companies and individuals should still be concerned about having their credit card information stolen, that’s not all you should be worried about. According to FireEye’s M-Trends report, ransomware attacks are increasingly automated and outsourced and may exploit browser vulnerabilities to target cryptocurrency. Additionally, scammers utilizing all methods have started targeting gift cards’ lack of traceability, and cybercriminals are no exception. A growing tactic involves exploiting corporate rewards systems to obtain high quantities of cards, which are then resold or used to make direct purchases.
More for businesses, cybercriminals may advertise access to a particular corporation or government agency to attract other threat actors. These parties often work collectively to exploit less-visible or under-monitored vulnerabilities to gain access to company or customer data. In the process, customers have their personal or financial information exposed, and a business’s intellectual property is available for its competitors to see. Because larger organizations tend to have stronger cybersecurity teams, small- to medium-sized entities are more frequent targets.
Exploiting the Internet of Things (IoT)
According to a study by Kaspersky, attacks from unique IP addresses increased between 2018 and 2019. The surge is attributed to the smart home and device boom, with 100 million IoT attacks occurring globally in 2019. The IoT has amplified connectivity to epic proportions. Changing a home’s internal temperature, opening a garage, or locking a car can all be done through a smartphone interface, while business supply chain networks increasingly rely exclusively on wireless and RFID technologies to track shipments over large routes and within individual warehouses.
Although the IoT has revolutionized communication, reduces the number of physical components, and represents the next generation of convenience, it’s rife with vulnerabilities. Particularly, devices have easily exploited security loopholes, and once a cybercriminal uses that to their advantage, entire supply chains are easily taken down, vehicles can be turned into weapons, and homeowners may find themselves locked out of their homes as thieves steal their physical possessions. Beyond these consequences, IoT-connected devices create a new pathway for cybercriminals to install malware that passively steals company and customer information without detection or to launch a large-scale distributed denial-of-service (DDoS) attack through an extensive network of interconnected devices that disables an entire business.
Within these scenarios, IoT devices offer multiple easily exploitable pathways:
- weak factory-default logins that the user never changes;
- unpatched vulnerabilities; and
- devices that are used and updated less frequently than others.
Aside from stealing company data, hacking IoT devices can have wide-spread, if not lethal, consequences:
- Because many personal medical devices like heart monitors, defibrillators, pacemakers, and insulin pumps connect to a smartphone, malware can disable the software, causing an entire class of devices to medically malfunction.
- Cars and trucks increasingly depend on computer software, as well as their own internal networks, to operate; disabling or reconfiguring these aspects may cause vehicles to malfunction, causing traffic backups or resulting in accidents that intentionally destroy property or become fatal. As a result, automotive cybersecurity is a growing niche field.
- Hacks have potential to disable entire supply chains; as a result, thieves may usurp large quantities of products in transit or at a warehouse when it’s no longer trackable.
More Insider Threats
Cybersecurity professionals must examine networks from multiple angles to identify which vulnerabilities could be easily exploited. However, the attack might come from inside the company. ObserveIt’s 2020 Cost of Insider Threats Global Report found that insider threats are particularly costly, amounting to nearly $9 million total per year. While non-malicious insider threats cost a business $283,281 on average, intentionally malicious insider attacks have a much greater financial impact, averaging $648,845 per incident.
Everyone who passes through or interacts with your facility could be a suspect, including contractors, current workers, and past employees. Threats, too, don’t just emerge from the information technology department, and additionally encompass administrative, legal, academic, and even executive roles. The common factor, however, is the amount of access that employee has to key, confidential information.
Insider attacks are rarely one-shot deals. Instead, a low-level attack stretches over a long period, and the perpetrator takes careful steps to cover their tracks or may intentionally divert blame to other individuals. According to FireEye’s M-Trends report, insider threats encompass a range of tactics:
- intellectual property theft;
- stalking; and
- asset destruction.
Artificial Intelligence–Driven Hacks
Especially where data and automation are concerned, artificial intelligence (AI) and machine learning allow for quick compilation, analysis, and targeting, particularly regarding human behavior and adaptation. Cybersecurity professionals have started incorporating smart AI and machine learning within their strategies to analyze common cybercrime tactics and anticipate a response.
On the other hand, threat actors have also harnessed these capabilities to get around network guards. As one common tactic, a cybercriminal infiltrates a network to install malware, and after a specific point in time or benchmark, that program begins its attack. As the most significant change, hackers are less likely to go about their attacks manually. Instead, AI and machine learning automate a range of strategies based on human behavior, including repeat attacks covering an entire network.
These technologies open up the possibility of:
- AI chatbots targeting users over a large network to click on a malicious link;
- scanning for data about a particular individual to craft more targeted, specific, and convincing phishing messaging;
- crowd-sourcing data from social media and other online resources to better understand and apply user behavior to get around certain network security features;
- installing AI-based malware, like keyloggers, to extract the passwords for a wider swath of users; and
- deepfake videos, images, or audio created through machine learning to broadcast false information, obtain passwords or financial information, cause general confusion, bypass facial recognition technology, or create compromising media for blackmail or ransom.
Because not every threat can be responded to manually, cybersecurity strategies incorporate AI and machine learning to:
- automatically respond to certain security incidents, based on common human behavioral patterns;
- continually analyze network and system data for intrusions;
- implement automatic anomaly detection and keyword matching; and
- compile statistics concerning types and frequency of threats.
As the first step toward joining the fight against cyberthreats and protecting individuals’ personal information against exploitation, work toward your bachelor’s in cybersecurity. Norwich University not only structures our programs around traditional tactics, but coursework is continually updated to address the latest threats, and students can further enhance their skills through real-world research opportunities. To learn more, complete a request for information form today.