Protecting our systems from breaches that puts our data at risk is a never-ending battle, quite literally. Each time organizations introduce or exercise new security measures, hackers simply find new ways to break down the defenses. As technology advances, we can expect cyber-attacks to continue rising in number and frequency in the years ahead.
In the Philippines, cybersecurity incidents are predicted to result to a staggering $3.5 billion in economic losses or 1.1 percent of the country’s total GDP of $305 billion, according to a study by Frost & Sullivan commissioned by Microsoft. Besides the direct financial risks such as loss of productivity, fines and remediation costs, cyber-attacks could lead to reputation damage, which could then result in customer churn.
In face of rising cybersecurity incidents in the country, greater awareness among organizations and enterprises will help in reassessing the effectiveness of currently employed preventive measures and looking into alternatives action plans. But even though more organizations are recognizing the need for cybersecurity, many remain hesitant to make that investment and do not treat it as a strategic long-term move. Keeping this in mind, here are the top trends to that organizations could leverage in deciding what to protect themselves from in 2020:
1. Successful ransomware attacks will more than double
The Philippines is highly vulnerable to ransomware attacks, experiencing cyber-attacks of this nature 36 percent more than other countries in the Asia Pacific and 80 percent more than other countries across the world. In the US, the FBI’s Internet Crime Complaint Center (IC3) received 1,783 ransomware complaints in 2018, costing victims more than $2.3 million, according to the annual FBI Internet Crime Complaint Center Internet Crime Report 2018. The numbers represented a decrease from the total number of ransomware complaints in 2017. Despite this seemingly optimistic news, however, the total amount of losses caused by the malware in 2018 actually increased.
Why? Those complaints represented only the attacks reported to IC3 and did not include unreported attacks. Hence, the actual number of ransomware attacks are much higher, and that number will continue to increase in 2020. As the FBI softens its stance on business paying ransom, the number of “successful” ransomware attacks will more than double, with total losses from all reported attacks increasing tenfold.
2. Cloud system a top target as misplaced understanding of cloud security increases risks
A 2019 Centrify study revealed that 60% of organizations don’t understand the shared responsibility model when it comes to who secures workloads in the cloud. This will create a false sense of security in cloud security providers by their customers, as the latter are responsible for securing privileged access to their cloud administration accounts and workloads. Therefore, cloud environments will become a top target of cyber attacks in 2020 as this false sense of confidence placed by organizations is exploited by bad actors.
3. Machine identities will become largest cybersecurity exposure point
With an estimated 20+ billion IoT-connected devices and an evolving enterprise threatscape that includes automation and DevOps, machine identities will become the largest cybersecurity exposure point in 2020, overtaking humans.
Weak machine identities could pose risks to the integrity of machines and processes and whatever confidential information therein. If done correctly by humans, however, automation could mitigate much of the risk.
4. Phishing will continue evolving beyond email to SMS, video
Most people think of phishing — and the more targeted spear phishing — as limited to suspicious emails. Hackers have proven to be very capable of evolving to get around increased cybersecurity awareness, and phishing will continue to move away from using email as a preferred medium and instead focus more on SMS.
Phishing attacks by SMS (“SMishing”) will increase by more than 100 percent in 2020. We will be seeing the first successful spear phishing by video as hackers leverage new tools such as “deep fake” technology to look and sound like a trusted person such as a Facetime with an attacker posing as the CEO.
These new attack surfaces give cyber criminals more opportunities to steal or compromise credentials that they can then use to gain privileged access to critical systems and information. It is more crucial then for organizations to ensure a “never trust, always verify” or Zero Trust approach.
The author is the regional vice president at Centrify Asia Pacific & Japan