It’s beginning to look a lot like 2020. If you’re wondering what will it bring in terms of cybersecurity, suffices to look back at 2019. It brought us all pretty much anything, from supply chain manipulations to state-backed hacking campaigns that escalated into international tensions. Everything while ransomware attacks have slowly but steadily grown into a major threat for both businesses and regular users.
What does that teach us? If anything, it shows that cybersecurity isn’t getting any easier, but on the contrary. Hackers aren’t backing off and neither are we, the potential victims. Of course, the landscape of cybersecurity will be shaped by many and diverse perspectives.
Regular users will have to make certain adjustments, whereas the companies – all companies, in general, and security service providers, in particular – will take upon a new, challenging mission: knowing how to make the best of the security data that they collect.
Our top five security trends that will shape our online experiences in 2020 are, therefore, divided into two main directions, as already suggested. On one hand, we’d like to underline what regular users have to pay attention to. On the other hand, we need to stress out the main directions in which the big players on the market will have to go.
Without further ado, let’s take a look at it.
Phishing will continue to be a top vulnerability
In 2019, it was the most effective attack vector, with one in 99 emails being a disguised phishing attempt. The trend will evolve in 2020 as well, apparently with a special preference for mobile devices. This year, over 55% of the mobile users received and clicked on phishing URLs from their mobiles, so one can only expect for the attacks to continue.
Despite the efforts of fighting it – security companies implemented hardware-based authentication methods – phishing is concerningly effective and, in many instances, very difficult to spot or to avoid.
In a top of the most often impersonated organizations during phishing attacks, Microsoft has taken the lead. It is, however, closely followed by Google, Facebook, Apple, and Paypal. So, pay attention to whenever you’re getting emails from alleged representatives of these companies, but not only.
What else can you do to protect yourself from all the phishers out there?
For starters, keep educating yourself and always make use of the best authentication options you have at hand. If you have the chance, explore advanced credential management options. And if you run your website, you’d also have to run more frequent, perhaps even automated security audits to spot web vulnerabilities in particular (hint: SQL injection attacks are also poised to soar).
There are far too many things to detail on this topic of phishing attacks. To keep it short, we invite you to take a look at one of our comprehensive guides on fake websites.
Email security will rank high in terms of priorities
If you think of it, email security goes hand in hand with phishing and ransomware attacks. Of course, emails are just one side of the many faces phishing can take. At the same time, the email we all use every day can be the perfect entry point for many other security threats. What’s more, email security concerns both individuals and companies since both parties end up storing important information within their email accounts.
As a regular user, focus on setting up strong passwords that are very hard to guess and, of course, activate the double authentication method. Feel free to also create email blacklists and whitelists and try to research a little bit the S/MIME certificate. This certificate is supposed to increase your email security with a timestamped digital signature (to confirm a sender’s identity) and email content encryption/decryption, to protect your data regardless if it’s in transit or it stands by.
Paying close attention to attachments, links, and images that come with your emails is also of paramount importance. And then, there’s the common sense rule of not sharing sensitive information via email, while using a VPN whenever you connect from a public Wi-Fi, even if it’s just to check up on your work or personal email.
You do your part and rest assured that companies will do their part in reinforcing the security of their email services. From email using best practices to actual investments in email servers and internet infrastructure, a lot is expected on their side too.
Mobile attacks will increase in frequency
It only makes sense, as consumers (and, consequently, businesses) rely more and more on their mobile phones, for hackers to look into ways to explore mobile vulnerabilities, in particular. Statistics regarding banking trojan malware clearly show how the trend moves from email attacks to mobile attacks, people making payments via mobile more often than ever.
Sham mobile apps are expected to work like charm, many of them in the same direction of tricking you into believing they are legitimate banking apps. At the same time, fraudulent mobile transactions are expected to increase.
Long story short, if you keep relying on your mobile phone for all kinds of daily activities, expect for all kinds of new threats to rise from that very same mobile. Not just with your online payments, but also with your emails, with the apps you download, and with all the services you use, either for education or entertainment.
Speaking of education, it serves well for prevention, as always. So keep reading about the cybersecurity trends, common attacks, and what hackers do to get to other people’s mobiles. Pay close attention to what apps you download, avoid downloading apps from outside of the dedicated store for your mobile, and keep their permissions to a minimum.
Cloud-based security services will gain more traction
In the cloud, it’s much easier for the providers to deliver services, to maintain a flexible approach, all through a scalable process. The open APIs serving as a foundation, along with the application programming interfaces, also allow easier coordination of the numerous devices connected to those cloud services. What’s more, cloud-based security supports automation, which is highly desirable.
You don’t need to do anything in particular about this tendency. Just keep an eye on the cloud-based security providers that you’ll notice becoming more visible on the market. They might have interesting things to offer to you. And if you are determined to stay up to date with the newsworthy aspects of cloud services, never ignore a cloud migration story!
Your favorite service providers might start migrating in the cloud and you’ll want to know how is that working out for them and how it can affect you. For instance, companies like Netflix and Ford made waves with the news of suffering huge data breaches following some misconfigurations of their cloud computing systems.
This brings us to another old piece of advice we keep sharing around here – whenever you create an account for a service online, make sure you’re only providing them with the minimum amount of information required on your side. Because even when you’re taking all the precaution measures to stay protected, a security breach on their side could expose you in ways you didn’t anticipate.
Orchestration and automation will be top priorities
Here’s a secret that most likely you’ve missed so far. While security service providers are making significant steps in the right direction, on a global level, they all seem to be dealing with a pressing matter: it’s becoming harder and harder for them to make sense of the tons of security data that they collect from so many different sources.
Synthesizing all that information and analyzing it takes huge resources and the big players on the market are trying to do better at it while using less manpower. This is a significant trend on a higher level, one that doesn’t involve you, the regular end-user, though it will affect the kind of services you can benefit from.
Along with orchestration and automation, rising budgets is a must. Fortunately, this is a growing trend and has been so ever since 2010, with nine out of ten companies from all sectors claiming to aim in developing cybersecurity plans for 2020.
Looking ahead of us…
5G-enabled Internet Of Things, quantum-inspired technologies and all kinds of other mind-boggling inventions we’re all going to enjoy in the coming years are both inspiring and concerning. Because the advancement of technologies comes with its loopholes or vulnerabilities that hackers can’t wait to find.
On their quest, the cybercriminals might as well start using automated attack tools, to pull off large-scale attacks and target loads of victims at the same time and to skip our security barriers easier.
We might not know precisely what the future will bring us, but we know for a fact that slowing down our efforts to stay ahead of the hackers is the only thing we shouldn’t be doing in 2020.
Rest assured, we’re not going to slow down and, hopefully, you won’t do it either. The fact alone that you’re here, trying to get ahead of what 2020 will bring you in terms of online security, is a sign that you’re on the right path. Stay on that path, so you can always be better informed, and better protected.