As we approach the new year, information security consultants, analysts and futurists are once again attempting to identify the threats most likely to create damage in the coming months. While emerging threats such as AI-powered bots, deep-fake videos and 5G network attacks are among the trendy picks, a variety of old, familiar vulnerabilities will likely pose the greatest risks to businesses in 2020.
McAfee analysts claim that more than 300,000 new pieces of malware are created daily, but most of these are just tweaks of existing threats that are proven money-makers for cybercriminals. We believe organizations can get the most bang for their IT security buck by focusing their efforts on remediating the following risks:
Outdated systems. Roughly one-third of all PCs are still running the Windows 7 operating system, which reaches end of life on Jan. 14, 2020. After that date, Microsoft will no longer provide critical updates or security patches, nor will it fix any vulnerabilities. The millions of devices still running these operating systems will be vulnerable to myriad risks. What’s more, systems that aren’t receiving security updates won’t be compliant with several data privacy regulations. If you haven’t already done so, updating to the more secure Windows 10 OS should be your No. 1 security priority for 2020.
Ransomware. Ransomware attacks are on the rise following a brief decline last year, and the FBI warns that these attacks “are becoming more targeted, sophisticated and costly.” Analysts say ransomware attacks cost businesses more than $11 billion this year. Without question, robust backup practices provide the best defense by ensuring resources remain accessible if they are encrypted in an attack. You should also take steps to secure the Remote Desktop Protocol (RDP), which is becoming a primary attack vector. Audit your network for systems using RDP for remote communication and close any ports that aren’t needed for valid business reasons.
Phishing attacks. Phishing attacks increased by 260 percent this year, according to Microsoft. Although voice-based “vishing” and text-based “smishing” attacks are becoming more common, email remains far and away the most common delivery mechanism, accounting for more than 90 percent of phishing exploits. To protect email, organizations should consider augmenting conventional anti-spam and content-filtering solutions. We suggest implementing DMARC, an email authentication, policy and reporting protocol that identifies spoofed email messages and notifies email servers to delete those messages upon receipt.
Password exploits. It is estimated that more than 80 percent of all hacking-related breaches leverage weak or stolen passwords. That’s why organizations should strongly consider adopting password management technology. Password managers allow users to create and store unique passwords for all their accounts. Most work by encrypting a list of passwords with a single master password that only the user knows. The best also include a built-in password generator that ensures passwords are complex, difficult to guess and changed frequently.
Mobile malware. Mobile usage continues to grow, so hackers are naturally targeting these devices with mobile malware. Consider employing an enterprise mobility management (EMM) solution that delivers encryption, authentication and other security measures for the mobile ecosystem. These tools generally consist of a client agent that resides on the mobile device, receiving and implementing management commands from an administrative dashboard.
The World Economic Forum ranks cyberattacks among the top risks to the global economy. Although there’s no single method or tool that will provide complete protection from these attacks, organizations can significantly reduce their risk profile by implementing best-practice security measures that address known threats. Contact Verteks for help in implementing a cybersecurity strategy for 2020 and beyond.