Some of the few things we can predict with any certainty about 2020 include the UK finally leaving the EU, the USA electing a president, and most worryingly, an increase in cyber attacks. We’ve only just started the new year and already we have seen a crippling cyber attack on financial services organisation Travelex. And this is likely to be the first of many.
As organisations continue to integrate systems and applications, with more corporate infrastructure moving to the cloud, it stands to reason that along with the explosion in data growth will come more attacks.
The more data there is in cyber space, the greater the risk for businesses and bigger the opportunity for hackers.
Wider reaching attacks
The damage an attack can cause to an organisation has also increased in severity. In the past, the worst that a distributed denial-of-service (DDoS) attack could do was take down an organisation’s website. Such malicious attacks disrupt the traffic of a targeted sever, network or service by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
Previously, the organisation would at least still be able to operate other channels of communication/business. However, DDoS attacks have now evolved to have the potential to take down the whole company. Using the organisation’s connectedness against it, hackers can take down a website, revoke access to key documents, systems and applications, and even cut lines of communication.
Sophisticated new techniques
It’s not just the volume and severity of attacks that will increase. The actions of threat actors will become more sophisticated or more frequent – relying on chance rather than planning, according to Kaspersky. Technology will be a key factor, with new approaches and techniques used against businesses and in misinformation campaigns set to ramp up in 2020.
Another new area potentially ripe for the illegal picking of data is the evolution of drones, which researchers have used to demonstrate a range of network attacks. These could allow criminals to “establish a network foothold, deliver malware, or otherwise interfere with wireless networks,” according to a Booz Allen report).
The report states; “drones equipped with specially fitted hardware and software may also be used to install malicious malware on systems or disrupt system’s operations, particularly devices that are vulnerable to exploitation of wireless protocols like Bluetooth.”
In fact, this has already started to happen. In March, last year, we saw the possible first instance of cyber criminals using deepfakes when a UK energy firm was targeted by criminals using artificial intelligence-based software to impersonate the CEO’s voice in phone calls requesting fraudulent fund transfers.
Regardless of the mechanism, we have reached a point where every organisation should expect to be attacked at some point and needs to be able to respond in the right manner.
Businesses must have the right policy, processes and tested mechanisms in place to be able to react quickly and effectively to mitigate risk. There is no room for complacency, cyber threats are changing daily, so it is more important than ever that businesses keep abreast of the latest developments.