The threat landscape is only getting murkier. Take a look at what you’re likely to encounter in the year ahead.
Last year saw a spurt in data breaches, malware attacks, ransomware attacks, phishing attacks, cyber frauds and chip level vulnerabilities being exploited. Many major corporations around the world bore the brunt of these attacks. The threat landscape is only getting murkier this year as threats are expected to emanate from various quarters. The threats, according to various security experts and research studies, are expected to get more sophisticated and exploit vulnerabilities at various layers, including hardware, network, OS and applications. End points will continue to be targeted as they continue to be the weakest links in an enterprise’s IT infrastructure. Here are the top threats you are likely to encounter in 2019-2020.
Experts predict low intensity cyber wars among some of the most powerful countries in the world that could include the United States, Russia, China and Israel. Countries like India and the allies of the United States are likely to get hit by the crossfire. If the past is any indication, these will be some of the most sophisticated attacks that could target pubic utilities like power grids and national assets, both in the private and public sector. The targets could be anything, from nuclear facilities and stock exchanges to banks and other large enterprises.
Storing data on the cloud is getting increasingly popular among enterprises of all sizes. While this looks pretty safe, there is only one glitch. Other virtual machines can have access to your data while you are backing up offline as you have numerous applications operating in the same environment. This means that these machines have access to your cryptographic keys and anybody who has access to those machines has access to your data.
Threats to IoT devices
The use of IoT devices is still in its infancy. Very few technology providers have explored IoT devices and associated software that manages them for vulnerabilities. This is an emerging area for hackers to target.
These attacks are also called Cross-Site Scripting attacks where hackers can exploit business websites by running malicious code in the victim’s browser. This will help perpetrators steal the victim’s cookie information used for authentication and take control of the site. According to Forrester, 21 per cent of the vulnerabilities identified by bug bounty programs last year were XSS attacks. These are expected to increase.
Mobile malware attacks have grown in number and it has become a serious threat now that organisations are increasingly adding mobile devices to their networks. There has been a steady increase in the number of malicious and suspicious Android apps over the last few years. And it’s not merely Android that’s vulnerable. Devices from Apple and other manufacturers can also be targets, despite thorough checks before apps are hosted on the store. Then there are other risks that come with mobile devices. Many mobile screens do not display the site a user is visiting, making them vulnerable to phishing attacks. Be ready for a tsunami of malware unleashed at mobile devices this year.
Internal threats have been a problem in the past and keep an eye out for them as you move forward. Some of these could arise from disgruntled employees, but some could happen unintentionally when an employee unwittingly fails to stick by a security procedure. Unless you have a security culture that is deeply ingrained into workplace employee behaviour, the incidents of internal threats will increase.
Photograph: rawpixel.com/ Freepik.com