By Des Nnochiri
From online banking, insuring cars, and shopping, we are almost totally reliant upon the internet to complete daily tasks and make our lives easier.
However, as technological advancements give us greater convenience, increase productivity, and provide greater access to whole new swathes of entertainment, consumers and businesses alike leave themselves at risk of cyberattacks against which robust defenses must be in place.
So – what are the big cybersecurity threats of 2019, and what can you do to protect yourself and your business against them? This article takes a look at three of the biggest cybersecurity trends of 2019.
1. Targeted Phishing
Phishing can be defined as the fraudulent exercise of sending emails that impersonate reputable companies in order to gain personal information from individuals, including passwords and credit card numbers.
Phishing scams continue to be one of the largest cybersecurity threats. A study conducted at the end of 2018 revealed that online phishing attacks were up by 297% throughout the year, and 2019 has seen this trend continue. Many people are still falling victim to well-crafted phishing emails which lure them to harmful URLs or to click on dangerous links. Scammers are becoming increasingly sophisticated. Signs of malicious emails and fake websites are much more difficult to detect, making it harder to protect yourself and your business against the myriad of threats lurking in your inbox.
Nonetheless, general awareness of phishing attacks is rising. Consumers and employees are getting better at knowing what to look for when it comes to phishing emails. But “professional” scammers are upping their game in kind and are developing and using new software to ensure that the messages they send appear to come from legitimate and trusted sources.
In order for businesses to protect themselves against scams that hackers continue to launch, they need to adopt comprehensive cybersecurity programs. These can take many forms, but good training is often the best defense. Phishing simulators are fantastic tools in this regard, as they walk users through precisely what to be aware of when an email arrives in their inbox.
They guard businesses against social engineering threats by training employees to identify them and the proper protocols for reporting them. They are designed to help users identify and avoid suspicious phishing emails, ensuring they do not give away any important information that can be used against them or the business. This type of training has been shown to double the retention rate of security concepts compared with classroom-based security awareness training.
2. Cloud Insecurity
As more organizations turn to cloud computing, large data centers and cloud environments have opened new avenues for attack. Hackers are taking full advantage of the opportunities created by the dissolving security perimeter. As Manuel Nedbal explains in Security Boulevard, “With cloud computing, the perimeter moves within these new environments into unprotected territory. Most companies have heavily invested in traditional multi-layer security appliances – such as firewalls and intrusion prevention systems (IPS) – that provide in-depth ‘north-south’ perimeter protection to guard against common cyberattacks. But these controls are less effective in securing lateral or ‘east-west’ traffic because they cannot move into public cloud environments and they were not designed to handle the sheer volume of cloud traffic, or forwarding the right traffic to them represents an operational hurdle.”
Despite the continual publicity around repeated breaches and existing dangers and threats, many organizations are struggling to put adequate cloud cybersecurity measures in place. A CSA report states that, according to responses from enterprise security pros, the top four cloud computing security challenges are: data visibility into compliance (43%), infrastructure security (43%), placing security policies (35%), and protection measures not kept on pace with regular updating (35%).
Moving forward, experts believe cloud attacks will accelerate and grow in sophistication. While there is no silver bullet solution that will address every cloud security risk, industry collaboration and intelligent cybersecurity will enable better defenses and in turn greater business value from cloud innovations.
3. User Awareness
User awareness can mean two things. The first being private consumers being aware of the threats that can be targeted towards them. The second refers to business owners being aware of the potential risk that users of their site, applications or online services may pose. In this sense, organizations must have user awareness of both their customers and their employees.
For private users, being aware of what type of scams are out there and being careful as to what information you give out and to whom means you will be better able to protect yourself against becoming a victim of phishing attacks and the like. In addition, downloading anti-virus and anti-malware software on all of your devices and setting up firewalls can help to add a robust layer of defense against cyberattacks.
For businesses, it is critical to make users aware of all the threats that are out there and to provide employees with appropriate training in order to protect the company. Employees may find themselves violating the security code of conduct in a number of different scenarios, such as logging into unsecured public networks, using workplace devices for personal transactions, downloading unapproved applications, or sharing credentials. All of these things can lead to them falling prey to attacks, which is precisely why companies need to invest in educating their users as part of an ongoing strategy to up their cybersecurity for the remainder of 2019 and beyond.