Cybersecurity attacks are capricious. The year 2019 recorded a rise in average data breach costs to $3.92 million, whereas total records breached per incident are above 25,000, as reported by IBM. While we frame new security policies in 2020, cybersecurity experts must also consider breaches from the previous years. It is worth looking back to develop new approaches that can handle the upcoming threats.
Lessons learned from cybersecurity trends of 2019
The history of cybersecurity showed demand for unbound security actions, prompting current responses. The year 2019 was a combination of new threats and reoccurring vectors, as follows
The increase in the use of mobile phones has also led to the rise in their security threats. Check Point has identified that cyberattacks on mobile phones are up 50%, compared to the previous year. Mobile devices used commonly for personal and professional reasons tend to face diversified cyberthreats. The worse hits are mobile banking apps as the users prioritize on-demand features and the banks are not fully competent to handle all the transactions with the same efficacy.
Compromised citywide data
On their spree to compromise entire municipalities, 22 cities from Texas were targeted by ransomware attacks. These were among the many government institutions that were targeted in the past year. Municipalities or government entities leveraging cloud technology were found to have many defensive gaps that attackers took advantage of.
Phishing almost always tops the list of cyberattacks, and in the year 2019, it prevailed as a prospective threat. APWG has identified that the number of phishing attacks continued rising during the first three quarters of 2019. Even though business email compromising (BEC) technique is becoming sophisticated, phishers were never impacted.
Ransomware and Cryptojacking have received a setback as cybersecurity teams are more adept at detecting and defusing these attacks.
How to improve cybersecurity in 2020
With 2020 here, here are a few ways companies can develop defensive strategies that are future centric as well as address the experiences of 2019.
1. Recognize repetition
Emails have always been potential threats with varied reasons for delivering ransomware or leveraging social engineering. Though the latest detection tools can filter and block spam messages, the increased sophistication of those emails has the potential to risk your company’s data. In 2020, it is significant to have an effective cyber defensive strategy that comes as a combination of layered email security and regular training to the employees.
2. Adapt and integrate
Attackers keep shifting their strategies unless it works out in their favor. That is how we see NotPetya after Petya. Cybersecurity professionals should adopt the same tactic in the coming year. To ensure security, there is no single way to protect crucial assets and improvise security. Security professionals should be heterogeneous in practicing detection and defense policies. Multiple security defenses like cloud-based tools used to detect threats or artificial intelligence-driven defenses can help defeat threats collectively.
Along with diverse security measures, cyber professionals should also practice complexity while penetrating infrastructure. When attackers continuously experiment with different trials to control the infrastructure, companies must defend networks with all possible traits. Cybersecurity professionals should always look to integrate defensive services while not compromising performance.
3. Turn every security stone
In the coming years, the security team cannot falsely assume the secure nature of systems that have not been attacked so far. Despite making the best efforts to keep up with the latest security policies, cybersecurity experts are still a step behind cyberattackers. Attackers always manage to surprise security teams with innovative threats and that is how the team learns to respond to them. While attacks evolve continuously, the cybersecurity team should make a practice of turning every stone that minutely appears to be a prospective attack.
Cybersecurity is not a single man’s show. The experiences throughout these years show that cybercriminals can take unexpected approaches. The lessons with past permutations can be used to craft better strategies for the coming years of cybersecurity.
Enterprises need experts who should be proficient in mitigating threats before they turn out severe breaches. A Cybersecurity Threat Intelligence Analyst (C|TIA) from EC-Council is an essential program for those who deal with threats on a daily basis. It is a specialist and comprehensive program that teaches a structured approach to mitigate cyber threats. The program addresses all the steps involved in the threat intelligence lifecycle. More details on C|TIA can be obtained on our website.