Posted by Amanda at Varay on Mar 31, 2020 9:57:51 AM

This is a word cloud showing the most commonly used words associated with cyber attacks | Varay Managed IT, San Antonio & El Paso Here’s the sobering reality. 

In 2018, 8% of cyber attacks targeted known vulnerabilities in a company or industry’s digital security. In 2019, the number of these attacks accelerated to 30%

The bad news? You may not know where your business is vulnerable to cyber attacks, but your attackers do. 

But here’s the good news. The best way to stay protected from cyber attacks in 2020 is to get informed. This article will walk you through the top three cybersecurity risks of 2020 and the actionable steps you can take to protect your business. We’ll also provide suggestions on how you can identify your business’s specific vulnerabilities.

So are you ready? Here we go.

Get to know your attackers  

It’s no surprise that as technology rapidly advances, cybersecurity attacks are advancing along with it. But behind every advanced line of attack code, there’s an attacker leaving behind a pattern of behavior, so let's start there.  

With a whole wide world of largely unprotected assets at their fingertips, attackers have a high tendency to take the path of least resistance. And it’s easy to see their rationale. Why spend valuable time and energy breaking through a barrage of security barriers when you can just grab what’s unprotected? 

The immediate take-away for us is this: Don’t make it easy for attackers to access your business! Be intentional about adding, updating, and monitoring your security services, because more often than not, this will be a deterrent to attackers. 

Now that we’ve emphasized how important it is to have basic security barriers in place, let’s look at the top three cybersecurity risks of 2020, based on the trends of years past. Then we’ll look at how you can protect your business against these three specific risks.

Top three cybersecurity risks of 2020     

1. Ransomware

If you’re unfamiliar with the term ransomware, the definition is thankfully in the name, unlike many other technical terms. Ransomware is malware that captures and encrypts a victim’s files, data, and/or information so they no longer have access to it. The attackers then demand money in exchange for the encryption key, creating a digital hostage situation.

Ransomware attacks have been a growing cybersecurity risk in recent years, but 2019 saw some of the largest and most severe attacks in U.S. history, implying that these attacks will likely continue to rise in both frequency and severity. Hospitals, school districts, retailers, transportation centers and manufacturers are among the most common victims of these attacks, because their operational functions affect the daily lives of many people in significant ways, adding pressure for victims to pay ransom fees.  

So you may be asking, “How can I prevent a ransomware attack?” We’ve written an article on how to use the two-factor authentication method to protect your business from ransomware. If you’re already the victim of a ransomware attack and are asking, “What do I do now?”, our No. 1 recommendation is to contact the authorities as soon as possible. Most federal and state law officials strongly recommend not paying ransomware demands, as doing so creates a more profitable enterprise for attackers and encourages future attacks. Contact law enforcement to receive specific feedback and instructions on how to proceed in a ransomware situation.

2. Data Breaches and Loss

The next significant cybersecurity risk of 2020 is the loss of data due either to a data breach or the misconfiguration of a digital asset, such as a cloud server or other system. Many businesses and organizations are migrating to cloud services to cut costs, save time, and consolidate information. However, though cloud services have many advantages for businesses, strict security measures must be maintained in order to protect your business from a data breach. 

In order to avoid data loss for your business, we suggest that you analyze your cloud servers for potential vulnerabilities and automate your cloud server configuration in order to limit human error and misconfiguration. If you’re not sure how to do this, talk to your IT management professionals to get more information about how your cloud servers are functioning.   

A hooded cyber attacker attempting to infiltrate cybersecurity measures on a computer | Varay Managed IT, San Antonio & El Paso3. Phishing

Oh, how we wish this term meant you had an afternoon on the lake, warming in the rays of the sun with a trout on the line. You’ve probably heard the term “phishing” before, but you may not be certain about what it means. But it’s an important concept to understand, as phishing was the No. 1 method attackers used to gain an initial foothold into a network, accounting for 31% of initial access point attacks. 

Phishing is a scam where attackers contact victims via email, call, or text and pose as a legitimate person requesting sensitive personal information like bank statements or personal identification documents. If you need help identifying potential phishing scams, learning these four factors to look for will empower you to protect your business. 

Analysis of the statistics of the initial access points (also known as initial attack vectors) attackers use to infiltrate a network reveals that over 60% are just successful scams. This gives us an important take-away. When we think of cybersecurity risks, we assume attackers are out there writing lines and lines of advanced, unknowable computer code that will lead to the destruction of our business. But in reality, most attackers are just humans that are successfully scamming other humans. Never give away sensitive information to anyone if you are not 100% confident in their identity. 

Additional cybersecurity facts to be aware of: 

  • Brand spoofing: Social media brands and technology companies were the most common brands that attackers posed as in order to gather sensitive information from potential victims. The top spoofed brands of 2019 included Google, YouTube, Amazon, Apple, Facebook, Instagram, Netflix, and Spotify. 
  • Location: The United States and Asia were prime targets for data breaches in 2019, making it more likely for businesses and industries in these areas to receive cyber attacks. 

And those are our suggestions for staying protected in 2020! We hope you walk away from this article armed with actionable knowledge to protect your business against the top cybersecurity risks for 2020 and beyond. If you’d like to analyze your business for specific vulnerabilities, we at Varay offer a free security assessment that empowers you to take specific action in protecting your business.  

 

Topics: viruses, security, identity theft, phishing, ransomware, cybersecurity, business continuity, disaster recovery