Cyber Crime is a real and serious threats to businesses in the UK and around the World. In the UK, the average cost of a data breach has risen to a huge £2.7 million, according to a study by IBM.
In the first quarter of 2020, we have seen some massive data breaches already. Here are some of the organisations who have fallen victim to cyber attacks this year alone:
22 January, 2020: A customer support database holding over 280 million customer records was left unprotected and the exposed database disclosed email addresses, IP addresses and support case information. Microsoft have said that the database did not include any other personal information.
11 February, 2020: The makeup brand Estee Lauder had an unsecured database, which exposed 440 million customer records. Estee Lauder has said that no financially sensitive information was impacted, but again email addresses, IP addresses, ports, pathways and storage information was disclosed in the database.
14 April, 2020: The credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the dark web and hacker forums for small amounts, such as £0.16. Email addresses, passwords, meeting URL’s and host keys were collected through a credential surfing attack.
*Purple Griffon do not own the rights to any of the organisational logo's featured in this article.
From exploiting unprotected databases, phishing attempts to malware and credential surfing attacks - the methods that these hackers are utilising are working and the impact is becoming more severe. Every breach can put you or your customers at risk of identity theft.
So, what does the rest of 2020 hold?
9 Biggest Cyber Security Threats In 2020
No industry is untouched by the growing cost of Cyber Crime.Tweet This
You should keep track of the following Cyber Security trends, which are expected to occur in 2020.
1. The Implementation Of 5G
THREAT: Is the 5G network a hacker’s paradise? The 5G network moves away from centralised, hardware-based switching to distributed software-defined digital routing and this means that activity is pushed to digital routers throughout the network and could deny the potential for chokepoint inspection and control.
5G has the vulnerability of attaching billions of hackable smart devices to the network, referred to as IoT and the extreme expansion of bandwidth, which supports 5G creates even more avenues of attack. The implementation of 5G will mean that higher levels of security are required that its predecessors.
PREVENTION: The implementation of machine learning and Artificial Intelligence (AI) protection might be the best method of defence against Cyber Criminals manipulating the 5G.
The speed of these computer-driven attacks will require computer-driven protection and AI will be utilised for intelligent, adaptive security management and automation.
2. Remote Workers & Data Transfers
THREAT: The number of professionals working remotely has skyrocketed in the last month and Security Teams are now dealing with a very serious Cyber Security challenge.
Unfortunately, there are some individuals out there who will steal data from a company device over a USB within the privacy of their own home and Security Team will be unable to monitor these kinds of activities effectively or if at all.
It’s a shame that we have to add this to our list, but can the people that you live with be trusted? If you live in accommodation, in which you house-share with other professionals, then confidential conversations could also be listened to by eavesdroppers.
PREVENTION: If you are a remote worker living in shared accommodation or have frequent visitors to your home, then you should conduct a zero-trust environment when it comes to your working life.
Find somewhere private to discuss any confidential information and do not leave your company device unattended, as it could be used as a method of Cyber Security attack.
Companies should provide education or guidelines to employees who find themselves in a particular risk group.
3. Social Engineering Attacks
THREAT: Social Engineering attacks, such as Phishing has always been a popular method used by scammers to trick victims into surrendering sensitive information like login credentials and credit card details.
Most organisations use email security to block phishing attacks, but Cyber Criminals are becoming more sophisticated with their techniques and is usually a high reward strategy to retrieve user credentials.
In 2019, 94% of malware was delivered via email (Verizon) and the increase of employees working remotely brings major opportunities for scammers to catch you out with email scams.
PREVENTION: Professionals must be cautious, apply common sense and validate emails when appropriate. Employees and IT Departments should be aware of unexpected requests. We have also outlined some essential Cyber Security tips for remote workers in this article.
THREAT: The term “Deepfake” is used to describe deep learning, which is a method, where Artificial Intelligence (AI) uses data, such as facial movements to superimpose a new face onto an existing face and body.
Deepfakes have a variety of purposes, but they can be used as a form of attack and make others believe someone has said or done things that they haven’t. This kind of technology can also allow Cyber Criminals to spoof the voices of other people like CEO’s and politicians.
PREVENTION: If you receive a video from a source, which doesn’t feel real or quite right to you, then look out for these Deepfake giveaways below:
- Does the person on the video keep blinking strangely?
- Are the person’s facial movements jerky or robotic?
- Is there shifts in skin tone and lighting?
- Is there a weird mixture of two faces when complex movements are performed?
5. Synthetic Identities
THREAT: Synthetic Identity Fraud, or also known as Synthetic Identity Theft is the fastest growing form of identity theft and is often the hardest to detect.
Fraudsters create Synthetic Identities using a mix of real and fabricated credentials to give the illusion of a real person. A Cyber Criminal could create a Synthetic Identity, which includes a legitimate physical address.
It can take criminals 12 to 16 months to create and nurture a Synthetic Identity and once it has been developer, it is almost impossible to trace the Fraudster, as a majority of the information about this “person” is fake.
PREVENTION: There are currently programs and initiatives being developed to help organisations combat identity fraud, but at present there is no prevention method for this kind of attack.
The use of advanced data and innovative technology in the future will help businesses to identify abnormal behaviour and recognise legitimate customers from fake ones.
As an individual, you are more at risk if you are considered a thin-file borrower (someone who has very little credit history or none at all). If you are younger and new to the credit world, then you might be targeted by fraudsters.
There are ways to protect yourself from becoming a victim of Synthetic Identity Theft:
- Monitor your credit report on a regular basis and act immediately if you notice anything unusual.
- Be careful when you get a phone call or email from anyone who requires you to give away personal or financial information.
- Use secure passwords to prevent anyone accessing your online accounts.
- Shred and destroy all documents with personal or financial information.
6. Brute Force Attacks
THREAT: Brute Force Attacks happen when someone attempts a large amount of combinations on a target. These attacks frequently involve multiple attempts on account passwords in the hope that one of them is valid.
The objective of a Brute Force Attack is to gain access to resources restricted to other users, it can be an administrative account, password protected page or to enumerate valid emails on a website.
A common type of Brute Force Attack is a Dictionary Attack and it includes a list of credentials, common usernames and passwords used to get access to admin accounts.
PREVENTION: Companies should disable access points to their cloud environment from the open web (port 22 and 3389), activate network flow logs and implement Cyber Security Best Practices. These measures include the implementation of firewall, installation of anti-virus and regular vulnerability scans.
7. Vehicle Cyber Attacks
THREAT: While this may still seem a little while off in terms of our technological achievements, it has in fact already happened. Cyber Attacks are no longer confined to computer networks or mobile devices and has moved onto cars, smart appliances and scarily even baby monitors!
Cyber Criminals have the ability to hack into the electrical systems of cars, without direct physical access to the vehicle. It’s a horrifying thought that a compromised vehicle could have its brakes disabled by some anonymous hacker miles away in a remote location, with the driver being completely helpless.
If a hacker gets control of the system, there’s nothing that can stop them from causing a major incident on the roads. Read our other article ‘Carhacked! (9 Terrifying Ways Hackers Can Control Your Car)’ for more information about this type of attack.
PREVENTION: There are constantly new techniques that hackers are coming up with to control your vehicle, but you can follow these 4 tips to prevent your car from being hacked and protect your safety.
1. Take note on recalls from your car manufacturer.
2. Always update your car’s software with the latest release.
3. Disable your vehicle’s WiFi and Bluetooth when you aren’t using it.
4. Create a secure password for your car’s WiFi and change it every few months.
8. Shadow IT Assets
THREAT: Shadow IT refers to Information Technology (IT) projects that are not managed or known by the IT Department. This can happen when employees use applications without the approval of the IT Department.
Why is Shadow IT so dangerous? Security Teams do not have visibility or control over Shadow IT assets and they can create numerous weak spots that hackers can use to compromise a system. There are also massive compliance issues and the presence of unmanaged software makes it harder for organisations to meet standards.
PREVENTION: There are two approaches, which organisations can adopt to safeguard themselves against Shadow IT vulnerabilities:
IT Asset Management & Software Asset Management
IT Asset Management (ITAM) and Software Asset Management (SAM) are both worth the investment.
ITAM is the process of ensuring that your organisation’s assets are accounted for, deployed, maintained, upgrades and disposed of correctly when the time comes.
SAM is the business practice of managing, optimising the purchase, deployment, maintenance, utilisation and disposal of software applications within your organisation.
Purple Griffon offer the following easy and affordable ITAM online training courses, where you can become certified from the comfort of your own home:
Start your IT Asset Management journey today and your brand new ITAM qualification could be earned online within 180 days.
DevOps is a software development philosophy that allows enterprises to boost productivity, reduce the time needed for implementing new solutions and breakdown silos between Web Development, Testing and Web Operations.
The advantages of DevOps are improved efficiency and faster reactions to user requests. The DevOps approach can be viewed as one of the most effective ways to solve Shadow IT.
The DevOps approach eliminates the needs for Shadow IT making it easier for end users to officially implement new software needed to do their tasks better and faster. If your organisation embraces DevOps, you can add Shadow IT into your infrastructure with the security risks.
Purple Griffon offer the following easy and affordable DevOps online training courses, where you can become certified from the comfort of your own home:
Start your DevOps journey today and your DevOps qualification could be earned online within 180 days.
9. Machine Learning Poisoning
THREAT: Poisoning attacks are nothing new, however once machine learning is used more in Cyber Security – hackers will find ways to get around it. A Cyber Criminal could target a machine learning model and inject instructions into it and make it more susceptible to attacks.
Machine Learning Poisoning is a method, where hackers use malicious samples, introduce backdoors or Trojans to taint the training pool and lead to a drop in the accuracy of your system.
Many organisations recognise the high payoff that comes with security intelligence, but only 38% of business have adopted this approach so far. Artificial Intelligence (AI) has the potential to save businesses in the UK millions of pounds and revolutionise Cyber Security as we know it.
PREVENTION: We are all for evasion tactics, when it comes to defensive strategies however sometimes you do get caught out and it can be a little too late. There are countermeasures, which exist to defend your system against Machine Learning poisoning, but they don’t work in all cases.
A common method of defence is Outlier Detection, also referred to as Data Sanitisation or Anomaly Detection. The hacker will inject instructions into the training pool, which is different to what it is programmed to include, and you should be able to detect the changes and isolate the injection from your own data.
According to a report from Price-Waterhouse-Coopers (PwC - July 2018) Artificial intelligence (AI) is set to create more than 7 Million new UK jobs in healthcare, science and education by 2037, more than making up for the jobs lost in manufacturing and other sectors through automation.
Everyone must understand how AI can be applied to their organisations to position them for the future. As individuals, we need to look at the career opportunities, which will emerge in designing, testing and implementing AI and embrace these technological changes.
Purple Griffon’s Artificial Intelligence (AI) training courses are offered as a public classroom schedule or as virtual learning and are delivered by Dr Andy Lowe, who has 20 years plus experience in high performance computing.
Our Artificial Intelligence (AI) training courses can be delivered in a classroom or attended virtually. The AI training courses are taught by Dr Andy Lowe, who has 20 years of experience in high performance computing, a degree in mechanical engineering and a PhD in numerical simulation.
Purple Griffon’s Artificial Intelligence training courses will help you prepare, not fear the future… Find out more information here.
8 Quick Tips To Protect Your Organisation Against Cyber Threats
If you are looking to improve Cyber Security practices within your company, but just want some quick guidance, then see our helpful tips below to protect your business against these new cyber threats.
1. Prioritise Cyber Security and develop a strategy to assess the data that your organisation handles.
2. Identify the type of security your organisation will benefit from now and in the future.
3. Run security audits on a regular basis.
4. Create unique password combinations for your systems and compliment it with Two-Factor Authentication.
5. Invest in tools like anti-virus software, firewall and software which can scan for threats and remember to update it when new versions are released.
6. Put in place a strong backup policy.
7. Implement end-to-end encryption for all of your confidential files.
8. If your organisation is in a position to do so, then hire someone to ethically hack your systems and fix your vulnerabilities.
7 Essential Cyber Security Tips For Remote Workers
We have talked about the 9 biggest Cyber Security risks that your organisation will face in 2020, but there are also multiple online threats that remote workers need to be made aware of in order to keep the whole business protected.
Continue reading to learn about the dangers of working from home and our helpful tips for working safely online.
Using Personal Devices To Access Business Networks
A large volume of employees will be forced to use personal devices in order to work remotely and this significantly increases the risk of malware corrupting your personal device and lead to organisational information being leaked.
Public WiFi Networks
Most professionals will work from home where they can use password protected WiFi, but some might use public WiFi networks in coffee shops or libraries and these are prime spots for hackers to collect personal or confidential information from you.
Phishing Attacks are recognised as the top cause of data breaches and Cyber Criminals can easily send seemingly legitimate, deceptive emails with malicious links and attachments. Once, you click on one of these links, the hacker is able to access your device or much worse.
Here are some signs of a Cyber Attack on your device that you should look out for:
- You have noticed that there are new applications that were not installed before on your device.
- Your computer or personal device has slowed right down.
- You are seeing unusual pop-up ads on your screen.
- You have lost control of your mouse, keyboard or both.
We have listed 7 essential tips, which will help you to be as secure at home, as you are in the office:
1. Use a Virtual Private Network (VPN).
2. Secure your home WiFi router.
3. Use strong and complex passwords.
4. Set up Two-Factor Authentication.
5. Ensure that you are using anti-virus software.
6. Lock your device when it is not being used.
7. Be cautious and look out for phishing emails and scams online.
Now that you are equipped with some Cyber Security tips for working remotely, you can continue to get your work done!
How Can We Improve Cyber Security?
The first line of defence against Cyber Attacks will always be education. Educating users should be a requirement for every business and training courses can help you here.
Formal training is especially important for IT Administrators, Security Teams, Management and Web Developers when it comes to defending your security network in any organisation.
Cyber Security must include everyone, from the CEO to Customer Service Agents and we all have a responsibility to be concerned about security online and offline.
Purple Griffon provide an extensive range of training courses, which will help you improve your security knowledge and become certified at the same time:
- PCI DSS Foundation
- PCI DSS Implementation
- CISA - Certified Information Systems Auditor
- CISM - Certified Information Security Manager
- CISSP - Certified Information Systems Security Professional
- CISMP - Certificate In Information Security Management Principles
- CRISC - Certified In Risk & Information Systems Control
- Artificial Intelligence (AI) Essentials Certificate
- Artificial Intelligence (AI) Foundation Certificate
Did you find our ‘What’s A Cyber Threat? 9 Cyber Security Threats In 2020!’ blog article helpful? We would love to hear your thoughts in the comments below.