Cybersecurity proved to be a tough challenge for Aussie businesses in 2019. From My Health Record breaches to alleged state-sponsored attacks on the Australian National University, hackers outdid themselves at every turn. These devastating incidents will continue to occur as cybercriminals develop new and more cunning ways to attack businesses.
However, organisations like yours still have a fighting chance. By knowing the biggest cybersecurity challenges in 2020, you can prepare your business for what’s to come.
Surging malware attacks
Hackers have a growing arsenal of malicious programs to disrupt businesses in 2020. They can use mobile malware disguised as official banking apps in Google Play and Apple’s App store to steal account credentials. For a subtler approach, they may employ cryptojacking malware designed to steal processing power from computers to mine cryptocurrency.
Targeted ransomware attacks are another potential threat. Although high-profile ransomware like WannaCry are less common, new-aged ransomware will likely focus on specific businesses. Instead of a shotgun approach, hackers will gather intelligence on their target to maximise damage and profits.
Deepfake technology leverages artificial intelligence (AI) to mimic the facial profile and voices of real people. It enables users to create highly realistic computer-generated images (CGI), but it also has some horrifying implications. In 2019, deepfakes were used to spread disinformation and defame popular figures. One of the most notable cases involved a doctored video of US House of Representatives Speaker Nancy Pelosi appearing drunk in an interview.
Cybersecurity experts are also growing more concerned about how deepfakes will enable more technical fraudsters in 2020. Executive-level employees who are often in calls, conferences, and media appearances will be affected most by deepfake fraud.
For instance, deepfakes could show a CEO announcing false controversial information to ruin the company’s reputation or extort it for cash. Another use for deepfakes is defrauding employees who are authorised to make wire transfers. The AI-generated voice of a C-suite executive could be used to demand finance staff to wire cash to the scammer’s account. In fact, this particular type of scam has already managed to swindle US$243,000 from a company in 2019.
The best way to prepare for these threats is to focus on detection and damage control. This requires working with security experts to detect fake content and developing a crisis communication plan. In the long term, businesses will eventually need a technical solution to verify the legitimacy of audio and video files.
Mobile-based social engineering
Social engineering scams evolve every year, and the biggest change in 2020 is how they will be delivered. While phishing attacks are usually sent via email, more hackers will target mobile devices in the coming months. One reason for this is that the number of smartphone users in Australia is expected to reach 18.4 million people. The other reason is that mobile-based social engineering scams are much more effective than email.
SMS phishers, or smishers, can easily spoof phone numbers and use link shortening tools to hide the real destination of their URLs. Users don’t even have the option to hover over links on their phones to verify the legitimacy of a link. Voice phishing, or vishing, is another option for scammers who want to pressure their targets into making quick, ill-advised decisions.
Security training is key to addressing these challenges. You need to teach employees to never click on unsolicited links or respond to impromptu calls asking for sensitive information. There are few anti-phishing technologies built into mobile devices, so being critical of every call or text is crucial.
Advanced IoT threats
The Internet of Things (IoT) is a network of internet-connected devices that collect and share data. These devices could be anything from smart monitors that can be controlled from a phone to automated building management systems. The problem is, hackers have even more entry points at their disposal as IoT devices become integral to business operations.
In 2020, cybercriminals will use AI-powered attacks to tap into connected devices like wireless webcams and eavesdrop on business conversations. The sensitive information they learn can then be used for extortion or sold to corporate rivals.
Connected operational technology, which is designed to control physical processes in buildings and critical infrastructure, is also vulnerable. Hackers can use denial-of-service (DoS) attacks on operational technology. From there, they can kill the building’s power, halt production in factories, and even shut down power grids. These attacks are likely to affect transportation and manufacturing sectors the most. That’s why conducting regular security checks and implementing IoT-specific protections are more vital than ever.
Security issues will occur as telecommunication providers like Telstra and Optus continue to roll out 5G networks in 2020. Given that 5G is still in its infancy, there are likely dozens of undiscovered vulnerabilities that can be exploited.
For starters, 5G networks, like other wireless technology, are susceptible to denial-of-service attacks and radio jamming. Security experts report that hackers could use cellular surveillance tool ‘stingray’ to spy on mobile users. Additionally, hackers can theoretically hijack 5G if they’re able to gain access to the software running it. This means any device connected to 5G networks may also be affected.
Cyberthreats in 2020 and beyond will be cunning, complex, and coordinated. Basic antivirus software won’t protect you from modern threats. You need AI-powered threat prevention, regular security training, and support from an experienced managed IT services provider (MSP). Empower IT is the name Australian organisations trust when it comes to cybersecurity. Call us today to find out how we can ensure your company’s safety in 2020!