2019 Cyber Security in Review

The end of one year and the start of another is the perfect time to reflect on the prior 12 months – what went right, what went wrong, and how can the new year be improved. And for those in the cybersecurity space, this means evaluating the past landscape, the present climate, and what the future may hold.

Despite the advances in cybersecurity over the last several years, there are still plenty of ways hackers can access your systems. As many companies in 2019 saw first hand, staying safe online requires ongoing vigilance, regardless of industry, income, or cybersecurity knowledge. This 2019 cybersecurity in review analysis will provide information about the current state of cybersecurity issues – and what you need to know to stay safe.

The Serious Nature of Cyber Crime

The phrase cybercrime in itself isn’t a great illustration of the nature of the industry. Conjuring mental images of shady men in all black, typing furiously in a dark room, the unclear nature of the term leaves more to the imagination than it does to reality. In many ways, this isn’t too far off – the concept of cybercrime covers many different facets of wrongdoing online and isn’t a one-size-fits-all description. From hacking to malware to ransomware attacks, cyber misconduct comes in far too many forms.

Cybercrime is damaging to reputation and the ability to handle regular business tasks, but the true costs go beyond inconvenience. In 2018, the cybercrime industry generated over $1.5 trillion in revenue, with $3.25 billion of number originating on social media. Think that’s where the problems with social media end? It isn’t. Due to the availability of customer information across platforms like Twitter and Instagram, information obtained via social media is now circulated in an underground economy worth around $630 million. An estimated 50% of information seized and sold illegally came from social media hacks.

The rise of cryptocurrency may seem like a benefit for those who got into the Bitcoin game early, but cyber criminals have also seized this potentially lucrative opportunity. Around $76 billion of the global cybercrime market is related to Bitcoin – an amount roughly the size of the illegal drug market in the United States.

Businesses are still among the largest targets for cybercrime. More than half of companies will be targeted at some point, and a majority of losses are $10,000 or more. For some notable data breaches, these numbers have been far larger – the total cost for Equifax’s infamous breach is estimated to cost the company $1.4 billion. While Equifax has the resources to weather this storm without shutting down, this isn’t be true for all companies, especially small businesses with a limited critical infrastructure. In fact, a tragic 60% of small businesses close in the six months following a cyber attack.

The Cybersecurity Trends in 2019

Today, American adults are constantly connected. From smartphones to smartwatches to even smart refrigerators, the modern consumer has more potential points of attack than ever before. As such, it’s important for both individuals and businesses to understand the risks of cyber crime, the most commonly targeted areas, and the ramifications of failing to take proper precautions.

As with years past, cybercrime was a consistent force in 2019, with new tactics dominating the marketplace. 2019 saw a rise in:

  • Municipal-level cyber attacks: Historically, cybercrime has focused on individual entities, but 2019 saw the size of targets expand. At least 22 different Texas cities were targeted with malware, resulting in the takedown of vital public services, like utility services and local records databases. Due to the glacial speeds at which local government tends to move, many municipalities are still slowly switching legacy systems over to cloud-based alternatives, leaving vulnerabilities in systems.
  • Mobile attacks: Smartphones are now more vulnerable than ever. 2019 saw around a 50% increase in attacks on mobile devices versus 2018, with mobile banking apps serving as the most common targets. While banks are attempting to improve data security, there’s little consumers can do to fight back against unstable apps.
  • The return of phishing attacks: An oldie but a goodie, so to speak, phishing still affects millions of businesses every year. In response, many companies have stepped up their efforts significantly, like tagging all emails coming from an outside source with a special tag or holding ongoing employee refresher trainings.

The targets of cybercrime vis marketplace have not changed significantly in the past year; in 2019, professional services firms were considered a target of choice for criminals, while 2018 saw cyber attacks primarily focused on financial services groups.

Unfortunately, as technology evolves, so does the ingenuity of hackers and the malware they employ. Today, there are more ways than ever to break through security measures, penetrate secure systems, and steal information to abuse or sell. Accordingly, constant vigilance is highly encouraged to ensure consumers and companies are adequately protected. There’s no way to know what the next trend in cyber attacks will be, so businesses investing in cybersecurity are encouraged to stay up to date on all emerging trends.

The Importance of Regulatory Knowledge

Cybercrime is always a burden and regularly results in loss, but hacks that violate industry regulations can feel like adding insult to injury. These kinds of mistakes can result in fines or loss of licensure, creating additional costs and logistical hurdles to consider on top of the burden of compromised information.

Not all industries have strict privacy policies related to cybersecurity, but many do. Financial institutions, for example, must abide by the policies outlined by the Security and Exchanges Commission, while hospitals and other healthcare providers are bound by the rules of the Health Insurance Portability and Accountability Act, or HIPAA. Violating these kinds of restrictions can result in steep fines – which can be hard to swallow after facing losses from a cyber attack.

GDPR, a right to privacy policy concerning customers’ personal information put in place in the European Union that affects all who do business there, can also be influential. Failing to adhere to the required security measures can mean big consequences, including the inability to buy from or sell to member countries.

If you’re struggling to keep up with changes that apply to your industry, it’s only natural to feel overwhelmed. However, most regulatory bodies send out regular memos or post news and announcements on their websites. Ensure you’re added to all major newsletters and keep up to date with blogs and press releases to keep important updates from slipping by. For those challenged by legal requirements, speaking with a regulatory attorney specializing in your industry can help to clarify policy changes and what measures must be taken to remain in compliance.

Need to Upgrade Your Cyber Security?

The Threat Landscape in 2020 and Beyond

To attempt to put a stop to an ever-increasing string of cyber attacks, companies are investing more money than ever before in their cybersecurity operations. Per one study, budgets are expected to grow between 1% and 9% in the new year, indicating the serious approach businesses are taking to staying safe. With national security at risk, even the government is stepping up; the 2020 budget includes proposals for an additional $17 billion in cybersecurity services, with the Department of Homeland Security receiving funding in particular.

Artificial intelligence and machine learning are also emerging trends in 2020, with more companies turning toward algorithms that can improve potential attack detection in a consistent and reliable way. The information processed this way can help sort out what data is being retrieved from security operations centers (SOCs) to ensure true signs of attack aren’t getting lost in the noise.

Companies who want to get even further ahead are encouraged to embrace preventative measures like:

  • Looking for repetition: Many different kinds of attacks use the same warning signals or methods, so seeing a red flag once can be helpful in identifying them in the future. AI and machine learning can be an asset here, helping businesses to identify signs of a breach before something happens.
  • Integration, not isolation: The growing threat of cyber attacks feels, in many ways, like a football field that is getting larger and larger without additional manpower to protect the end zone. As such, companies are encouraged to search for integrated solutions that can target multiple security threats at once as opposed to different options for every avenue of cyber threat.
  • Ongoing analysis: Do vulnerabilities exist in your mobile app? How about your cloud storage? Your supply chain tools? Rather than building a solution, implementing it, and assuming everything is fine, it’s important to stay engaged. Threat intelligence analyses should be continual and ongoing, not an afterthought. If a tool was fine last month, it may not be fine today, so many monitoring a priority.
  • Be ready for anything: Good hackers learn that nothing gold can stay. They’re not afraid to change tactics to better penetrate cyber defenses, so you shouldn’t expect them to stick to tried and true methods. Always be ready for any opportunity for attack, even if no obvious security incident is lurking on the horizon.

Can Users Trust Businesses?

In theory, consumers should have the utmost trust in those with whom they choose to do business. After all, these are the connections and partnerships they have entered into willingly; no one is forcing customers to choose one brand over another in most cases.

However, as customers have learned over the last decade, it’s easy to misplace trust. As Target, Facebook, and Equifax have demonstrated, even the biggest names in the business are subject to devastating attacks that put customer information at risk.

Before blindly committing to a company, especially a company that handles sensitive information, like a hospital or a bank, customers owe it to themselves to do a little due diligence regarding security measures and past data breaches. Customers should also be taking every opportunity to secure their own mobile devices and computers, including two-factor authentication and virus protection software. Customers should also follow best practices, like only downloading trusted programs and apps with a clear source from trusted names.

The First Step in Attack Prevention

In many cases, security breaches originate at the source: where companies store their data. An insecure infrastructure can lead to immeasurable problems, putting financial data and customer information in harm’s way.

For those who want to get started on the right foot, a strong private cloud computing solution is essential. Avatara’s CompleteCloud combines a customizable platform with full-service security and customer support, offering a flexible environment that can accommodate anywhere from a dozen users to several thousand. With state-of-the-art protection and around-the-clock monitoring, you can guarantee the peace of mind you deserve for your business.

Schedule an Appointment