The cybersecurity sector has grown enormously over the last decade, as cybercrime become one of the principal risks facing organisations of all sizes and in all sectors. Cybercriminals are now so sophisticated, professional and motivated that defending an organization is no small undertaking.
Businesses invest in the latest cybersecurity tools and GRC software to protect themselves and mitigate against the risk, but it’s still a challenge. The latest Accenture ‘Cost of Cybercrime’ study, revealed that organisations have seen security breaches grow by 67% in the past five years.
Unsurprisingly, banking is the most affected sector, with annual costs crossing $18 million in 2018. But the average annual cost to organisations across sectors is increasing for all types of cyberattacks. Malware and ransomware are among the most common types of attack over the past 12 months, but what other threats have emerged over the past decade and what cybersecurity trends are set to define 2020?
The 2010s – a decade of cyber attacks
As we reach the end of the decade and look back at the preceding 10 years, it becomes clear that the 2010s have been the decade of cybercrime. Even an organisation the size and with the resources of Google was not safe. In 2010 it was revealed that Google, along with companies such as Adobe, Yahoo and Morgan Stanley had been targeted by the Chinese government’s military hackers as part of a coordinated hacking campaign known as Project Aurora.
Data breaches were another cybersecurity theme across the decade. The value of data increased dramatically and so cybercriminals made a point of targeting data in their activities.
One of the first main data breaches affected Sony in 2011, when a hacker stole details for 77 million PlayStation Network users, including personally identifiable information and financial details. Sony had to shut down its PlayStation Network for 23 days while the breach was resolved, losing significant money as a result.
Cybersecurity in 2020
The list is almost endless, and the decade has also seen organisations such as the US Government, UK National Health Service, Marriott Hotels and many others fall victim to cybercrime, whether Malware, data hacks or something else entirely.
The penny has started to drop though. As we approach 2020, business leaders are now – for the most part – willing to treat cybersecurity with the importance it warrants, investing in the right IT GRC tools and cybersecurity software to stay on top of the threats their company is facing.
That’s good news because cybercriminals are only going to become more professional and targeted in their attacks. 2020 will be another dramatic year in cybersecurity, kicking off a decade that will see even more attacks than the 2010s. These are the main trends in cybersecurity for 2020:
Increased data breaches – data hacks and data breaches have become commonplace in cybercrime and that trend is set to continue in 2020. The continued emergence of the Internet of Things (IoT) will mean a further increase number of devices and applications that need protecting.
Sometimes they may not even be aware of which bits of technology have connected to the business, which makes the challenge of keeping data intact (and compliant with all relevant regulatory compliance) much harder. The emergence of 5G will make this problem even greater, as devices can be spread wider geography.
Ongoing ransomware threat – ransomware has been a high profile part of the cyber threat facing organisations for several years now, and that will continue into 2020. Criminals are now more interested in encrypting entire networks, not just a few PCs, with the greater potential reward that comes with that.
Some cybercriminals have also moved on from merely demanding and pocketing a ransom, to copying corporate data to either sell that on or exhort yet more money for the company in question. There’s also the emergence of state-backed hackers who attack an organisation as part of a much wider project – few organisations would be able to effectively defend against this. that you’ve got little chance of comprehending.
The rise of deepfakes – after an incident in 2019 that saw social engineers able to defraud $243,000 from a German energy company via the use of natural language generation technologies, analyst group Forrester has predicted that the costs with deepfake scams will exceed $250 million in 2020.
Deepfakes come in many different guises – a company CEO could be faked to say something hugely offensive, or a brand ambassador could be faked to denounce that company’s products. They could also be used by phishing gangs and as technology can now create deepfakes so convincing, it’s a tactic that is set to grow and grow in 2020.
Managing and mitigating cybercrime risk
The days when installing anti-virus software constituted a robust defence are long gone, and organisations now need far greater insight into the risk they are facing at any given time. Gleaning this insight means drawing on as wide a range of sources as possible, collecting the knowledge from a broader group of stakeholders.
This is where Oxial’s sGRC solution makes such a difference. Not only is it an IT GRC tool to rank with the industry’s best, but we work with a wide range of partners to give our clients access to industry-leading insight and expertise. This insight and information need to be filtered upwards in the organisation – cybersecurity is a boardroom issue.
People need to be aware of such risks, to understand them better and to have a plan that means the organisation can mitigate the risk effectively.
This is something Oxial does for many clients. For examples of our work in this area, please click here.