Back in December 2018, we predicted that 2019 would bring more of the same problems in the world of cybersecurity. We also said that advanced email attacks would become more sophisticated in this year and that spear phishing would become more prevalent. From what we can see now, most of what we’ve said is, unfortunately, coming to fruition.
However, a lot more has happened. Headlines of massive data breaches, privacy violations, email breaches, and other forms of cybersecurity threats are all under the spotlight. These problems, affecting both businesses and consumers, continue to make cybersecurity a vital topic for everyone.
Two quarters into 2019, let’s review our predictions and see what to expect for the coming years.
The IoT continues to grow and so does the Attackers’ Interest in It
As expected, the Internet of Things and all its connected devices is spreading all over the globe. In 2018, there were around 23.14 billion connected devices, while in 2019, there are 26.66 billion. That number is set to reach 75.44 billion as early as 2025. Such growth inevitably brings the attention of hackers.
Ever since IoT devices first appeared, experts have been saying that there are many inherent security flaws in all of them. One of the most highlighted flaws is the ability, from IoT devices, to trigger communication to users and to other devices (e.g. receiving a warning from your refrigerator). This communication, which can be an app or an email, can be tampered and used for phishing or for obtaining sensitive information.
However, there is hope that their increased popularity will bring more regulations that can protect IoT devices. Even though many ignore it, there are already several ways to safeguard IoT devices from cyber threats.
Data Breaches Continue to Affect Everyone
Data breaches continue to be a big problem in 2019, and the trend is unlikely to stop. Massive companies like Facebook are still experiencing leaks. More importantly, the number of data breaches is continuing to rise, most notably in the health industry, where an 80% increase has occurred from 2017 until today. One of the reasons for this rise is legal: several countries are enforcing the need to communicate breach incidents, and both minor and major incidents, as well as just the suspicion of an incident, are published.
It’s important to note that one of the causes making it a huge problem comes from the fact that most companies take too long to identify data breaches. The average time across all industries is 197 days, and some 69 more days to contain the breach. During such long periods, most companies stand to spend millions to remedy the situation.
Advanced Email Attacks Continue to Affect Companies
Email attacks are always changing, but 2019 is proving to be the year of the most dangerous email attacks – impersonation attacks. Such sophisticated email threats - Business Email Compromise - have been on the rise lately, and they continue to scare many business owners. 61% of organizations have stated that they are worried about email attacks on their businesses.
One of the most aggressive attacks on businesses is certainly a business email compromise, which continues to be the most significant risk for companies of all sizes. Hackers are increasingly using these sophisticated attacks while turning away from less profitable cyberattacks like ransomware. BECs usually lead to data breaches, in the form of information exfiltrated from organizations. The email attack vector is actually one of the main drivers for some of the highly publicized data breaches we’ve seen this year.
Improving Cybersecurity Culture in your Organization
The email will remain the primary targeting method of advanced attacks. Having advanced email security software in your company it’s crucial to detect and to prevent against the most sophisticated email attacks.
With so many sophisticated email attacks and other cyber threats on the rise, companies need to start paying more attention to their cybersecurity, and all a company can do is strive to make a safer digital environment with proper cybersecurity technology and employee education. By enforcing those security practices, you’re very likely to avoid the risk and remain safe of the most advanced threats in your company.