As we head into a new decade, we can expect more business challenges coming our way as organizations around the world, and the technologies they adopt, continue to evolve. One of those challenges will be maintaining the security of critical business data. With our technology advancing every day, it seems as though cybercriminals are always close behind.

Today’s cybercriminals are as dangerous as ever: They are able to work across international borders, they can use multiple points of attack, and they have an army of sophisticated tools to penetrate our systems.

According to research conducted by the Ponemon Institute and sponsored by IBM, there is a 29.6% chance that a global business could suffer from data breach within the next two years[1]. The research also shows on average each business could lose $3.92 million in the form of lost business, crisis management, forensic analysis, legal expenses and fines.

So, to prepare and protect our ventures from these catastrophes, we must first understand what we are dealing with. Here are five global trends that may cause cybersecurity problems this year – and what we can do to minimize those risks.

1. Shared Tools in Hacker Communities

Cybercriminals today do not need to have profound technical expertise to carry out their villainous acts. All they need is to simply access hacker communities on the dark web that offer sophisticated tools that are easy to execute from anywhere.

For example, two Romanian hackers seized control of security cameras in Washington DC before the 2016 presidential inauguration. It was later revealed that the cyberattack was extremely easy to perform – they simply sent thousands of phishing emails containing ransomware.

These types of phishing attempts have a success rate of 3%, according to a digital security services expert. Still, a high proportion (32%) of breaches involve phishing and more than half (52%) involve hacking[2], and even though only 3% of users take the phishing bait, all it takes is one breach for the criminals to succeed.

What can we do: Businesses can focus on protecting high-value and sensitive data with systems that require multifactor authentication. They can also adopt automation to generate one-time, complex passwords so that suspicious activity becomes easier to detect.

2. Expanded Attacks on the Cloud

While the cloud can offer enterprises a convenient, cost-effective foundation to operate their businesses, new opportunities may also arise for cybercriminals to take advantage. For example, many apps nowadays are linked to one another through connecting APIs, presenting a potential opening for attackers.

Many companies also connect their portals with service partners, adding an additional layer of risk. Even if one organization is well-equipped to deal with cyberthreats, it cannot ensure that vendors and contractors are just as vigilant. According to a study, third-party breaches have grown year over year, and over 5 million records were exposed in 2018 alone[3].

To complicate matters, the use of IoT technology is rapidly expanding, which could further increase the number of attack points. This year, the enterprise and automotive IoT market will grow to 5.8 billion endpoints, a 21% growth over 2019[4].

What can we do: Companies will need to reach beyond their own environment and ensure that all third parties use the same security standards.

3. More Motivated Attackers

Although cyberattacks are usually motivated by financial gain, there is an increasing number of politically motivated attacks over the recent years, as evidenced by the US sanctions against North Korean hackers. Criminals nowadays not only use ransomware attacks as immediate money makers, but also to disrupt the functions of political organizations and businesses and hold them hostage for long-term gains.

What can we do: Organizations must identify the motivations behind cybercriminals and devise security strategies accordingly.

4. Cyberfatigue

Some businesses are willing to accept the risks of cyberattacks because they have developed an attitude that these bad acts would happen regardless of what they do. As this kind of “cyberfatigue” sets in, companies would let their guard down, making it easier for attackers to get what they wanted.

What can we do: An effective approach to overcome “cyberfatigue” is to implement universal training programs so that all employees understand the severity of cyberattacks, their respective roles within the organization on this matter, and the actions they each could take in the event of an attack.

5. Agile Development Overlooks Safety

More and more software products are appearing on the cloud. For many software developers, their priority is to bring their products into the market as fast as possible to gain an advantage. While it is good that competition is driving creativity and innovation, there will always be instances where developers start to cut corners with the security aspect in order to save time. For some products, security may not even be included in new patches or new features.

What can we do: Organizations can encourage security experts and software developers to work alongside each other from start to finish.

The Bottom Line

There will be newer and bigger cyberthreats coming in 2020. The question is whether we are well-prepared to deal with most – if not all – of these sinister situations.

Although nothing is guaranteed to succeed, and no system is perfect, we can start with the basics. By simply drawing up a strategy to combat breaches with backups and a detailed security plan, the risks could be reduced to a bare minimum. With each cyberattack, there are millions of dollars in potential losses on the line, and that gives us enough reasons to be alert.