2020 is around the corner. The end of the year is a time when pundits and writers assess what happened in the past year and look ahead. This blog and our upcoming webinar on December 18 will provide commentary and context on the big trends picked by top minds in cybersecurity.
Inevitably, threats like phishing and ransomware will continue to keep CIOs up at night. What new events, tactics and concepts will shape cybersecurity in 2020?
More importantly, how can companies safeguard their company against threats both old and new? Relying on trusted partners and solid tools can be the antidote. Cipher has introduced CipherBox to empower companies to handle the challenges of the new decade and beyond.
1. Cloud Vulnerabilities
Challenge: There is a misconception that storing data and handling processes in the Cloud guarantees security. In reality, misconfigured cloud instances resulted in more than half of data breaches in 2019. This trend will inevitably continue well into 2020. Amazon’s configuration guide for businesses to establish their own cloud environment is well over 100 pages, allowing for human error when implementing. The increasing move from local databases to a cloud-hosted model allows for more opportunities for hackers to take advantage of misconfigurations as well as supply their own ingenuity that could result in data breaches.
How Cipher Can Help: CipherBox MDR is integrated with the major Cloud Service Providers to analyze risky behavior and user account activity. If your company is using Amazon Web Services (AWS), Microsoft Azure, Microsoft Office 365 or Google Cloud Platform (GCP), then you are in luck! CipherBox will act as your added layer of defense to identify a potential threat to your cloud-hosted data.
2. Mobile as a Cyber Crime Vector
Challenge: Believe it or not, your smartphone is the next frontier in cybercrime. Techniques to infect mobile devices through apps are becoming more common. These fake and malicious apps are designed to steal data on your smartphone and even swipe any stored passwords on these devices. Additionally, social engineering through SMS text messages (known as Smishing) will continue to increase next year. If you are a business that issues company smartphones to employees, or you allow employees to bring their own device (BYOD) to work, then you will need to address this risk.
How Cipher Can Help: CipherBox MDR is designed to detect any threats on a company’s network. If your employee’s phones are infected with malicious applications, CipherBox will detect these threats as the malicious app communicates back to its Command & Control (C2) server from your company network. Additionally, Cipher can help educate and train your employees through our Security Awareness Training service. The best defense against social engineering and misuse of smartphones is through creating a company culture aligned with cybersecurity principals and ensure that employees can spot these attempts to trick them.
3. Supply Chain Cyber Attacks
Challenge: The supply chain of a hardware and software consists of the various components that make-up the solution. If malicious code infects a component within a larger trusted application, then the overall application is at risk. Compromising one part of the supply chain can infect multiple vendors. Supply chain attacks are up 78% in 2019, according to Symantec. One example of this is with Asus, a computer and phone vendor. Asus was a victim of supply chain attacks in 2018 that resulted in them providing infected computer systems to upwards of 500,00 customers.
How Cipher Can Help: Cipher has multiple strategies that are designed to help a company tackle risks associated with their supply chain. Through our GRC services, Cipher can provide cybersecurity program assessments of your critical vendors to ensure their cybersecurity program is effective. We are also entering into partnerships with companies to provide CipherBox MDR as part of their vendor management program.
4. More Data Privacy Regulations
Challenge: The protection of privacy rights for individuals and their data is a growing trend. The California Consumer Privacy Act (CCPA) goes into effect January 1, 2020. Other states are considering similar privacy bills in 2020, including Massachusetts, Minnesota, Pennsylvania, New Jersey and New York. Many countries outside of the United States are following suit. These acts combined with the Global Data Protection Regulation (GDPR) provide a strong impetus for data and privacy standards. Companies are becoming overwhelmed with the various components and requirements of rules. As a result, IT departments. General Counsel and C-Level Executives are often stretched thin with spare time and each new requirement only adds to the complexity of running a business.
How Cipher Can Help: Cipher has many services that can help a business handle the even increasing privacy regulations. CipherBox MDR is a solution designed to provide out-of-the-box cybersecurity for businesses to detect and respond to risky activity on your networks. This increase in security helps prevent unauthorized access to private data stored on your networks and decrease the likelihood of a privacy incident from occurring. Additionally, Cipher’s Governance, Risk and Compliance (GRC) services can help your business become compliant with these various regulations. From data mapping and discovery tools to expert policy & procedure development, Cipher can ensure your company is set-up for success for these privacy laws.