Cybersecurity Trends for 2020
As we start a new year – and a new decade – you’ve likely seen plenty of lists of predicted cybersecurity trends for 2020. Today, we’ll take a deeper look at two of those trends that are sure to be of concern to SMBs as we enter the “Twenties”… and more importantly, provide some guidance on how to prepare and respond to those trends.
Trend One: Service Providers Under Attack
As many SMBs are turning to managed service providers (MSPs) for hosting and consulting services, we’ve seen those MSPs become a more common target for cyberattack. Cybercriminals understand that breaching a cloud or service host has the potential to allow them to access many targets at once, or at least command a greater ransom due to the scope of the outage they have created. 2019 saw a handful of high-profile attacks on service providers. India-based consulting firm Wipro reported that several of its employees had been duped by a phishing scam, allowing cybercriminals to access Wipro’s internal systems and email network. From there, the attackers launched attacks on at least a dozen of Wipro’s customers. In late summer, managed services provider TSM Consulting was compromised, leading to ransomware attacks on nearly two dozen Texas town and county networks. In November, Virtual Care Provider Inc. (VCPI), a provider of cloud hosting and managed services for over a hundred health care facilities in the U.S., was attacked and many of its core infrastructure systems were held for a $14 million ransom. December saw a breach at New York consulting firm CyrusOne: its systems were locked down by a ransomware attack that suspended operations for half a dozen of its clients.
This trend looks sure to continue into 2020. MSPs are learning from these incidents and tightening their security measures in response: what are your action items?
· Talk to your providers, keep up to date on their security measures, and understand the liability and risk that you share with them in case of a breach. What are their notification/response procedures?
· Along those lines, conduct regular reviews of your contracts with support and service organizations. Make sure you understand what services may be subcontracted, and confirm that cybersecurity obligations apply to your providers’ providers too. Ensure that you have appropriate authorization to audit – or get independent certifications on – the security measures employed by your partners.
· Do you have an inventory of the cloud and software-as-a-service (SaaS) arrangements in use by your organization? MSPs may appear in your infrastructure as downstream supplier or support organization for some of your suppliers, or may be involved as third parties/sub-contractors for your services. If any of them suffer a breach, you may get caught in the crossfire. You’ll want to understand the potential implications to you and your customers.
· What measures do you employ to root out “shadow IT” usage in your enterprise? Cloud solutions are deceptively easy to subscribe to, and can cause problems if “rogue” users or departments are activating services without correct configuration or appropriate vetting, creating a multiplied exposure if those MSPs suffer a breach.
Trend Two: Next Generation Ransomware
Ransomware at SMBs has been a growing trend for the last few years, and there’s no indication that the danger is going away anytime soon. Media coverage seems to have faded regarding ransomware attacks, unless they involve a massive breach like the December 2019 incident at LifeLabs, potentially affecting up to 15 million Canadians. But make no mistake, ransomware is rampant; in fact, a Cybersecurity Ventures report predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021.
Ransomware is expected to see more sophistication in 2020, as artificial intelligence (AI) techniques are used in the attacks. Whereas old ransomware downloads may have simply aborted after failing to penetrate a company’s cybersecurity defenses, newer attacks will “learn” from their failures and try alternative methods to breach security and encrypt/exfiltrate data. Further, attackers are now targeting network storage systems and devices in an effort to encrypt backups as well as production data, making their ransom demands all the more compelling. Ransomware in the next decade is expected to exploit more sophisticated distribution methods as well. Tools and techniques available on the so-called “Dark Web” make launching attacks much easier for cybercriminals. Malware-as-a-service is a growing industry for the bad guys out there, explaining the significant increase in ransomware attacks worldwide. McAfee Labs predict more two-stage ransomware attacks in 2020 as well. The first phase involves the encryption and “data held hostage” attack, followed by a second phase involving extortion around the stolen data. Fears linger that the LifeLabs attack could follow this pattern, as filings with provincial regulators suggest that data may have been stolen as well as encrypted.
What could also make 2020 different with respect to ransomware is the growing trend of legal action in the wake of an attack. In August, two class-action lawsuits were initiated in Quebec Superior Court, as a result of a breach affecting all 4.2 million members of Desjardins Group, a Quebec-based financial co-operative. In the LifeLabs incident (though the breach was reported to Office of the Information and Privacy Commissioner of Ontario and the Information and Privacy Commissioner for British Columbia on November 1), the public statement was made on December 17 and the first announcement of a class-action suit was made later the same day. Clearly, law firms are getting quicker to identify and seek to punish companies suffering breaches.
It’s a matter of when – not if – attackers will attempt to deploy ransomware against your company. What are your action items to help maintain your best defenses against the threat, or respond effectively in the event of a successful breach?
· Have you conducted cybersecurity assessments, conducted ethical hacking exercises, and reviewed/confirmed your patch management processes?
· Are you comfortable with your cybersecurity awareness and training programs at your company? How often do you test your staff?
· Do you have solid backups? Have you tested them? Are they on physically separate servers, media, or cloud locations to help ensure they would be unaffected in an incident taking out your production systems?
· Have you considered cybersecurity insurance?
· Have you developed a robust incident response plan in the event of a successful ransomware attack? ISA can provide guidance and response services to help your organization in the crucial minutes, hours, and days after discovering a cybersecurity incident.
The trends suggest that cybersecurity threats in 2020 will have greater frequency and severity. These tips and action items will help you stay a step ahead.