Originally Posted by Entrepreneur Asia Pacific – via entrepreneur.com – September 16, 2020
The continuous escalation of cyber threats is likely to trigger unprecedented demand for software solutions and employee training.
In the past few months, a massive change in working dynamics has fueled an uptick in a kind of infection that’s not constantly in the news — the type that affects computers. Malware attacks, phishing attempts and other types of cyber crime are reaching record heights in 2020. Unfortunately, these latest developments are only the tip of the iceberg, as the rapid expansion of digitalization has already radically increased the exposure to virtual threats in the past few years.
As a consequence, more than 70 percent of in-house cybersecurity managers plan to request a significant budget increase during the next year. Therefore, it’s about time to take a look at the driving forces behind the need for IT security solutions in the current decade.
Coronavirus-related attacks are surging
Although working from home has helped stem the spread of the coronavirus, computer virus infections are now on the rise as opportunistic hackers and cyber criminals look to take advantage of the situation to fill their pockets. As a result, the number of malware and ransomware attacks spiked by 25 percent between Q4 2019 and Q1 2020 as a wave of attacks hit a range of victims.
Criminals are increasingly incorporating coronavirus themes into their attacks, using lures about vaccine information, masks and short-supply items to help snare victims. According to KPMG, a large chunk of these attacks are financial scams that promise government assistance or payment — but actually intend to scam the victim out of their personal information and/or money.
It isn’t just ransomware attacks on the rise either. There has been a stark uptick in the number of phishing attacks in recent months, with criminals now posing as trustworthy sources of information, like the World Health Organization (WHO), to trick victims into handing over money — usually by offering virus testing kits, critical information or coronavirus-related investment schemes in return.
Based on data released by the UK tax authority HM Revenue and Customs (HMRC) and reported by ITProPortal, the number of coronavirus-related phishing attacks reached a peak in May — more than double that seen the month prior. Phishing attacks also saw one of the world’s most popular social networks, Twitter, suffer a significant breach in July, as over 130 influential accounts were hacked after Twitter’s internal systems were compromised.
As a fallout from the Twitter breach and the general uptick in malware attacks, firms both small and large are now beginning to double-down on IT security to keep both their employees and customers safe from attacks. Based on the latest forecasts by Gartner, the cloud security market is expected to grow by 33 percent during 2020, while the data security market will grow by 7.2 percent over the same period to become a $2.8 trillion industry. Much of this is owed to institutional security spending.
Data leaks are a growing concern
When GDPR came into force in 2018, it was supposed to be the dawn of a new era of privacy — in the European Union and the European Economic Area at least. The recently enforceable piece of legislation severely restricts what data organizations are able to harvest about EU citizens while providing users with more control over their data.
Despite this, the number of data leaks has skyrocketed in 2020, and several massive data breaches have already occurred this year. Back in March, the hotel chain Marriott announced that the private information of over five million of its loyalty program users had been leaked. This is the second time in two years that the hotel chain has suffered from a devastating breach.
In addition, the popular video conferencing app Zoom also suffered from a breach that saw the login credentials and private information from half a million users exfiltrated and advertised for sale on the dark web.
Oleksandr Senyuk, who launched a smart yet cloud-free password manager with his company KeyReel, believes that recent trends in corporate culture, such as the use of private rather than corporate phones and use of home offices have dramatically increased security breaches in the business world. “Remote access to internal systems from laptops and desktops located in insecure environments pose a serious threat to businesses, regardless of size,” he says. “The solution is to concentrate around the security of individuals rather than companies.”
Senyuk urges companies to invest in cybersecurity software solutions and, most importantly, in employee education and annual training. Surprisingly, even employees of large technology powerhouses seem to lack basic IT security skills. Senyuk recounts an embarrassing 2016 incident in which a DropBox employee used the same password for a corporate network account and his personal LinkedIn account, resulting in the theft of north of 60 million user credentials.
Overall, as per data from Security Boulevard, 2020 is already well on its way to setting a new record for data breaches, with around 16 billion records already leaked this year. Likewise, according to the 2020 Verizon Data Breach Investigations Report (DBIR), there were at least 3,950 data breaches in 2020 alone, with almost half of these being the result of a hack, while 86 percent were financially motivated.
Governments are cracking down on encryption
It isn’t just cyber criminals that are targeting people’s data either. With the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) act now weaving its way through Congress, it might not be long before anybody who uses encryption-based communication services could be eavesdropped on by the U.S. government, because companies would be forced to weaken their encryption and essentially provide the government with a backdoor to user data.
“Many governments are working towards banning or weakening end-to-end encryption, like the U.S. EARN IT act,” Senyuk says. “This would allow governments to force any cloud provider to break the system and quietly acquire and monitor data. LavaBit and EncroChat are two examples of direct government involvement in the services of cloud service providers. While many users and companies don’t have any major concerns regarding government intervention, security experts warn that weakening encryption would hurt the security of all individuals.”
Understandably, the EARN IT act has received significant pushback from the cyber community, prompting an uptick in the use of encrypted messaging apps like status, crypto currencies like Bitcoin (BTC), and Ethereum (ETH), and security tools that prevent eavesdropping and theft.
With similar efforts to undermine encryption now underway in several countries, and the “Five Eyes” security alliance now looking to implement backdoors in popular apps, privacy is a bigger concern than ever before.