2019 saw no shortage of major cybersecurity events. More than 8 billion consumer records were accessed in breaches against companies of all sizes. Victims ranged from world-renowned companies such as Capital One and Zynga down to SMB’s. Will this trend continue? Unfortunately, yes. These types of attacks are not going away in 2020, leaving businesses scrambling to protect sensitive data both on-premise and in the cloud, or face the consequences. So what can we expect in 2020? Who is most at risk and how will business protect themselves and their customers? Here are my cybersecurity predictions for 2020:
- Hacking is Big Business
- Ransomware: Easy Money
- SMB’s: An Attractive Target for Cybercriminals
- Data Privacy Laws Will Get Tougher
- Cloud Security Will Become a Priority
Hacking will continue to become a bigger share of attacks that result in data loss or system takeover in 2020. Personal information, including usernames and passwords, remains a hot commodity on the dark web, making successful hacks very lucrative for cybercriminals.
Ransomware will also continue to increase in 2020. This is due to the simple fact that businesses and governments continue to pay the ransom. Why? Well, most times it’s cheaper and less hassle for the victims to pay the ransom than to try to repair the damage themselves. Just ask the city of Atlanta, Georgia. They refused to pay a ransom of $52,000. The city ended up spending $17M to rebuild its computer network. So expect this trend to continue in 2020. To make matters worse, the average ransomware payment has increased 6X in 2019.
Small and medium-sized businesses will be a bigger target for cybercriminals in 2020. This is because they don’t have adequate resources to protect their data and systems. Phishing attacks continue to be the most common type of attack, with data loss including sensitive employee and/or customer data being the most common result of such an attack. The Ponemon institute reports that 76 percent of SMB’s suffered a cyber attack in 2019, up from 55 percent in 2018. Meanwhile, the average cost of an attack against an SMB is now $200,000.
Cybersecurity and data privacy laws will continue to converge in 2020. The trend that started with the General Data Protection Regulation (GDPR) and accelerated with the California Privacy Act (CCPA) is set to spread to other state laws that prescribe security standards as part of privacy laws and regulations. This means that companies will be forced to take measures to protect customer data… or face the consequences.
Many organizations that migrated to the cloud are realizing (sometimes the hard way) that moving to the cloud does not imply security. Initially there was a false sense of security when it came to the cloud. Threats, risks and vulnerabilities, however, don’t simply disappear in the cloud. Many cloud providers have made public announcements to this point. As a result, most companies migrating to the cloud will engage security on their own to mitigate liability in 2020.