Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, sponsored by Keeper Security, found that the cyber threat environment is becoming more dangerous worldwide. Cyber attacks became increasingly frequent, sophisticated, and destructive throughout 2019, and there’s no reason to believe that things will improve in 2020.
1. Social engineering
Why would a criminal bother breaking into a building if they can simply walk through the front door? Cybercriminals take the same approach when breaching enterprise networks. Even the most sophisticated intrusion detection system is no match for a malicious actor with a stolen password, usually obtained through a social engineering scheme. That’s why phishing (57%), compromised/stolen devices (33%), and credential theft (30%) ranked among the top cyber attacks reported in the Ponemon study, and stolen or compromised employee passwords was listed as a major pain point by 70% of respondents.
Ransomware encrypts files on a victim’s system, locking them out until the victim pays a ransom, usually in bitcoin. However, paying up doesn’t guarantee that you’ll be able to get back into your files, which is why most law enforcement agencies advise against paying ransoms. The financial fallout from ransomware attacks is steadily worsening; Cybersecurity Ventures estimates that it will cost businesses worldwide USD $11.5 billion in 2019 and $20 billion by 2021. According to the U.S. Federal Bureau of Investigation (FBI), ransomware attacks are becoming more targeted, and one of the most popular methods for infecting a system is through a phishing email.
3. Security risks from IoT devices
There are now more IoT devices than there are humans on Earth, but with no uniform set of security standards, smart devices are ripping a gaping hole in enterprise cybersecurity posture. Eighty percent of respondents to the Ponemon survey admitted that an IoT security breach could be “catastrophic” to their organizations, but only 24% are trying to minimize the risks through educating and informing employees and third-party vendors about smart device security.
4. Cloud misconfigurations
Public cloud services are more secure than on-prem data centers — but only if they’re configured correctly. Unfortunately, barely a day goes by without disclosure of yet another major enterprise cloud breach, usually due to a misconfiguration on the part of the cloud customer. The Capital One breach, which compromised 100 million customer accounts and credit applications, happened because of a misconfigured web application firewall (WAF). Since an estimated 99% of cloud misconfigurations go unreported, we can expect the stream of breach disclosures to remain steady throughout 2020.
5. GDPR compliance
Any company that does business with EU citizens must comply with the General Data Protection Regulation (GDPR), even if they have no locations in the EU, making it a de facto international law. The GDPR went into effect in 2018, and enforcement was in full swing this year. British Airways and Marriott International got slapped with enormous fines for running afoul of the GDPR, Microsoft is currently under investigation by EU data authorities, and investigations into Facebook and Twitter recently concluded. While violations by multinationals make headlines, GDPR compliance is an issue for small and medium-sized enterprises as well; 83% of respondents to the Ponemon survey reported being subject to the GDPR, but 39% admitted that their organizations’ compliance levels were lacking.
With October being National Cybersecurity Awareness Month in the U.S. and CyberSecMonth in Europe, it’s a good time to look at top challenges that global businesses of all sizes are facing as we head into the second decade of the millennium. To find out more about the latest cybersecurity trends, download our exclusive report.