It’s safe to say that the volume and magnitude of high-profile data breaches and ransomware attacks that punctuated 2019 really kept the cybersecurity industry on its toes. Data breaches stole numerous headlines this year, including the notable Capital One breach that exposed more than 100 million customers’ accounts. In fact, New Orleans even declared a state of emergency due to the large number of public services that were directly impacted by this ransomware attack. In comparison to last year, research shows that data breaches have increased by 54% — making 2019 “the worst year on record” for data breaches.
According to SiteLock researchers and cybersecurity experts, the threat landscape will only continue to grow in 2020 and will likely bring even more new challenges with it. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020.
- Stealthier cross-site scripting attacks will continue to take center stage.
It’s no surprise that stealthy attacks remain the top threat to watch out for. Known for their ability to quietly invade and infect, stealthy attacks are extremely difficult to detect and are only becoming more sophisticated. In fact, our security research shows that cross-site scripting (XSS) led the pack in terms of stealthy attack methods, with 1.6 million website pages scanned showing a cross-site scripting vulnerability.
Cross-site scripting is a popular stealthy attack method among cybercriminals as it enables them to directly steal an end-user’s login session token or credentials. This allows the attacker unauthorized access to numerous accounts or servers, putting the end-user’s information at risk. A prime example of a cross-site scripting attack is altering website code through input fields. This activity initiates a fake alert to the end-user, asking them to sign in to a specific account or application. By doing so, the end-user unknowingly provides their credentials to an attacker. Given their growing popularity and effectiveness, SiteLock researchers predict cross-site scripting will continue to dominate in 2020.
2. Threat hunters will help boost the importance of proactive security.
Threat hunters are ethical security researchers driven by a strict set of guidelines. They peruse the web looking for security threats, leaked data, and unsecured databases with the sole purpose of responsibly disclosing their findings to affected companies. Often times these companies have critical security flaws that could open their business to potential threats. The act of good faith delivered by threat hunters can save organizations upwards of $427 per minute by disclosing these security vulnerabilities upon identification. However, as they can only identify and responsibly disclose security flaws, not prevent them, threat hunters alone can’t be relied upon to actually provide comprehensive “proactive protection” in the same manner automated security solutions can. As threat hunters continue to gain visibility and attention for their efforts in 2020, SiteLock Researchers predict they will help bring greater awareness to the need for proactive cybersecurity for any individual or business with an online presence.
3. SMS phishing attacks will be the new phish in town.
Phishing is a common attack used by cybercriminals to trick individuals into providing personal data or login credentials through a “spray and pray” method that can reach a mass audience, typically via email. However, SMS phishing is starting to gain serious traction, and SiteLock researchers believe these attacks will be difficult to mitigate in 2020. Malicious text messages are at the center of SMS phishing, and similar to email phishing, they aim to trick users into taking action that puts them and their personal data at risk. They are difficult to prevent because as of today, there is no way to proactively stop or block these types of messages. Given that over 2.5 billion individuals have a smartphone or mobile device, it’s likely that SMS phishing will become just as prevalent as email phishing, if not more so.
4. California Consumer Privacy Act (CCPA) is the new cyber sheriff in town.
With the implementation of the CCPA only weeks away, it will be interesting to see how this privacy law will affect the cybersecurity landscape in 2020. The CCPA aims to enhance privacy rights and consumer protection for California residents or any other organization that does business with California. Given the focus on protecting consumer privacy, the CCPA regulations will inevitably set the bar for an increase in cybersecurity policies. In fact, companies that neglect to protect user data, due to not having reasonable security policies and procedures in place, could potentially face legal action by any individual whose data was involved in a breach. Regulations such as this are a big win for consumers, and it’s likely to inspire action from the rest of the U.S. In addition, SiteLock researchers expect the CCPA to set the tone for stronger cybersecurity initiatives going into the 2020 Presidential elections.
5. Internet of Things (IoT) devices will be a cybercriminal’s “fifth column” in 2020.
IoT devices are popular among consumers who thrive on efficiency. They provide users the ability to secure their homes, operate their TVs, and use voice assistants to add a level of convivence to their daily tasks. As these devices rise in popularity, so will their ability to be compromised due to the nature of how they are designed. If a manufacturer hardcodes a master password within the device’s firmware, the device becomes extremely vulnerable from a security perspective, especially if an attacker is able to locate and download the password to access the device. As the popularity of IoT devices continues to grow, SiteLock researchers predict the number of compromised devices will follow suit. This will likely be the case until standardized regulations are put in place and manufacturers are required to comply with these standards.
History has shown that with every new year comes new trends and security threats that are stealthier and more sophisticated than ever before, and we predict 2020 will be no different. The first step website owners should take to protect themselves from cybercrime in the coming year is to be proactive about security by taking the following steps:
- Implement good cyber hygiene practices such as using strong passwords or a password manager.
- Update your CMS core files, ecommerce platforms, and plugins to protect your website and visitors from cross-site scripting attacks.
- Implement a website scanner to scan all site files and databases for malware and remove them as soon as they are detected.
- Use a web application firewall to filter bad traffic and stealthy attacks away from your website.
- Educate yourself on how to spot email phishing and SMS phishing by looking for grammatical errors, suspicious email addresses, and suspicious text messages.
In the coming year, it will be interesting to see what cybercrime has in store. The SiteLock research team will closely monitor these five predictions throughout the coming year and will continue to share new information and security best practices to help ensure our customers stay protected in today’s digital world.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.