According to a recently published report by Cybersecurity Ventures, the cost of cybercrimes will increase sharply in 2020, costing the world as much as $6 trillion by 2021, up from $3 trillion in 2015. The growing cost of cybercrime reflects the fact that cybercriminals have been expanding from large corporations to small and medium-sized businesses (SMBs).
From smaller local municipalities and schools to mom and pop stores, everyone will be a potential target in 2020, and everyone needs to implement a comprehensive cybersecurity strategy to protect vulnerable attack entry points and keep intruders at bay. For SMBs, the cost of a security incident tends to be very high. Accenture estimates that 60 percent of SMBs that experience a data breach will go out of business within six months.
While large corporations can afford to spend huge sums of money on cybersecurity, SMBs must make every dollar count by identifying and focusing on top security threats. To help you appropriately adjust your defenses, we’ve put together this list of the top security threats facing small and medium-sized organizations in 2020.
6 Critical Cybersecurity Policies Every Organization Must Have
1. Phishing Will Remain a Major Threat
Despite being one of the oldest attack vectors, email will remain the point of origin for over 90 percent of cyberattacks, with phishing leading the way.
The most alarming thing about the proliferation of phishing is the inability of employees to detect it even though phishing is one of the most heavily discussed cybersecurity topics. According to the AppRiver Cyberthreat Index for Business survey, almost half of SMB executives believe employees can’t recognize phishing, and 64 percent believe there is nothing they could do to stop the practice.
Of course, that couldn’t be further from the truth. SMBs can effectively protect themselves from phishing attacks by training their employees to recognize scams, using two-step verification, having regular security health checks, holding mock drills for phishing attacks, implementing phishing protection inside their email service, and encrypting all sensitive information.
While ransomware attacks targeting individuals have been on a decline, ransomware detections ballooned from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019, and it’s expected that the number will be even larger in 2020.
Cybercriminals have realized that most individuals would rather lose all their data than pay a hefty ransom to recover it. SMBs, on the other hand, rely on their data far more than private citizens, and they also have more money to pay ransoms with.
In 2020, we can expect to see more targeted ransomware attacks in which cybercriminals use various hacking and social engineering techniques to attack a single hand-picked target that is likely to pay the ransom. SMBs should be ready for the worse and keep all their data safely backed up. They should also practice basic security hygiene to make it as difficult as possible for cybercriminals to execute targeted attacks.
3. Cloud-Based Attacks Will Continue to Grow
With businesses of all sizes increasingly moving to the cloud, we can expect the number of cloud-based attacks to grow in 2020. Currently, nearly all SMBs use the cloud in some fashion. Some take advantage of cloud storage solutions like Dropbox, Google Drive, or Microsoft OneDrive, some rely on SaaS solutions like Microsoft Office 365, QuickBooks, or Pipedrive, and some let employees use whichever cloud applications they want to help them be as productive as possible.
However, while cloud adoption is growing, cloud maturity is stagnating. Only 57 percent of small to mid-sized organizations describe their cloud maturity as being advanced or intermediate, according to the RightScale 2019 State of the Cloud Report from Flexera.
SMBs need to realize that the more they embrace the cloud the more exposed they become to various cloud-based threats. Insufficient cloud security greatly increases the risk of a major data breach, whose consequences can be devastating. To reap the numerous benefits the cloud has to offer, such as scalability, flexibility, and reduced IT costs, SMBs should develop a cloud security plan with clearly defined security policies and procedures.
4. Artificial Intelligence Will Be Used for Good and Bad
Over the last few years, artificial intelligence has made its way into many areas of our lives. We’ve seen many examples of artificial intelligence being used for good, such as driverless cars, fraud detection, real-time operations management, medical image analysis, localization and mapping, and smart home automation, just to name a few.
Unfortunately, it’s very likely that we will see the weaponization of artificial intelligence by cybercriminals in 2020. Equipped with sophisticated AI algorithms, cybercriminals will be able to develop new strains of malware capable of avoiding signature-based anti-malware products, forcing organizations of all sizes to deploy state-of-the-art heuristic solutions.
“Advanced malware that adapts its behavior to remain undetected has long been on the rise, and should it reach its full potential, 2020 could see a true cyber arms race,” believes Marcus Fowler, director of strategic threat at Darktrace.
5. Mobile Malware Will Challenge BYOD Policies
Here’s a recipe for a perfect cybersecurity storm in 2020: cyberattacks targeting smartphones and other mobile devices are becoming more and more common and, at the same time, SMBs are encouraging employees to bring their own mobile devices to work for use with internal systems, software, networks, and sensitive information.
Each and every device employees bring to work introduces a multitude of additional attack vectors (malware, data loss, man in the middle attacks, software security vulnerabilities, and others) that can compromise the security of the entire business. Securing mobile devices is no easy feat, often requiring an expensive Mobile Device Management (MDM) system to monitor, manage, and secure employees’ mobile devices.
SMBs should reconsider their current BYOD policies and decide whether the business and productivity benefits of allowing or even encouraging employees to bring their own devices to work are worth the security risks.
Make Cybersecurity a Top Priority in 2020
To be successful in 2020, small and medium-sized businesses must make cybersecurity their top priority. Those who will fail to do so will likely experience the devastating consequences of next year’s top security threats and go out of business.
While there’s no denying that modern technologies are requiring small business owners to wear multiple hats and deal with problems they would likely rather not even think about, there has never been a greater selection of affordable cybersecurity solutions than there’s now. SMBs that understand the importance of technology and cybersecurity have a wonderful opportunity to turn both into a major competitive advantage.