Top Network Security Risks in 2020 - Part 1
If there's anything the last 20 years has shown us, it's that data security is paramount in modern business. Every year, the war rages on between hacker voraciousness and IT admin ingenuity. Every year, IT professionals invent new ways to stop hackers, and hackers find new weaknesses to exploit. In 2020, every business should be preparing for this year's wave of network security risks and the breaches of those brands who fall in the battle.
2019 was a tough year for network security. The number of incidents and the cost of a breach are both at an all-time high. The average cost of a data breach is 3.94 million dollars. More than 4.1 billion records were exposed in 2019, and it's been found that 84% of customers stop trusting a brand after a data breach. Data security is more important than ever before, and not just because regulations are on the rise.
To help you build your company's defenses, we're taking a deeper look into the top 10 network security risks to watch out for in 2020.
1. Mobile Devices
You can build your intranet like a fortress with an amazing firewall, encryption, and port control. You can harden each one of your internal end-points. But if you have a wifi network, mobile devices can and will bring outside programs into the network and potentially carry secure data off of your network.
Surprisingly enough, few companies have fully taken control of the network security risk created by wifi and mobile devices. Even company-provided devices that go home with employees can have outside apps installed and features enabled. The most basic phones and tablets (and now laptops) can take photos and make audio/video recordings and open connection to the internet can enable downloads and uploads onto your secure network.
Mobile devices are a wild card, but one that can be mitigated. Your company can support a mobile workforce and maintain internal data security with a careful and considerate mobile policy.
2. Adaptive Phishing
There is one type of network security risk that can never completely be stopped. No matter how innovative IT admins become and no matter how little the core tactics change, social engineering opens doors. There will always be a well-meaning employee who will open the wrong email or share information without verifying credentials first, no matter how many communication channels we secure or invent.
A long time ago, phishing started as phone scams. Then it evolved in the age of email into what we know as "classic" email phishing. Them we developed spam filters. Then there were forums and instant messenger (live chat) and phishing hackers adapted. Now the channels are expanding infinitely and the social-hackers are adapting.
Some call customer service lines or chat services. Some pretend to be friends on social media. Some are still using email with measured success. Be prepared and train your team to know the signs of phishing no matter what channel it comes through.
3. Transition and Transmission Exposure
Here in the tech security industry, we've gotten pretty good at securing our data repositories. Databases and servers can be protected in many different ways, with encryption as the finishing touch to render even stolen data useless, but what about when our data is in motion? Data is most likely to be exposed when it is being moved from one container to another, either because of the transition logistics or during the data transmission itself.
Data exposure during transition tends to come from small technical oversights. The new server might not be encrypted yet. Someone involved in the transition might gain access to secure data that they don't have clearance to see. Transitions always create an opportunity for data exposure that must be covered.
Transmission exposures occur when the data is traveling between secure points. Data can be read both wirelessly and through physical lines while it is traveling, which is why transmission encryption is so important.
4. Open-Source Oversight
If your business uses open-source software (OSS), you've got a potential network security risk. Open-source software is free and available to anyone, and many programs are updated by more than one team of developers. OSS has some distinct security downsides that can be managed, but only if you are aware of them.
First, open-source is available for anyone to crack into the source code. That means that hackers, too, can play in open source business software, finding all the weaknesses and practicing exploits.
Second, open-source often lacks in security updates where SaaS (Software as a Service) excels. It is often necessary to build and maintain your own security patches to close known gaps in security. This can help with the first problem as well.
Third, open-source software does not automatically update itself even when newer, more secure versions are available. Be sure to build a schedule for researching OSS updates and implementing those that are available.
5. In-Line or Supply-Chain Attacks
Hackers out for a pay-off over a big score have found a new favorite way to infiltrate: through your web store. Hackers like to slip their data collection malware in-between certain user interactions to steal things like login information, credit card numbers and credentials, and personal addresses. Sometimes they redirect your visitors to a spoof page or simply arrange to steal the information as it passes through your e-commerce platform.
This is traditionally called a supply-chain attack because the hacker gets in between your phases of sale. They do this by placing the malicious software in-line in the buyer journey.
Not only is it vital to constantly scan and audit for this kind of attack, but it can also lead to deeper infiltrations. If your POS system or computers are connected to the company network, then a supply-line attack can grow to infect the network for a more profound future infiltration.
Cyber Threats Continue to Evolve
Network security is an essential part of your business plan for 2020. The threats are new, interesting, and evolving. Join us next time for the second half of this article where we'll talk about the other 6 top risks this year, ranging from admin fatigue to new AI developments.
Contact us today for more cybersecurity insights or to power up your business' IT security.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.