Cybersecurity is rapidly evolving and new attackers with new techniques are ready to join the current cybercriminal clique. That doesn’t mean current threats will disappear, on the contrary. We’ve created a non-exhaustive list of 7 cybersecurity threats to watch out for in 2019. Topics include the use and misuse of chatbots, increasing threats around IoT devices, cryptojacking, the continued presence of ransomware, good old-reliable phishing attacks, the rise of shadow IT, and negligence towards existing vulnerabilities.
Phishing
Let’s kick off with something familiar. A phishing attack is a practice of sending emails that appear to be from trusted sources – normally an online service or a bank – with the goal of gaining personal information. By entering or using credentials, clicking links or replying to phishing emails with financial details, information is sent directly to the malicious source. Avoiding these attempted attacks is a big challenge, but raising user awareness is one main way of reducing the risk of phishing attacks.
Rogue Chatbots
Cybercriminals and hackers will create malicious chatbots that will try to lure victims into clicking links, downloading files or sharing private information. A hacked chatbot could misdirect victims to vicious links rather than legitimate ones. Attackers could also leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one.
Cryptojacking
Cryptojacking malware, which allows hackers to take over enterprise computer equipment for the purpose of “mining” cryptocurrencies, is now more common than ransomware. Not only does this massively slow down and impact the overall performance of the victim’s computer, but it also provides the attacker with a financial benefit.
Shadow IT
Shadow IT refers to any software, service, or even hardware that employees are using on your enterprise network without the consent or knowledge of your IT department. It has grown exponentially in recent years, partly driven by the quality of consumer applications in the cloud such as file sharing apps, social media, and collaboration tools.
While IT is no longer responsible for the physical infrastructure or even managing the application, it’s still responsible for ensuring the security of the corporate data employees is uploading to cloud services. Since internal IT departments aren’t even aware of the apps, they cannot monitor them, ensure that regular backups are performed, or apply important software updates.
Ransomware
The past year, we saw fewer news reports about major ransomware attacks. However, no one has forgotten the huge impact of WannaCry and Meltdown. Ransomware attacks are still expected to be a top cyber-threat and have been causing a lot of damage in the past years. They’re still considered one of the most dangerous threats amongst cyber-threats.
Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. It has the potential to cause the permanent loss of company data because it infects encrypted data and secure database systems and threatens to delete or corrupt files unless a ransom is paid.
IoT Risks
Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organizations, with minimal thought regarding the security risks. The Internet of Things (IoT) encompasses many “smart” devices, such as Wi-Fi capable refrigerators, printers, manufacturing robots, coffee makers, and countless other machines
The issue with these devices is that they can be hacked by attackers to carry out further attacks. Worse yet, many businesses don’t even realize just how many IoT devices they have on their network, meaning that they have unprotected vulnerabilities that they aren’t aware of. Lansweeper’s discovery capabilities can help you eliminate those blind spots from your IT environment.
Unpatched Security Vulnerabilities
While there are countless new threats being developed daily, many of them rely on old security vulnerabilities to work. With so many malware looking to exploit the same few vulnerabilities time and time again, one of the biggest risks that a business can take is failing to patch those vulnerabilities once they’re discovered.
The easy fix is to maintain a regular update schedule—a day of the week where your IT team checks for the latest security patches for your organization’s software and ensures that they’re applied to all your company’s systems.
Mitigating your Security Risks
You can’t protect what you don’t know exists. IT Asset Management plays a critical role in maintaining a secure IT estate. Leveraging that collected network data is a fundamental starting point for implementing security measures across your organization