Yet another year of hyper-connectedness just passed by. More consumers joined the online world, more apps took over our lives and gave further rise to more vulnerabilities. 2019 saw “Big game hunting ransomware” targeting organizations and massive data breaches. The year has been an eye-opener for many users – those who were unaware of security risks and who did not expect to be targeted.
Closer to home, cybercriminals may be trumping Indian users through consistent online transaction frauds, sim frauds, ATM skimming and so on. In fact, according to CERT-In data, more than 3,13,000 incidents had been reported in India in 2019.
As we step into 2020, consumers may want to be more mindful about their online footprint as cybercrooks are only getting smarter. Here is a look at what could be the most pressing threats for consumers in 2020-
- IoT & 5G: IoT devices will continue to increase, connecting more technology under one roof of systems from machine learning to robotics and so on and alongside increase threats and rising demand for more secure measures to protect data. 5G will take the issue of IoT security to a much bigger scale. Consumers are only warming up to the necessity of protecting IoT devices, and before every consumer figures all of it out, we will be facing a challenge of a much bigger magnitude, more on the privacy side. Consumers are going to be under constant observation, generating more and more valuable data.
- Ransomware: Ransomware has long been a villain, but this year cyber criminals will be moving away from easy targets such as home users, to bigger and harder targets such as large organisations such as manufacturing units and hospitals who cannot afford any downtime. When it comes to setting budgets for next year, organizations need to make sure to allocate resources for security and encryption, and training of every employee.
- BEC attacks: Established companies are likely to allocate enough resources for cyber security and trainings, however, SMBs may still struggle to build these budgets and even fight internally to change the mentality of “It’s not going to happen to us.” This year, it will be extremely important for organisations to make sure every employee is vigilant and always looking out for BEC attacks (Business Email Compromise) that impersonate CEOs and executives authorized to do wire transfers. When it comes to BEC attacks, all cyber criminals need to do is a few searches of procurement history and send invoices via phishing emails asking for payments.
- Creepware: Creepware is a Remote Access Trojan (RAT) which allows people to hack into to a victim’s device to steal personal data, login passwords and a lot of other personal information which can be used for blackmailing the users. We can expect this number to fluctuate in the near future.
- Juice jacking: Many travelers who use public charging stations may fall victim to juice jacking where victims charge their device by plugging into a USB port or using a USB cable that’s been surreptitiously loaded with malware. While they were getting a charge, they also put themselves at risk of getting their data stolen. It’s still unclear how big a problem this will be in 2020 but concerns arose after the Los Angeles County District Attorney’s Office published an advisory across its social media platforms warning holiday travelers of juice jacking at airports and other public locations
- Deepfakes Audio and Video: Deepfakes are going to be a double-edged sword. Used in the right way, this technology could revolutionise various industries such as entertainment by helping smaller scale production houses generate better and more realistic versions of their vision which won’t cost nearly as much equipment or capital as bigger production houses. At the same time, in the wrong hands it could be misused to harm personal lives and cause reputational damage or fool people into making decisions with false information. While deepfake videos can steer political/electoral campaigns and give rise of revenge porn, audio deepfakes can be used for financial scams where you hear a dear one’s voice asking for money transfers.
- Disinformation: In talking about disinformation, we usually hear about fake news sites. However, that’s not how disinformation manifests itself. What the originators do is find existing reporting that might be polarizing in and of itself and then promote such news through artificial accounts. They often take something out of context, such as a picture that was taken a long time ago and blast it out over social media, pretending it was taken recently in an effort to make a point. Unfortunately, there is no uniform way to identify and counter disinformation campaigns, but this much is assured for 2020: disinformation is here to stay.
- Credential Stuffing: Lastly, credential stuffing (cyber-attack where stolen account credentials are used to gain access to accounts through large-scale automated login requests) is primed to be problematic as fraudsters increasingly turn to the dark web to acquire stolen usernames and passwords, they can then use on social media platforms, or websites to try and unlock a victim’s personal data. Within seconds, they blitz hundreds of sites until looking to gain entry. Unless someone has elected to use 2FA (two-factor authentication), they are going to be at risk.