Although the year is ending and the holidays are approaching, there is no real end of the year or closing in the world of cybersecurity. Cyber threats only increase with the holiday season and they certainly do not sleep. One of the most important take-away for cybersecurity professionals is to look at what the big take-away lessons are from 2020, in order to transition into the new year of 2021.
The Big Takeaway
According to the popular security blog known as CyberObserver, there are five big take-aways from the year.
1. Worldwide spending in cybersecurity will reach 133.7 billion by 2022.(Gartner)
2. 52% of reported breaches were related to hacking, 28% caused by malware, and 33% caused by successful
phishing and social engineering attacks(Verizon)
3. 68% of business leaders agreed that cybersecurity risk were growing
4. 86% of breaches were financially motivated (Ihasco)
5. Data breaches exposed over 4.1 billion in company records (RiskBased))
Source: https://www.cyber-observer.com/cyber-news-29-statistics-for-2020-cyber-observer/#:~:text=According%20to%20the%20Cyber%20Security,for%2050%25%20of%20cybersecurity%20budgets.
Zeroing in on the statistic that there are over 4.1 billion in records stolen or exposed this year multiple articles and professionals across the internet still agree that weak or stolen password credentials are still the leading cause to a successful hack. We've seen examples of this password security issue with company giants like Zoom, who reported that over 500,000 user account credentials were stolen and put up for sale on the web.
Biggest Vulnerabilities of 2020
According to the Secureteam website, there were 3 vulnerabilities labeled as the most dangerous in 2020. Those vulnerabilities included:
CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting)
CWE –787 Out-of-bounds Write
CWE-20 Improper Input Validation
These vulnerabilities are important to know and take note on, because it can help security professionals make better judgment on where to spend both time and resources in their environment.
The Future of Data is Cloud
In retrospect of where companies are headed with their data, it is also important to note that Cloud Vulnerability is and will continue to remain in the top as one of the biggest cybersecurity challenges organizations will have to face, as businesses continue to adopt more cloud applications and tools to maintain operations.
History Repeats Itself
One major trend in 2020, according to the Secureteam website report, states that “68% of organizations that suffered a network breach are the victim of a repeat attack within a year”. What cyber-criminals have demonstrated with repeat attacks, is that they believe that once an organization is attacked once, it is possible to potentially attack them again. The article also reports that on average, criminals return 68% of the time to attempt a breach a second time.
Conclusion for 2020
As security professionals transition into the upcoming year, perhaps the biggest take-away is that “80% of data breaches can be prevented with basic actions, such as vulnerability assessments, patching, and proper configurations”(CyberObserver, pg.1 2020). Despite the increasing growth in security awareness, the gap is still far too wide for comfort and companies both small and large are still lacking in basic security hygiene. However, even though there is a growing number of attacks and challenges on the web, there is also a growing force of analyst, SIEM tools, and security measures to combat them.
References
29 Must-know Cybersecurity Statistics for 2020. (2020, March 08). Retrieved December 11, 2020, from https://www.cyber-observer.com/cyber-news-29-statistics-for-2020-cyber-observer/
5 Cybersecurity Threats to Be Aware of in 2020: IEEE Computer Society. (n.d.). Retrieved December 11, 2020, from https://www.computer.org/publications/tech-news/trends/5-cybersecurity-threats-to-be-aware-of-in-2020
Adler, S. (2020, December 10). Under Pressure To Prove You Are Secure. Retrieved December 11, 2020, from https://www.cshub.com/executive-decisions/articles/under-pressure-to-prove-you-are-secure
Executive, J., & Rosier, J. (n.d.). Cyber Security - a summary of 2020. Retrieved December 11, 2020, from https://www.ihasco.co.uk/blog/entry/3042/cyber-security-summary-of-2020
Faithfull, M. (2020, September 09). The most dangerous vulnerabilities of 2020. Retrieved December 11, 2020, from https://secureteam.co.uk/news/the-most-dangerous-vulnerabilities-of-2020/