From this study of cybersecurity, we can extrapolate vulnerabilities and preventive actions that we must keep in mind this year.
Different Attack Vectors, Equal Vulnerability
A vector is a path or tool that a cybercriminal uses to maliciously attack a person or organization.
Of the total respondents, they all stated that the different vectors present a latent vulnerability. So instead of focusing on protecting a specific point, they seek to protect the final product or the information center.
That said, 39% mentioned that all attack vectors are equally vulnerable, 21% mentioned that the biggest threat was email. And 11% of mobile devices. In turn, everyone agrees that email is a worrying point for Phishing attacks that have become a constant. And it requires little technical skills from the attacker.
Identity Theft, Ransomware, and Malware
19% of IT professionals surveyed said that the most constant attack with serious repercussions during 2019 had been identity theft (Phishing).
The second most recorded attack is Ransomware. This is probably due to the fact that to carry out information sequestration. It carries out from a Ransomware family, a slightly modified code that is capable of crossing existing security filters, so we see a volumetric increase, but not of quality or quality. Greater technical requirement.
The third most constant problem is malware, 10% of professionals mention having experienced problems with malicious code.
Considering that the two best-known computer viruses of 2019 were ZeuS and Trickbot. And, the aim of both at stealing information from the financial sector, the professionals dedicated to bank security are the ones who should be most concerned with this section.
Human Errors in Cybersecurity
The professionals also described the source of the attacks in their organization. They are reporting that 40% of the attacks happen thanks to human errors, demonstrating that there is much field to go in training the personnel in cybersecurity.
The second human factor is due to infrastructure errors that generate vulnerability. So there is a network security course capable of training professionals in CISCO. And providing that knowledge to reduce this vulnerability.
Cybersecurity Predictions | 2020
From these trends, the beginning of the decade projects changes not only in the investment of companies but in how professionals will devote their efforts to defend their organizations.
Budget Allocations Dedicated to Specific Attack Vectors
Half of the respondents say that their allocation of budgets to Network Infrastructure during the second half of 2019. That is why it will be a trend that in 2020 the organization’s budget will be distributed among the attack vectors that have been, or maybe, objective Phishing and malware.
The second half of 2019 has given a scope of this prediction since, the statement of 41% of respondents that email was, where it gave more investment, and 37% was invested in training staff to reduce human errors.
Training and Personnel Control
Because most of the business attacks attributed to the behavior of a worker (such as clicking on a link or opening an attachment). It may not be surprising that the greatest approach to cybersecurity is to train your personnel in security and attack prevention.
65% of professionals say their organization will invest heavily in cybersecurity leadership training. In turn, it plans to prevent these human errors through the detection and response to incidents. And also, the generation of access controls.
Adaptation to the Lack of Cybersecurity Professionals
The lack of cybersecurity professionals remains constant. However, professionals in the sector no longer expect to solve this lack of professionals. But that organizations seek to adapt from different activities.
32% of respondents state that they must maintain updated behavior and knowledge of their staff to prevent attacks, while 29% accept practitioners to seek potential in IT and provide safety training at a practical level.
This new year presents new business needs because “complete solutions” are no longer enough to maintain a secure organization. But requires solutions that focus on specific vectors.