December 13, 2019 By Douglas Bonderud 5 min read

Cybersecurity threats are capricious, given to sudden change without warning. This year, average data breach costs rose to $3.92 million while total records breached per incident surpassed 25,000.

For infosec pros, it’s easy to get caught up in current events. What’s happening right now understandably informs 2020 cybersecurity posture and investments, but history also plays a role in defining the best practices and policies that bolster security year-over-year.

With a new decade just weeks away, it’s worth looking back on what was (and integrating what is) to develop new approaches capable of handling what will be.

A Very Brief History of Cybersecurity in the 2010s

2010 saw the rise of real-time search. In 2012, companies were leveraging data at scale to drive actionable insights, and by 2014, mobile devices took their place as collaborative corporate mainstays. But these advances in technology came with commensurate increases to cybersecurity threats, as attackers recognized the value of large-scale — and often unprotected — datasets.

Some of the top threats from the past decade include:

  • Stuxnet infects SCADA systems (2010) — One of the first SCADA attacks, Stuxnet paved the way for Shamoon and other industrial control system (ICS) threats capable of combining physical and digital risk. As ICS and SCADA systems have become invariably linked to public-facing services via internet of things (IoT) devices, the potential impact of this threat has expanded.
  • Cyberattacks on POS machines (2013) — In December 2013, a retail giant saw payment card details for 40 million customers compromised after point-of-sale (POS) systems were infected and spread malware to secure servers. The scale and scope of this attack put third-party threat vectors front-and-center for cybersecurity pros.
  • Heartbleed’s open-source bug (2014) — Heartbleed cut into databases worldwide, opening the door on open-source security concerns and paving the way for other widespread attacks like Shellshock.
  • NotPetya seeks to destroy (2017) — An updated version of the Petya ransomware, NotPetya didn’t just encrypt information — it damaged data beyond repair. This kicked off multiple rounds of ransomware attacks and evolution.
  • Cryptomining malware rises (2018) — Leveraging simple mining modules that could be loaded into any website, cryptojacking techniques began mining cryptocurrency without user attention or consent and led to the development of improved detection and identification tools.

The takeaway here is that threat actors have been far from complacent over the last decade. From SCADA to POS to open source, ransomware and cryptocurrency, attackers aren’t stuck in a security rut — if you build it, they will come (and break it).

Lessons Learned From 2019 Cybersecurity Trends

While the history of cybersecurity defines broad actions, more immediate security concerns drive current responses. This year saw a mix of new threats and returning vectors, such as:

  • Citywide compromise — Attackers are taking their malware on the road and using it to compromise entire municipalities. In August 2019, at least 22 Texas cities were hit by coordinated attacks that forced key services offline and demanded payment for restoration. With many municipalities now leveraging a mix of legacy and cloud-based technologies, defensive gaps are commonplace.
  • Mobile malware — According to Check Point, cyberattacks targeting mobile devices are up by 50 percent compared to last year, and threats are diversifying as devices become commonplace across both personal and professional environments. Mobile banking apps are among top hacker targets, as users prioritize on-demand features, and banks are rushing to fill the gap.
  • Familiar phishing — Phishing is back, or more accurately, it never really went away. While phishers have been relatively quiet over the last three years, recent data from APWG shows them jumping back into the corporate boat as business email compromise (BEC) techniques become more sophisticated.

Cryptojacking and ransomware, meanwhile, have both declined sharply, as corporate IT teams have become more adept at detecting and defusing these attacks before they’re able to gain a foothold. Add in the impact of volatile cryptocurrency markets on both mining schemes and forced-file-freedom payments and it’s no surprise that hackers have opted for lower-hanging, more lucrative fruit.

Shifting attack vectors and expanding attack surfaces have prompted three key trends in 2019:

  • Bigger budgets — Security budgets are on the rise, with upticks between 1 and 9 percent planned for 2020, according to FireEye, as companies look to equip local defenders for greater effectiveness.
  • Fire with fire — New technologies like artificial intelligence (AI) and machine learning (ML) are now on the investment radar to help companies counter the effects of advanced cyberattacks and deal with the massive amount of alerts and data coming into security operations centers (SOCs).
  • Crashing confidence — Despite souped-up spending, recent survey data from Marsh found that just 11 percent of organizations now report a high degree of confidence in their ability to measure, mitigate and manage cyberattacks.

How to Improve Cybersecurity in 2020

As 2020 looms, how can companies develop defensive strategies that both incorporate historical trends and address the realities of 2019 cybersecurity attacks?

Here, combining past experience with present expectations is critical. In practice, this requires a three-tiered approach.

1. Recognize Repetition

Email remains a top cyberthreat vector — whether it’s delivering ransomware or leveraging social engineering to steal account credentials. As Forbes noted, while detection tools have gotten better at blocking common spam messages, the increased sophistication of those messages still puts staff in the line of fire.

The takeaway is simple: Cybersecurity is circular. What goes around comes around again, and this is especially true for email. Putting up an effective defense in 2020 and beyond demands a combination of layered email security and regular in-house training to ensure employees can spot this security risk in the wild.

2. Adapt and Integrate

Attackers aren’t afraid to shift tactics when it works to their advantage. Petya not working so well? NotPetya can pick up the slack. Ransomware and cryptojacking not paying the bills? Malicious actors can move to compromising mobile applications. Infosec professionals need to adopt the same approach in 2020.

There’s no single way to protect critical assets and deliver improved security. From cloud-based tools capable of detecting threats at scale to AI-driven defenses and intelligent threat detection methods, it’s worth diversifying defenses to defeat threat actor heterogeneity.

The caveat is that you must also keep complexity in check. While attackers shifting tactics can leave previous infiltration methods behind, companies must defend networks at scale. To that end, look for tools capable of integrating protective services without compromising performance.

3. Turn Every Security Stone

Where are systems most vulnerable? It’s a trick question — despite their best efforts, most infosec teams are a step behind attackers. From open-source exposure to POS exploitation and citywide compromise, hackers are always looking for another way in.

In 2020, organizations can’t leave any security stone unturned. Instead of assuming that systems that haven’t been attacked yet are naturally secure, companies must recognize that it’s only a matter of time — not inherent toughness — that prevents critical compromise. While the reduced confidence reported by survey results is worrisome, there’s an opportunity here for infosec teams to start from ground zero. With attacks continually evolving, the assumption of potential compromise and the practical deployment of regular penetration testing efforts can help pinpoint key network weak spots.

Cybersecurity doesn’t exist in isolation. As the past decade has demonstrated, hackers are more than willing to change tactics, take unexpected approaches and rescue attack vectors when it suits their purpose. By combining the lessons and practices from 2019 cybersecurity with past permutations, we can craft better strategies for the next decade of cyberdefense.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today