Trends in Cybersecurity Cases

How Vulnerable Is The Cloud To Cyber-Attacks, Especially As Companies Increasingly Use And Rely On Cloud Computing?

The cloud refers to a data server maintained by a cloud provider without the direct management of the user. Cloud storage is safe because it is located in places such as warehouses where workers generally do not access to and because files stored on the cloud are encrypted. Companies find it attractive to move critical applications to public clouds because it is viewed as more secure than on-premises storage. About 88% of companies are using public cloud infrastructure services in 2020.

Significantly, the Oracle and KPMG Cloud Threat Report 2020 reveals that while cloud adoption by companies continues to expand, the basics of cloud security are still not understood and cyber fraud is increasing. About 3/4 companies have experienced data loss from a cloud service more than once. Targeted and untargeted ransomware is a billion-dollar business for criminals who have recently turned their attention to the cloud and are focusing on companies that cannot operate without downtime such as healthcare industries and state and local governments. As more information and data are moved to the cloud, cybersecurity and protecting infrastructure will become critical.

Will Advances In Automation And Ai Help Or Hurt The Cybersecurity Of Companies?

Automation through the use of AI technologies is an appealing option for companies seeking to reduce the workload on understaffed teams, reduce the costs of human labor, save time, and overall accomplish more with less. It can also help companies manage risk and improve the quality of product and service development. At the same time, criminals leverage AI to perpetrate elaborate and complex cyber-attacks on companies and engage in cyber experimentation with malicious software.

AI is helping companies detect malware but constantly needs adjustments in order to avoid detecting too many false positives. Malwarebytes’s 2019 Report on AI notes that cybercriminals exploit this weakness by circumventing malware detection to make AI see its files as legitimate or by solving Captcha or creating more convincing spam. The cyber risks associated with using robotic process automation (“RPA”) include abuse of privileged access, disclosure of sensitive data, security vulnerabilities, and denial of service, according to EY’s Report on robotics and cyber-attacks. These risks are likely to continue in magnitude and intensity for the upcoming year.

What Is GDPR, Does It Apply To U.S. Companies, And What Are Its Compliance Obligations?

The General Data Protection Regulation (“GDPR”) is a regulation that addresses data protection and privacy in the European Union and the European Economic Area and governs the transfer of data outside of the EU and EEA. GDPR was passed in May 2016 and took effect in May 2018. The provisions are enforced by the national data protection authorities in the EU. The GDPR has extraterritorial application. It is applicable to companies who have a website in the United States and visitors from the European Union regardless of whether the goods or services are marketed in the EU. The GDPR places restrictions on how companies can collect and process consumers’ personal data and how consumers can limit company access to their personal data. If a company infringes a consumer’s information or a breach is not reported, companies could face significant fines and penalties.

Fines for GDPR violations include up to 10 million euros, or up to 2% of the undertaking’s entire global turnover of the preceding fiscal year, whichever is higher. In January 2019, Google was fined 50 million euros in accordance with the GDPR for lack of transparency and valid consent, and inadequate information given to consumers, and Marriot International, Inc. was fined more than 99 million euros under GDPR for data breach. As Facebook and other websites share consumer and company information, consumers rally for increased data protection laws. In the absence of federal regulation on data privacy, states have responded by recently enacting their own legislation on consumer privacy rights. For instance, the California Consumer Privacy Act (“CCPA”) took effect on January 1, 2020 and gives California residents the right to control the data that companies collect. In 2020, more states are expected to follow California’s lead and enact similar laws.

What Is “Deepfake” And How Do Cybercriminals Use It Against Consumers And Companies?

“Deepfake” refers to fake audio or video used by cyber criminals for illicit purposes. It generally entails swapping people’s faces and modifying audio to simulate another individual. These videos originated in 2017 and were commercially developed as mobile apps in 2018 and 2019. These apps allow users to swap faces with one another and impose their image on movie clips and supplement it with desired clothing and fashion. In March 2020, a video face swap app, Impressions, was created that allows the user to make high-quality face-swap videos.

Growing alongside their commercial and entertainment uses are “deepfake” video crimes. Cybercriminals use computer algorithms to create disruptions to industry sectors. For instance, “deepfake” videos can impersonate politicians or CEOs and entice people to transfer funds or otherwise steal millions of dollars from unwary consumers and companies. They can also interrupt the financial industry, media, and the 2020 elections. It is an elaborate yet highly convincing form of forgery and is becoming a major cybersecurity threat. “Deepfake” videos are likely to have a significant impact across various industry sectors as cybercriminals embrace its use for cybercrimes.

What Are The Cybersecurity Risks Associated With The Spread Of 5g/Advanced Wi-Fi Technology?

The new 5G technology touts improvements in speed and reliability for the user. Consumers and companies are already operating on 5G technology in many instances. To achieve the best connectivity for the user, smart phones will generally automatically switch from 5G to Wi-Fi. Specifically, wireless carriers of either 4G or 5G will sometimes switch to Wi-Fi networks for calls and data in high-density areas such as shopping centers and airports in order to save network bandwidth. When this happens, voice and data information is transferred to Wi-Fi access points in these public areas and to cell towers.

However, due to defects that occur during this transition, hackers can sometimes access voice and data of 5G cell phone devices. This trend is likely to increase in 2020 as cyber criminals find additional vulnerabilities in 5G technology, according to Cyber Magazine. Strategies such as utilizing a VPN or testing company Wi-Fi access points can prevent cyber-attacks and thefts that occur during these cellular to Wi-Fi shifts. Despite this, cyber criminals are also exploiting the time it takes for industries and locations to accumulate the investments needed to upgrade network infrastructures to 5G capacity.

Because Smart Contracts Are A New Method Of Engaging In Business Transactions, How Safe Is It For Consumers And Companies To Use Them?

Smart contracts are a relatively new form of contracting between consumers and companies. A smart contract is an agreement embedded in computer code, mutually agreed to by the parties, and stored on the blockchain. Once the pre-defined terms of the contract are satisfied, the smart contract is automatically enforced.

As cybercriminals turn to blockchain technology to perpetrate fraud, smart contracts have become highly attractive due to the ability of the parties to create the rules of the contract that are eventually transferred to the blockchain. Criminals prey on the lack of knowledge and regulations surrounding smart contracts and use sophisticated malware against consumers and companies to steal intellectual property, personal identifiable information, health records, and financial data, according to a Deloitte Report on Blockchain and Cybersecurity. In 2016, the DAO was hacked when a criminal exploited a programming mistake in the smart contract and stole over $50 million of the virtual currency, Ether. These vulnerabilities make it easy for cyber criminals to hack smart contracts and are likely to increase in 2020.

What is the Internet of Things (“IoT”)?

The Internet of Things (“IoT”) refers to a network of devices connected to the Internet that can collect and exchange data. Examples include electronic appliances, alarm clocks, speaker systems, and connected security systems. The Internet of Things has been applied in smart homes, cars, and even cities. While the IoTs is not a new topic and has been around since the late 1990s, its popularity by consumers and companies has increased in recent years due to advances in computing, blockchain, and various smart devices. However, the use of IoTs without having an adequate, private 5G network in place could put the company’s privacy and data at risk. A 2019 Report from F-Secure notes that cyber-attacks on IoT devices have tripled in the first half of 2019 alone.

The security of the IoT is only as secure as the particular IoT device. The problem is that there is a significant lack of awareness about which devices are included within the definition of IoT and, therefore, consumers and companies are unable to implement procedures to safeguard attacks on these devices. Cyber criminals readily develop new techniques to hack devices connected to an IoT network to steal sensitive consumer information and company intellectual property. Exploiting the weaknesses in 5G or hacking less well-known IoT devices is a common practice and is expected to increase.

Is It Necessary For Companies To Purchase Cyber Insurance?

Cyber insurance is becoming a popular means of company data protection, as data breaches increase in quantity and severity. The costs of a typical breach include replacing laptops, repairing databases, and strengthening internal controls. It also includes the loss of the company’s customer base as well as reputational losses. Traditional company insurance is no longer sufficient to cover such losses. Cyber insurance is frequently sought to compensate for potential data breaches.

According to the 2019 Travelers Risk Index, only 51% of companies are purchasing cyber insurance. This number is expected to rise substantially in 2020 as cyber-crimes increase. Companies are advised to explore cyber insurance coverage options. Many options exist such as First-Party Coverage, Worldwide Coverage, or Business Interruption Coverage. The best coverage for a company will depend on the nature of its business and the specific risks it faces.

How Significant Is The Cybersecurity Skills Gap And How Will This Affect Company-Implemented Cybersecurity Measures In 2020?

The advances in cybersecurity technologies have always lagged behind cyber-attacks and other system threats. As companies increasingly report a shortage of IT staff, the demand for enhanced cybersecurity professionals continues to exceed supply by far. The United States has a gap in cybersecurity professionals of about 500,000, and, if this trend continues, there will be 3.5 million unfilled cybersecurity jobs in the world by 2021. Companies report that this gap has severely decreased their security systems and makes their operations incredibly susceptible to cyber-attacks. This trend is unfortunately likely to continue and, by extension, exacerbate the severity and frequency of company cyber-attacks. Security Magazine predicts an additional 15% increase in the cybersecurity skills gap in 2020.

How Can Consumers And Companies Keep Up With Advances In Technology And Safeguard Data?

Despite the increase in cybersecurity risks, consumers and companies are encouraged to be proactive. The following list is representative of best strategies that can be undertaken to both prevent and combat cyber-attacks:

• Create and maintain a strong password combination that is unique and equipped with two-factor authentication.
• Establish a strong cybersecurity awareness program for employees.
• Using virtual private networks and not unsecured Wi-Fi.
• Utilize periodic reviews and security audits of physical devices and IT infrastructure.
• Apply encryption to all company sensitive files.
• Reboot, reset, and wipe out all old technological devices before disposing them.
• Have strong data loss prevention software and backup policy.
• Make sure all systems have antivirus software and firewalls that are able to adequately scan threats and install updates.