Throughout 2019, we witnessed a number of record-breaking data breaches. Over 5,000 companies reported a data breach throughout the year, combining to compromise eight billion records.

This unfortunate trend demonstrates two issues: cybercriminals are constantly evolving and developing new attack methods, and organizations are struggling to keep pace with them. Until security is a top priority for companies, we will continue to see these issues in 2020.

Threat actors are always enhancing their current tactics, techniques, and procedures (TTPs) as well as creating new ones in order to infiltrate businesses and steal data, implant ransomware, and more.

One technique that will continue to gain traction in 2020 is lateral phishing. This scheme involves a threat actor launching a phishing attack from a corporate email address that was already previously compromised. Even the savviest security-minded folks can be lulled into a false sense of security when they receive an email asking for sensitive information from an internal source – particularly from a C-level executive. As we will continue to see cybercriminals refining their attack methods in 2020, companies must be prepared.

Chaos of the cloud

Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global public cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019.

This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner. Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals.

In addition to the above, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do.

Regardless, companies are gaining confidence – even if it’s a false sense of confidence – in their ability to utilize the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications.

Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.

How to set your company up for success

Brian McCarthy, CTO and well known cyber security speaker, author and consultant from CAS  says, “data is precious, and it is imperative that the proper controls are in place to secure it. Organizations must have full visibility and control over their data by deploying solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage. In this way, they can ensure that data is safe in our increasingly cloud-first, mobile world”.  

For further information contact us at: info@CherubAS.com or call (407) 416-7955