January 22, 2020

What Data Breaches Might Be Coming in 2020?

Olivia Scott

If data is the new gold, every company should be setup like Fort Knox, keeping its customer records locked away from malicious actors. As anyone who has been the victim of identity theft will confirm, however, data protection is nowhere near as watertight as it should be.

According to recent research, the cost of cyber attacks will top $2 trillion in 2019, and around 4 million customer records were stolen every single day in 2018. The effects can be devastating for companies hit by attacks. American Medical Collection Agency is just one example of many, with the medical company filing for bankruptcy within a year after thieves targeted its client records.

Against that backdrop, what is in store for 2020 with respect to data breaches, and how can companies and individuals prepare?

Expect Another Record Year for Data Breaches Worldwide

Companies must be aware that we are passing through a historic peak in the number of attacks and successful data extractions by cyber criminals. The year 2019 looks set to break records for the number of data breaches. As Risk Based Security reports, as of September, the total number of attacks increased by 54 percent over 2018’s total, with some 44.1 billion records exposed. That is a significant rise in assaults on databases and a sign that defenses are struggling to cope.

Will 2020 be any quieter? On the one hand, there are signs that companies are recognizing the scale of the problem. In late 2018, 84 percent of C-level security officers surveyed by Thales eSecurity reported that cybersecurity budgets would rise. In addition, capital has been pouring into cybersecurity startups, prompted by concerns from Amazon and Facebook. However, at least 33 percent of small businesses in the UK reportedly have no cybersecurity strategy, and more than 50 percent have no systems in place to understand whether their security measures actually work. Thus, there is a cultural issue that will make life much easier for data thieves.

E-mail Addresses Will Likely Continue to Be Prime Targets

Assuming data breaches continue to increase, what are thieves likely to target the most? In 2019, the major target was personal e-mails, which accounted for around 70 percent of the data extracted. That is no surprise; e-mail addresses are gold dust for phishers and fraudsters, who can use them as leverage to take out credit cards and carry out elaborate identity thefts. They are also handy for phishers who seek to take over contact lists to spam their messages or even to gain access to online banking and social media platforms.

No Sector Will Be Safe From Data Breaches

If 2019's shocking history of data breaches proved anything, it is that no company is secure from data theft. The news may have been dominated by massive data losses from financial giants like First American Financial (885 million records), or Facebook leaking hundreds of millions of records in two separate incidents, but plenty of less prominent companies have fallen victim.

The year began with a vast Fortnite data breach, when 200 million gamers were affected. After that, all kinds of companies were afflicted. From photo-sharing site 500px and the Family Locator app, to Bodybuilding.com and Canva's online design tools, thieves are happy to pick a diverse range of targets.

In 2020, any app or small company could become a victim, making it imperative for smaller businesses to take action. Even simple controls like a VPN shield could be the difference between leaking vital customer records and serene, hassle-free operations. Whatever they do, companies cannot fall into complacency. Data leaks are not just about the big boys; they are something about which every business must worry.

Anticipate More Inventive Attacks as 2020 Unfolds

Another key takeaway to prepare for 2020 is that the diversity of data breaches is increasing as hackers find older techniques less effective and resort to more innovative methods. For example, 2019 saw an uptick in Magecart-style attacks, which uses JavaScript injection to hijack online payment portals, extracting credit-card and identity details via a keylogger. In one episode, a group of attackers used Magecart to target 962 online stores in just 24 hours.

Magecart is not alone. Expect credential stuffing attacks to rise in 2020, as attackers use the credentials stolen in previous thefts to brute force other, more lucrative databases. In addition, be alert for new ways of weaponizing .pdf attachments or infecting browser extensions with malware.

Expect Successful Companies to Proactively Tackle Data Breaches

Finally, 2020 will see companies thrive if they take data loss seriously. No company can be totally immune from data thefts, but those that create a culture of security and train staff to avoid human error will have a significant advantage. The same applies for companies that enforce VPN usage for remote workers and use encryption and authentication across the board.

Look out for new analytical tools in 2020, with suppliers offering real-time data theft protection, and pay attention to data-flow mapping tools, which can use AI to map potential vulnerabilities. Both products offer extra reassurance in an increasingly hostile environment.

Act Now to Protect Against 2020's Worst Data Breaches

Preparation for data breaches is non-negotiable. Companies that fail to prepare can expect significant financial costs, lost customers, legal nightmares, and in many cases, complete failure.

Fortunately, there are a few good ways to minimize the risks of data breaches. First, investing in password security via training and routine use of encrypted password managers is a good idea. Making multifactor authentication mandatory for access to key databases is also advisable, and auditing all hardware for potential vulnerabilities should be carried out on a regular basis.

Additionally, it makes a lot of sense to make VPN usage part of corporate culture. VPNs secure remote devices, which are becoming more and more common in modern companies, and encrypt data passing into and out of servers, making databases harder to access.

Choosing a solid VPN is vital, so take time to assess the pros and cons of leading players like ExpressVPN or NordVPN.

The year 2020 looks set to be another banner year for data breaches, so buckle up, take what precautions you can, and stay tuned for more spectacular attacks as the new year begins.

For more business law content, visit businesslawtoday.org.

Olivia Scott

Cybersecurity Enthusiast, VPNpro.com

Olivia Scott is a cybersecurity enthusiast at VPNpro.com. Her key competencies include data safety, privacy tools testing, and WordPress vulnerabilities.