January 28, 2020

With weekly headlines highlighting the latest cyber attacks and data hacks — even tech tycoons like Jeff Bezos aren’t safe — and a growing awareness of the fragile state of data privacy, cybersecurity awareness is at an all-time high. With 2020 underway, what should businesses and consumers worry about this year and what steps can they take to protect themselves from bad actors?

Google search volume of keyword ‘cybersecurity’ from 2017-01-01 until 2020-01-20

We asked IEEE Senior member Kevin Curran to share his top three cybersecurity threats for 2020 that will need the most protection this upcoming year. From your IoT-connected devices to protecting your cryptocurrency and how enterprises are using AI for protection — here’s what you need to know:

1 – IoT Security

The Problem: Compromised IoT devices have been responsible for large scale botnets, which can launch denial-of-service attacks, steal data, inundate users with spam or even access devices and their connection without the owner’s knowledge. Of course, more people are buying IoT devices such as home assistants, smart doorbells, internet connected fridges, toasters and more, but securing IoT devices is still a difficult thing to achieve properly. Even something which seems innocent such as an IoT connected coffee maker could be hacked and allow attackers to know our pattern of use and from that, they can make predictions as to when we are at home or not.

The Solution: Organizations need to ensure they deploy IoT devices with sufficient security policies in place such as firewalls and intrusion detection and prevention systems, but they also need to ensure they cater for the confidentiality of their customers’ data. All devices need strong passwords. It is also good practice to enforce certificate-based authentication which identifies communicating individuals and authorised devices. This is currently used in point of sale (POS) terminals, petrol pumps and ATMs. Device management agents can also highlight failed access attempts and attempted denial-of-service attacks. All non-IoT devices must also be patched and kept malware free. These could as likely be the pivot point for infecting IoT devices.

2 – Cryptojacking and Cryptomining

The Problem: Cryptojacking is where malware gets implanted on a device with the sole purpose of mining cryptocurrency for the hacker. Criminals it seems have discovered that it can be easier to host cryptojacking malware on machines to mine cryptocurrency instead of attempting to execute traditional ransomware extortion attacks. While not as devastating as other attacks,nefarious cryptomining malware on a device will steal CPU processing resources leading to a slowdown in performance and extra drain on battery-powered devices. It can lead to a shorter lifespan of the affected device and substantial unexpected costs, if running on a paid-for cloud service for a long period.

The Solution:
Cryptomining occurs when users are tricked into downloading executables or they visit high-jacked sites where ads get executed which run cryptomining scripts. The steps to minimize the likelihood of suffering a cryptomining breach are installation of ad blockers, anti-virus software, disabling Javascript and training staff about the dangers of clicking on links and visiting ‘dodgy’ sites. Also look for slowdown in performance and examine running processes.

3 – Artificial Intelligence and Machine Learning

The Problem: We can never achieve perfect security if any system is targeted. We can of course and should – mitigate risk. Penetration testing is common for probing systems but many unintentional, yet significant security problems cannot be found through this type of testing alone, therefore source code auditing is the technique of choice for technical testing. Auditing code manually can be particularly effective for discovering several issues including access control problems, Easter eggs, time bombs, cryptographic weaknesses, backdoors, trojans, logic bombs and other malicious code.

The Solution: AI and Machine learning can be used to detect irregular financial transactions and customer profiling techniques; through fraud detection methods that match test data with profiled anomalous patterns. Anomalous detection systems profile normal patterns and searches for outliers, while hybrid detection systems combine misuse and anomaly detection techniques to improve the detection rate and reduce false-alarms. Scan detection can also be used to detect the precursor of attacks and lead to an earlier deterrence of attacks. Profiling networks then can assist in active protection of systems through extraction, aggregation, and visualization tools.

INTERACTIVE EXPERIENCES

Celebrating the Global Impact of IEEE's 802 Standards

Scenes of our Cyber Lives: The Security Threats and Technology Solutions Protecting Us

How Millennial Parents are Embracing Health and Wellness Technologies for Their Generation Alpha Kids

Space Exploration, Technology and Our Lives

Global Innovation and the Environment

How Technology, Privacy and Security are Changing Each Other (And Us)

Find us in booth 31506, LVCC South Hall 3 and experience the Technology Moon Walk

Virtual and Mixed Reality

How Robots are Improving our Health

IEEE Experts and the Robots They are Teaching

See how millennial parents around the world see AI impacting the lives of their tech-infused offspring

Take the journey from farm to table and learn how IoT will help us reach the rising demand for food production

Watch technical experts discuss the latest cyber threats

Explore how researchers, teachers, explorers, healthcare and medical professionals use immersive technologies

Follow the timeline to see how Generation AI will be impacted by technology

Learn how your IoT data can be used by experiencing a day in a connected life

Listen to technical experts discuss the biggest security threats today

See how tech has influenced and evolved with the Games

Enter our virtual home to explore the IoT (Internet of Things) technologies

Explore an interactive map showcasing exciting innovations in robotics

Interactively explore A.I. in recent Hollywood movies

Get immersed in technologies that will improve patients' lives