As a bumper year in cybersecurity, criminals had a run globally and were majorly successful in their attempts, as could be seen by glaring headlines across the world. Despite instances and examples of best practices available for companies and institutions to follow, many firms realized the hard way when they fell victim to cyber-attacks in 2019.  Across the world, captions about ransomware, credit card data being compromised, business emails being hacked, e-commerce website data being infiltrated, etc. were a daily occurrence.

Prominent corporations such as Amazon, Elastic Search, Yahoo, etc., had their databases exposed as hackers deftly stole unsecured data. For instance, a large media company in Mexico had millions of records unprotected on their database and more than 267 million Facebook user IDs, credentials and names lifted by cybercriminals from the database. 

Facebook too experienced a devastating revelation. Millions of their user passwords that had been stored in plain text on internal servers and were now out in the open that could be easily accessed by unauthorized employees. These and similar such discoveries that could have been potential data breaches were identified. However, it is unknown how many of these databases stored in word documents or PDF files, or worse still, were found and leaked by criminals.

Despite all the resources spent on defence, over 50% of data breaches took months to discover, which by then they had done the damage. Almost every organization is aware that cyber-attacks and disinformation attacks against government institutions, databases and people are only likely to increase in the coming months. With presidential elections coming up in 2020, companies and people feel that well organized and technically sophisticated cybercriminals will inflict maximum damage on unsuspecting and vulnerable systems.

Leaving 2019 behind comes with it the impending wave of new attacks that businesses and individuals will have to defend themselves from. Cybersecurity experts opine that three prominent trends are likely on the horizon. These include:

• An increase in data attacks using unconventional behaviour
• An emergence of Linux-based data attacks
• And a continued increase in the volume and complexity of information-stealing viruses and malware.

If we were to classify malware, cybersecurity experts claim there are two significant identifying factors. These are: how the malware enters, and it’s objective. This includes the behaviour of the malware as it moves inside the system.  If the malware is not detected on time or becomes challenging to identify, the action can become unconventional. Such malware is likely to stay in the systems’ network and devices for a long time without detection.

The conventional way of evading detection is to use blacklisting techniques and invasion methodologies. Cyber experts opine that IT security professionals may concentrate on non-traditional behaviours in the coming months, while businesses must keep a keen eye for such threats as they flesh out their data security strategies for 2020 and beyond.

Today, Linux-based platforms and applications are not as common, but that does not mean they are safe from malware attacks. On the contrary, such systems could be more susceptible to attacks as hackers could look to less protected entry points. This is why cybersecurity experts believe that they could be an upsurge of Linux based attacks.

Stealing content from data is by no means a new form of data security threat.  Across the world, many newsworthy instances of large enterprises held ransom to data security attacks were visible for all to see and fear. Unfortunately, this trend could rise even further in the coming months. And while the drift could increase in popularity, there could also be an increase in complexity. Stealing information by penetrating enterprise networks could become more sophisticated and advanced. Until a few years ago, taking information and data was just one of the many attack forms, but in the coming months, security experts feel that such attacks could become more integrated into the enterprise.

As always, when it comes to data security, the power of education and training must not be undermined. And while businesses across the world are increasingly focusing on security education and awareness, there may still be a glaring error in how that awareness is employed in practice. While a good deal of data security education depends on knowledge, the issue of how it is executed could be the problem. Since many companies are highly process-oriented, it could stop them from being swift enough to enable the right people to report an incident or act on it.  Also, there is a great need to bridge the gap between the level of comfort people have with technology and generations.

Given that several organizations have cross-generational employees, traditional methods of securing data could be more prevalent than newer months. And while the need to continually educate and empower employees is critical in protecting against future attacks, protecting data in an enterprise can come about with digital rights management. As a multi-layered defence, digital rights management is an advanced solution that contains basic and advanced data protection. It offers protection against unauthorized access, sharing and controls how documents can be used. As a hardened security solution it can safely safeguard the contents of classified and sensitive information and documents in PDF files at the time of creation, in storage, in transit and wherever they may be.