For anyone running a website, 2020 promises to be a tough year when it comes to cybersecurity. According to a range of security experts, not only will you have to deal with the many existing risks; there will also be a raft of emerging threats, many of them highly advanced. Here, we’ll look at some of the major ones that could be coming your website’s way.
Artificially intelligent threats
Artificial intelligence is the technology of the moment, driving significant advancement in all areas of life. Unfortunately, the software is also being exploited by cybercriminals in order to launch attacks against websites and in 2020, the number of these attacks is expected to rise dramatically.
The reason website owners need to be on their guard is that AI can enable malware to mutate. Just as viruses mutate so that they become resistant to antibiotics, malware will use algorithms to help it mutate so it can bypass anti-virus software. By changing their signatures as they attack, they can cloak themselves and gain access unnoticed.
Ransomware as a Service
In the past, cybercriminals purchased ransomware from the dark web and then launched it from their own computers. Today, there are now dark web hosting providers with the necessary expertise to offer Ransomware as a Service. In other words, they and their team of ‘experts’ will provide the software, expertise and infrastructure cybercriminal gangs need to launch large scale ransomware attacks. This means any criminal gangs which previously lacked the IT know-how to carryout website ransoms can now pay for it to be undertaken for them. In 2020, therefore, expect to see ransomware become a far bigger threat than it ever has been.
Personalisation is all the rage in eCommerce as it has been proven to increase conversion rates. This has not gone unnoticed by the criminal community that see personalisation as the way forward when it comes to hacking. In 2020, it is predicted that cybercriminals will commence launching attacks that use a combination of automated content generation and human input to personalise attacks. These can include everything from phishing emails, fake websites, fake mobile apps, personal messaging, app notifications and social media posts. The use of machine learning will enable hackers to quickly discover what does and doesn’t work so that more effective personalisation can take place.
‘Card not present’ fraud
As the value of eCommerce increases and bricks and mortar sales continue to decline, more fraudsters have begun to shift their attention to online fraud. In 2020, ‘card not present’ fraud is predicted to grow by almost 15% and will cost eCommerce stores almost £100 billion over the next four years. One particular area of weakness is those companies that operate omnichannel shopping, where, as users make payments over different devices, there is a wider scope for using stolen credit card details.
The end of generated passwords
As we seek to better ways to protect against cybercriminals, many websites now force users to use strong passwords and this is often done using your website’s in-built password generator. Until now, these have been the best defence against the blunt-force tools that hackers use – mainly because their randomness makes it difficult for the software to guess which combination of characters is being used.
Artificial intelligence and machine learning, however, are bringing an end to this form of protection. The software your website uses to generate that password is now vulnerable as hackers can now configure these algorithms for themselves and use this to crack the passwords you provide. Perhaps even more harmful, is that they can potentially create malware that will reconfigure your existing password generator so that they know every password that’s generated on your website.
Personal data is a highly valuable asset that eCommerce companies have plenty of. That data, which provides you with a goldmine of information about your customers, is also much sought after on the dark web and so is perhaps the number one target for cybercriminals. Going forward, however, one increasingly common way for hackers to get their hands on that data will be the use of account takeovers – either hacking into the accounts of your users or, preferably, taking over the account of someone within the organisation who has access to the data storage.
As you can see, cybercriminals are using newer and more sophisticated ways to attack your website. In 2020, you need to remain vigilant and ensure you protect your site and data as robustly as you can. Importantly, if you are the victim of an attack, the success of your business depends on how quickly you can recover from the disaster. With this in mind, if you do not have automated remote backups in place, make that your number one security priority for this year.
If you require hosting with a range of robust security features, check out our range of hosting packages.