In 2020, companies will primarily suffer from weaknesses that have entered their network through third-party providers, container components or supply chain attacks. Just because you outsource the hardware, you have not outsourced responsibility.
What Will Be The Biggest IT Threats In 2020?
The Japanese IT security provider Trend Micro was also concerned with this question. In December, the company announced its security forecasts for the coming year. One point runs through the majority of predictions: inherited vulnerabilities and responsibilities. This refers to vulnerabilities that you did not create yourself, such as security holes in widespread container images. If companies use holes in container code for their own applications, they are also vulnerable. This is made worse by the fact that companies often pay too little attention to what they take over from third-party providers. Your focus is on the part that you contribute to the stack. But anyone who provides a service is also responsible if the vulnerability is not in their own code, but in a component from a third-party provider.
Supply Chain Attacks Are Increasing
Inherited vulnerabilities are not always accidental. Cybercriminals often deliberately target the suppliers of their actual victims – because they suspect security measures here. With such supply chain attacks, the attackers try to penetrate their victim’s network as unnoticed as possible. The effort is significantly greater than with a conventional, direct attack. But once the attacker does it, there is practically no defense left. Because the attack does not come via the perimeter, but from your own server and radiates from there to the entire network.
Supply chain attacks are not new. However, they should increase strongly in the coming year. Why? Malware has been very successful in infecting companies this year. The hacker looked around the system manually and only then decided what to do. Trend Micro assumes that some service providers were infected in this way in 2019 and that the supply chain attacks are now being prepared. Because these attacks are very complex and take a lot of time.
Trend Micro expects more cyberattacks on critical infrastructures in 2020. However, these are still test attacks because there is still no scalable business model. Cybercriminals want to capture as much money as possible with as little risk as possible. However, if a cybercriminal finds a scalable business model, we have a problem. Because the target area is constantly increasing: what is connected also has weak points that can be exploited.