Cyber threat trends for 2020

In February, IBM released its 2020 Threat Intelligence Index to highlight the most prominent cyber security risks and trends collected from the past year. With a good understanding of this report, organizations can make well-informed decisions on the battle against cyber crime and learn more about protecting data online.

Cyber crime trends and approaches

As the use of smart devices are a reality, cyber criminals are using the internet of things (IoT) such as smart home hubs, connected security systems and smart thermostats to threaten both consumers and enterprises. Malware campaigns tracked by IBM in 2019 showed a shift from targeting consumer electronics to targeting enterprise-grade devices, which is a new trend that didn’t occur in 2018.

In terms of the approaches that attackers use to initiate cyber attacks, phishing was the leading method used in 2019, accounting for 31 per cent of initial attacks. At 30 per cent, scan-and-exploit was the secondary approach used by attackers to inspect target environments for vulnerabilities. The third most popular method (29 per cent) was the use of stolen credentials to access data.

Industries being targeted

The top targeted industries in 2019, included financial services, retail, transportation, media, professional services, government, education, manufacturing, energy and health care.

Key lessons for 2020

With cyber security in mind, the Information Security Team and the chief information officer at the University of Toronto continue to implement various initiatives including anti-phishing exercises, cyber security seminars and events such as Cyber Security Awareness Month and Data Privacy Day to help staff and students protect their data online.

As the key takeaways from this report, organizations should consider the following action plans to better prepare for cyber threats in 2020:

  • Grasp a better understanding of cyber security threat motivations and tactics;
  • Build and train in-house incident response teams;
  • Practice and test incident response plans;

Read the full report to learn more.