The end of the year is a good time to reflect on the past 12 months; what happened and what didn’t go as planned. The new year is no different. Just as you thought about the last year, now is the time to think about the next year. What will happen? What can you anticipate and prepare for? As you know from reflecting on the last year, not everything goes as planned, but it’s a good idea to prepare for the what-ifs, trends, predictions, and what’s expected. So, let’s take a look at four cybersecurity threats predicted for 2020.

You’ve most likely heard of phishing as a type of scam sent through emails. Cyber criminals send fake emails to users containing malicious links in the emails. These emails look realistic and in turn cause many unsuspecting people to click on the links resulting in malware being downloaded on their computers or the unsuspecting person handing over personal information.

According to Lookout, you can expect to see an increase in mobile phishing this year; here’s why:

1. Almost everyone has a mobile device, that they bring with them everywhere  

2. Mobile displays are relatively small, so the finer nuances of a threat may be concealed

3. A large ecosystem of mobile email, messaging, and apps provide a large attack surface for phishing

4. Mobile users often multitask while on the go and may easily overlook a potential threat

5. Many organizations now embrace the use of smartphones and tablets to increase productivity in the workplace, therefore, sensitive corporate data is stored on mobile devices

Your defense: Protecting yourself from a mobile phishing attack will be similar to your defenses against an email phishing attack. You should never click on a link in a text message that you are unsure who the sender is and why you received that text. Incorrect spelling, grammar, and punctuation should raise your concern about the legitimacy of the text. Also, before clicking any links you can long-press links on mobile to inspect the link for anything abnormal, such as weird spellings, symbols, and numbers, or the incorrect URL destination.

One thing that’s certain for the coming year is that every organization will be related to a possible target. Whether you are a supplier, third-party vendor, or whatever your connection may be, even if it seems insignificant or small, there is a possibility for threats. No longer can you trust that everything from the inception to deployment of your supply chain will be secure. Along the way there could be attacks on third-party vendors which only acts as a springboard, or as an intermediary way to get to their real target. This lack of visibility into all the inner-workings throughout the supply chain can lead to unexpected exposures which may go undetected until deployment.

Your defense: Being prepared to prevent and detect supply-chain cyber risks. Not being able to easily spot compromised parts or breaches that could expose your organization and partners to data loss and widespread disruption results in the growing number of supply-chain hacks. In fact, Symantec’s Annual Threat Report shows that supply chain attacks make up 50% of all cyberattacks with that number continuing to grow. While it is not practical to review every bit of code provided from all players in your supply chain, one way to look out for exposures is through the use of brand and digital threat monitoring services.

You can add another tactic to cyber criminal’s toolbox – deepfakes. What are deepfakes? You’ve probably seen videos on Facebook or Twitter (without realizing) that appear to be celebrities or those in political power saying or doing something funny, however the videos are fake. Anyone can download software to create fake videos or audio recordings that look and sound like the real thing. Already, companies have suffered losses due to deepfake videos. Hackers create these fakes videos of CEOs asking employees to transfer money or give away other personal information. It’s yet another way to deceive people. As this technology grows, like all the other tactics cyber criminals use, it will become increasingly difficult to detect.

Your defense: Seeing is not always believing. If you are unsure, then go to the source and get the confirmation you need to determine if the video is real or not. Other signs you can look for include a lack of blinking and incorrect shadows.

Check it out: How and why deepfake videos work – and what is at risk

Last one. As we know attackers have been getting more and more skilled when it comes to the legitimacy of social engineering attacks, acquiring access to more entry points, and finding even more ways to exploit weak points. So, it’s without a doubt that in 2020 cyberattackers will become more creative. A study from Trend Micro is expecting attackers to outpace incomplete and hurried patches. This is a huge vulnerability when it comes time to deploy patches as “incomplete or defective patches can break and disrupt critical systems, but delaying their application can expose systems to threats.”

Your defense: When it comes to patch deployment, there is not a whole lot you can do if you are not the one deploying the patch. However, it will be critical for System Administrators to ensure the timeliness of quality patches being deployed. Low-grade or incomplete patches will not suffice as attackers will be able to divert the patch and exploit the flaw before the patch is fixed.

Cybersecurity is not to be taken lightly this year or the years coming. Cyber criminals continue to get smarter and smarter while many companies continue to take a backseat when it comes to protecting their business and valuable information. Doing so only makes it easier for hackers to gain entry when there is no protection or defense in place to stop them.

Failure to see the importance of safeguarding your company will result in falling victim to an attack. Not only is external protection required, but your staff should be equipped with the skills and knowledge on how to protect from the inside. Meaning, employees are your last line of defense against an attack. So, when your spam filter doesn’t detect a malicious email it is up to your employees to not open or click on any links in the email. As mentioned previously, hackers are getting craftier, so detecting harmful emails is becoming harder. One way to combat this is by providing proper training to your employees on what to look out for.

See also: How To Prevent Phishing: Training Your Employees With KnowBe4  

Another way to secure your business is by partnering with an MSP or managed service provider. A company that specializes in managed security, data backup, disaster recovery, and more to ensure your systems and information are kept safe.  Having a team of knowledgeable people versus one or two internal I.T. members at your company can be that extra layer of protection your business needs to stay safe in our ever-evolving cyber world.