2019 Annual Security Roundup: The Sprawling Reach of Complex Threats 

History can be a great teacher. We’ve reviewed the important trends and threats from the last year of the decade so you can better prepare for the future.

April 15, 2020

Our latest annual security roundup takes a critical look at the issues that shaped the threat landscape throughout 2019. We share our insights, best practices, and strategies to help you better protect your environments from the current threats and the ones to come.

While the IT landscape shifted from on-premises to cloud over the past decade, the cybersecurity industry has also evolved to help mitigate the risks introduced by new technologies. Unfortunately, threat actors also evolved at the same time, becoming stealthier, more organized, and more persistent. For this reason alone, it is important that we assess the significant trends and threats from the last year, and leverage those learnings in security strategies going forward.

Complex threats get more targeted
In 2019, cybercriminals became even more targeted in their approach. Perhaps the most critical example of this lies within ransomware, where threat actors pursued and compromised vital assets, systems, and services of enterprises, healthcare facilities, and educational institutions. But this strategic shift was found to be particularly effective within the government sector, where victims were more likely to pay the ransom to get their systems running as quickly as possible, as many people rely on these services. Leveraging their cybersecurity insurance coverage as a mechanism for recovery, a number of government bodies paid significant ransoms despite advice from law enforcement and cybersecurity experts to never do so.

BEC operators build on success
According to the FBI’s latest report, BEC scams soared hundreds of millions in 2019, netting attackers nearly $1.8B, despite the fact that we saw the number of attempts stabilize in 2019. The number of attacks may have plateaued but the increasing losses show that these threats have become even more far reaching, as government, religious, educational, and nonprofit organizations are being targeted. But what seems most troubling to many C-level executives lies in the fact that BEC scammers have started to target mid-level employees rather than higher ranking ones. Included in the top five targeted positions, along with the usual financial higher-ups, was the position of accountant, supporting our security prediction for 2019 that BEC scammers would target employees several levels down the company hierarchy.

The future of security is connected
With 2019 in the rearview mirror, it’s clear that in order to lower risk while still enabling digital transformation—the CISO’s dilemma in a nutshell— enterprises should implement connected solutions that can detect  and stop malicious activity across networks, servers, cloud, email, and endpoints. With a focus on simplifying the current landscape of too many security tools, organizations should look for the ability to connect security layers together, both from a management as well as a visibility, detection, and response perspective. Combined with the use of sophisticated new technologies that highlight the real issues in a sea of alerts, there are great opportunities to put strategies in place that address the threats of today and tomorrow with a focus reducing the impact of threats on operations, reputation, and ultimately the bottom line.

For more insights into the most important cybersecurity issues of 2019 and advice on how to address them, read our full report, "The Sprawling Reach of Complex Threats."

The Sprawling Reach of Complex Threats

For more insights into the most important cybersecurity issues of 2019 and advice on how to address them, read our full report.