The world of cybersecurity keeps producing more news. Sadly, it's mostly bad.

We’ve assembled a list of recent stories – the first four below and then more important stories focusing on 2019 wrap-ups and predictions for 2020.

1) New York has become the fourth least secure city – from 11^th last year. Part of the reason is the heavy use of cloud apps on public WIFI – prevalent in many tourist locations.

2) A new phishing technique allows hackers to steal credentials via JavaScript code in the attach file – this can bypass security software.

3) United States Ambassador to Jamaica, Donald Tapia, is calling for a united approach among nations in combatting the growing problem of cybercrime.

He said that billions of devices are connected to the Internet, some with relatively little attention to security, while bad actors have become bigger and better equipped to launch cyberattacks and nations have been hard-pressed to keep up.

He noted that banks have been spending billions of dollars on security devices to protect their operations and customers. “The global reach of the Internet allows individuals, criminal organizations and even nations to impact not just the region but the whole world. Because of the transnational nature of the issue, we must all work together to tackle these shared threats,” Tapia said

4) From there – we go to an insider breach. The former IT employee of a New York City-area hospital has pled guilty to stealing colleagues’ credentials and logging into various accounts to steal private and confidential files, the Department of Justice reports. He used this access to view photos, videos, and other data.

Between 2013 and 2018, the allegations state, Richard Liriano abused his administrative access to log into employee accounts and copy his colleagues’ personal documents, including tax records and personal photographs, onto his own machine. To do this, he installed malicious programs, including a keylogger, onto victims’ machines so he could capture their credentials.

5) Security Boulevard has a great piece on cybersecurity trends in 2019. Spoiler alert – they believe we need a new approach to cybersecurity. We agree.

6) ZDNet has a good piece on tech trends in 2019 and sadly – Ransomware made the list. The post explains it is getting nastier than ever.

7) Another solid post is about the weirdest cybersecurity stories. We like the part of the story that explains how after paying his ransomware attacker 670 euros (about $747), Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack.

8) Forbes has a great post on the top 42 cybersecurity predictions of 2020. Sadly – many predictions involve the bad guys getting better at using AI to hack the good guys.

9) Tech Republic has a solid post on eight frightening cybersecurity predictions for 2020. Two revolve around election issues – a voting machine hack and the increased use of deepfakes to sway public opinion.

10) Finally, a story from CNBC about the cybersecurity stories that mattered this past decade really hit home. It starts with Stuxnet – this is a virus that is the inspiration for industrial control system hacks taking place around the world. It is just a matter of time before a successful one takes down an electrical grid or causes physical harm.

How do you stay secure or at least drastically reduce the risk? Follow these three steps to start:

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.