10 Cyber Security trends to watch in 2019
2018 was an interesting year within the cyber security world, with major breaches pretty much every week, as well as organisations ensuring they were GDPR compliant.
We're now well into 2019 and cyber security is still a key issue on every CISO and business leaders mind.
The stakes for protecting your organisation from cyber threats have never been higher - so, what should we keep an eye on in 2019?
1. The Internet of Things (IoT)
The IoT has linked numerous connected devices, many of which have little or no built-in security. We’ve already seen some of the security challenges raised by IoT, but 2019 will significantly demonstrate the upward trend in this area.
Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organisations, with minimal thought by many as to the security risks and potential consequences.
Because some IoT deployments are well away from the main network areas, they have slipped in under the radar. In the absence of a standard, or indeed a perceived need for security, IoT will continue to be deployed, creating insecurity in areas that were previously secure.
For the greatest percentage of IoT deployments, it is incredibly difficult or impossible to backfit security. This means that the failure to segment on the network will further heighten the challenges IoT will create in 2019 and beyond.
2. Consumer devices under more threat
Ransomware is a recognised problem for companies of all shapes and sizes, highlighted by the large scale 'WannaCry' attack that heavily impacted the UK’s NHS and organisations around the world.
In 2019 and beyond, we're likely to see consumers being targeted across a range of connected objects. This is a likely scenario, with examples coming out of child predators targeting IoT devices in toys (designed for children).
Attackers might even target the smart TV in your house via a ransomware attack that would require you to pay a fee to unlock it.
3. Attackers will become bolder, more commercial & less traceable
Hackers will look to become more organised and more commercialised, perhaps even having their own call centres – something already seen with fraudulent dating sites.
They're likely to base themselves in countries where cybercrime is barely regarded as a crime and thereby placing themselves outside their victims’ police jurisdictions.
4. Will 2019 see more organisations looking to appoint a Chief Cybercrime Officer?
The CCO would be responsible for ensuring that an organisation is cyber-ready. They would bear the responsibility for preventing breaches and taking the lead if a breach did occur by providing a robust connection between the board and the rest of the company.
5. Continued DDoS attacks
DDoS attacks will continue to grow in 2019, alongside the cost of defending against them. The cost of launching an attack is comparatively low, and the rewards are quick – the victim pays for it to go away.
Additionally, cryptocurrencies have aided the money transfer in this scenario. Yet the cost for the victim is much higher than the ransom, as it involves system analysis, reconstruction and, naturally, defending against the next attack.
6. Malware – protect or fail
Ransomware, banking Trojans, crypto mining and VPN filters are some of the key malware challenges that continue to threaten businesses and consumers. Live monitoring by Malwarebytes, Kaspersky and others, has shown that the mix of threats varies during the year, but the end result of malware threats will be a bad 2019.
Increasing sophistication will be seen in some areas such as ransomware, alongside new malware approaches and increased volumes of malware in other areas. Traditional AV will not provide enough protection. Solutions that have a direct malware focus are essential for organisations, alongside tracking of network activity (in and out of the network).
7. Old-School single factor passwords
As if we need the repetition, single-factor passwords are one of the simplest possible keys to the kingdom (helped by failure to manage network privileges once breached). Simple passwords are the key tool for attack vectors, from novice hackers right the way up to nation-state players. And yet they still remain the go-to security protection for the majority of organisations, despite the low cost and ease of deployment of multi-factor authentication solutions. Sadly, password theft and password-based breaches will persist as a daily occurrence in 2019.
8. Attackers will increasingly capture data in transit
We’re likely to see attackers exploit home-based Wi-Fi routers and other poorly secured consumer IoT devices in new ways. One exploit already occurring is marshalling IoT devices to launch massive cryptojacking efforts to mine cryptocurrencies.
In 2019 and beyond, we can expect increasing attempts to gain access to home routers and other IoT hubs to capture some of the data passing through them. Malware inserted into such a router could, for example, steal banking credentials, capture credit card numbers, or display spoofed, malicious web pages to the user to compromise confidential information. For example, eCommerce merchants do not store credit card CVV numbers, making it more difficult for attackers to steal credit cards from eCommerce databases. Attackers will undoubtedly continue to evolve their techniques to steal consumer data when it is in transit.
It's likely that attackers will continue to focus on network-based enterprise attacks in 2019, as they provide unique visibility into a victim’s operations and infrastructure.
9. Attackers will exploit Artificial Intelligence (AI) systems and use AI to aid assaults
The long-awaited commercial promise of AI has begun to materialise in recent years, with AI-powered systems already in use in many areas of business operations. Even as these systems helpfully automate manual tasks and enhance decision making and other human activities, they also emerge as promising attack targets, as many AI systems are home to massive amounts of data.
In addition, researchers have grown increasingly concerned about the susceptibility of these systems to malicious input that can corrupt their logic and affect their operations. The fragility of some AI technologies will become a growing concern in 2019. In some ways, the emergence of critical AI systems as attack targets will start to mirror the sequence seen 20 years ago with the internet, which rapidly drew the attention of cyber criminals and hackers, especially following the explosion of internet-based eCommerce.
10. Growing 5G deployment and adoption will begin to expand the attack surface area
A number of 5G network infrastructure deployments kicked off this year, and 2019 is shaping up to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, growth will occur rapidly. IDG, for example, calls 2019 “a seminal year” on the 5G front, and predicts that the market for 5G and 5G-related network infrastructure will grow from approximately $528 million in 2018 to $26 billion in 2022.
Although smart phones are the focus of much 5G interest, the number of 5G-capable phones is likely to be limited in the coming year. As a stepping stone to broad deployment of 5G cellular networks, some carriers are offering fixed 5G mobile hotspots and 5G-equipped routers for homes. Given the peak data rate of 5G networks is 10 Gbps, compared to 4G’s 1 Gbps, the shift to 5G will catalyse new operational models, new architectures, and–consequently–new vulnerabilities.
Over time, more 5G IoT devices will connect directly to the 5G network rather than via a Wi-Fi router. This trend will make those devices more vulnerable to direct attacks. For home users, it will also make it more difficult to monitor all IoT devices since they bypass a central router. More broadly, the ability to back-up or transmit massive volumes of data easily to cloud-based storage will give attackers rich new targets to breach.