After only two months of the year, security researchers and businesses are already looking to the future to see which threats and trends will continue to play a role in the cybersecurity world in 2019.
Ian Kilpatrick, Nuvias Group EVP of Cybersecurity, has outlined his ten most important cybersecurity predictions for the coming year, ranging from an increase in malware, ransomware and other cyber-attacks to the ongoing difficulties of the organization with the DSGVO of the EU. Increase in crime, espionage and sabotage by rogue states
With the continuing failure of a major national, international or UN level, nation-sponsored espionage, cybercrime and sabotage will continue to increase. Most organizations just do not have a structure to ward off attacks that can penetrate defenses. Cybersecurity teams must be able to rely on security breach detection techniques.
. 2 GDPR ̵
1; the pain is still pending
The deadline for the GDPR is up and down, many organizations took a sigh of relief that it was quite painless. They have started security processes and can say that they are on their way to a safe situation – so is everything alright? We still expect the first major DSGVO penalty. When it does arrive, organizations will suddenly look seriously at what they really need to do. The GDPR will therefore also have a major influence in 2019.
. 3 Cloud insecurity – that's your head.
The cloud insecurity has grown in 2018 and will unfortunately continue to increase in 2019. Increasing amounts of data are being provided from different parts of organizations, with more and more of these data becoming uncertain. Despite the constant announcement of repeated violations, the majority of organizations do not have sound financial management, which is used and enforced across the cloud in their entire dataset.
. 4 Single-Factor Passwords – The Dark Age
Single-factor passwords are one of the simplest possible keys in the kingdom and the key tool for attack vectors, from novice to national player. However, despite the low cost and ease of providing multi-factor authentication solutions, they are still the most important security protection for most businesses. Sadly, password theft and password-based violations 2019 will persist on a daily basis.
. 5 Malware – Protect or Fail
Ransomware, Crypto Mining, Banking Trojans, and VPN filters are some of the biggest malware challenges that will continue to threaten businesses and consumers in 2019. In some areas, such as ransomware, increasing complexity will encounter malware approaches and increased malware levels in other areas. Traditional AVs do not provide adequate protection. Solutions that have a direct focus on malware are essential to organizations, in addition to tracking network activity (both inside and outside the network).
. 6 Cyber Hygiene Growth
The shift of attack vectors from the network to the user means that many organizations now realize, perhaps too late, that their users are their weakest link. In addition to increasing awareness of the insider threat posed by malicious current and former employees, there is a growing awareness that cyber awareness and training is a critical step for employees in securing this vulnerable area. Organizations' responses in 2019 include cyber training that involves testing, measuring, and monitoring employee cyber behavior. Increasingly, entity and user behavior analytics (EUBA) systems are being used alongside training programs and automated tests such as simulated phishing and social engineering attacks.
. 7 IOT – a growing challenge
2019 will show a clear upward trend in the security challenges of the IoT. The technology is increasingly being used by organizations, with little attention paid to the security risks and possible consequences of many. Since some IoT deployments are far away from the main network areas, they have slipped under the radar. The IoT continues to be deployed, creating uncertainty in the previously secure areas. For the majority of IoT deployments, restoring security is extremely difficult or impossible.
. 8 Growing Risks with Shadow IT Systems and Poor Housekeeping
Shadow IT systems continue to grow, as do the number of applications and access points in systems, including legacy applications. In the case of shadow IT systems, these are untenable as they are. and in the case of increasing applications and access points, when referring to old or discontinued applications, they are difficult to identify and defend. Increased awareness of the possibility of attacking this path as well as the number of attacks that will accelerate in 2019.
. 9 DDoS – usually invisible, but still a nightmare
DDoS is the dirty secret for many organizations. The attacks will continue to increase in 2019 along with defense costs. The cost of an attack is often terribly low, and the rewards are fast – the victim pays for it to go away. In addition, cryptocurrencies have supported money transfer in this scenario. However, the cost of the victim is much higher than the ransom, as it includes system analysis, reconstruction, and of course, defense against the next attack.
10th Cyber Security in the Boardroom
A decade or two late for some organizations, cybersecurity is now viewed by the board as the primary risk. This trend will accelerate in 2019 as the Board members demand clarity and understanding in this area. Cybersecurity's financial, reputation, and even C-suite employment risks will continue to focus the board's focus on cybersecurity.
Ian Kilpatrick, EVP Cyber Security at the Nuvias Group