As we wrap up 2018, we can clearly look back on a major year for cybersecurity. “Another day, another breach” became a common phrase as attackers ran rampant, feasting on organizations of various sizes and industries around the globe.
But with the disasters came greater awareness and appreciation for cybersecurity. It’s no longer a concern confined to IT departments as governments and business leaders have realized the need to secure their data.
The year is coming to a close. Therefore, it is important to analyze developing trends and prepare for the ever-changing threat landscape. In 2019, we can expect new attackers with new techniques to join the current cybercriminal coterie, but that doesn’t mean current threats will dissipate — particularly attacks that rely on the theft of privileged credentials. We will see more action — both offensive and defensive — from governments as the political and economic climates continue to be penetrated by cybercriminals. We can also expect increased punishment, from legal and illegal actions, for organizations that fail to protect data.
As we head into 2019, here are a few cybersecurity predictions for the year to come:
Governments will launch (more) cyber offensives
Governments have been developing cyber weapons for years and many have been covertly engaging in attacks against other countries, spawning near-war scenarios. As the world has become somewhat callous to the threat of nuclear arms, cyber weapons have enabled countries to disrupt citizen societies and political stability. In 2019, we will likely see governments reveal their offensive cyber capabilities and demonstrate their power to cause social and political harm without ever even crossing borders.
Compromised privileges and individual email accounts will remain the most-targeted attack vector
In 2019, email and stolen privileges will continue to be the primary method of bypassing organizations’ security to inhibit services, disrupt productivity, steal sensitive data or conduct financial fraud. Heightening security to limit the impact and risk of emails and privileges should be the top priority for organizations to reduce their vulnerability to cyberattacks. By controlling inbound email content and implementing a least-privilege strategy, you can significantly reduce cyber risk.
Regulations get tough and the rest of the world to update laws for data protection
The world is ramping up data protection laws, continuing the mission of the EU’s GDPR and the California Consumer Privacy Act. New legislation is being written as the value of data in the global economy continues to skyrocket, now exceeding the value of oil in becoming the most valuable asset. Governments have now seen that importance of protecting their citizens’ sensitive personal data and punishing corporations for failure to protect individuals’ data., particularly organizations that are profiting from the data. In 2019, we will see the rest of the world continue to increase legislation related to personal data and IoT (Internet of Things) devices to ensure that the standards of cybersecurity in place to protect data are at a standard equal to the value of the data itself.
Hefty costs for cybersecurity deficiencies
The new data protection laws have serious financial penalties for organizations that fail to secure personal data. We also saw some serious financial fallouts from cyberattacks this year, with Uber agreeing to pay $148 million from their data breach that occurred in 2016 and both Equifax and Facebook fined £500,000 (the maximum penalty possible under the previous UK data protection law). In 2019, we are going to see some hefty financial penalties with Facebook, Google and British Airways all under to microscope, which could prompt the first billion-dollar data breach fines for failure to secure and protect personal data.
Machines to attack humans
With so many connected devices heading into 2019, we are very likely to see machines begin attacking people. Yes — machines will be used to target humans with cyberattacks and many of those machines will be controlled by other humans. Cyberattacks will start to have a direct impact on humans and possibly cause physical harm or eventually even death. You can go as far as saying we might see a vacuum cleaner chase your kids around the room, your fridge spit water in your face, a kettle boil water to extreme temperatures, or even your car crashing into another car — all resulting from malicious acts to attack humans. IoT could potentially become an assassin and attacks could easily be carried out across country borders. At least in 2019 these devices are being controlled by other humans, but with AI (Artificial Intelligence) we may lose this control to devices in the future.
About the author: Joseph Carson is a cyber security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).