Supply chain attacks will increase
Cyber security dominated the headlines in 2018, with breaches still leading the news cycle as the year draws to a close. But what can we expect from 2019? Will we see more organisations disclosing new incidents? How and why are cybercriminals selecting and attacking their targets? What can organisations do to stop such attacks? These are all questions we’ve posed to selection of cyber security experts…
Identifying the right roles to future-proof your organisation
Simon Hember, Director, Acumin Consulting
Cybersecurity is a constantly evolving sector and when it comes to job titles there are few firmly agreed descriptors in use. Without standard terms CV’s may not clearly specify skills that align with the job description but that doesn’t mean the candidate doesn’t possess what’s required. In a climate of cyber-skills shortages, it will be increasingly important to demonstrate flexibility in hiring for cyber. As a developing sector cybersecurity teams must work closely with HR to help them keep pace with technological change, and the roles this will demand. For example, through 2019 we will see new roles emerge as technologies such as autonomous cars, connected medical devices and artificial intelligence boom. These will demand very specific skills to ensure implementation is secure and safe. How will your HR function recruit and support brand new roles, the likes of which will require supreme talent and board-level support to succeed?
Email and compromised privileged accounts will remain the biggest threats
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Although we will continue to see the emergence of powerful new cyber weapons and advanced attack techniques, 2019 will also see cyber criminals rely on the tried and tested methods of email attacks and compromised privileges.
Social engineering campaigns conducted via email are still the primary method for delivering malware or tricking victims into sharing credentials or data, and criminals continue to circumvent security measures and cause serious harm by illicitly logging in to privileged accounts. Companies that hope to avoid becoming one of 2019’s major data breach stories need to ensure they have done all they can to reduce the risk of these widely used attack methods. The ability to control email hyperlinks and attachments, as well as implementing strategies such as least privilege and session monitoring will drastically reduce the threat. As fast as the cyber threat landscape is evolving, criminals will continue to rely on these techniques as long as companies remain vulnerable to them.
Breach Disclosure and Risk Profiles
Carolyn Crandall, Chief Deception Officer, Attivo Networks
There are more U.S. breach notifications laws than Baskin Robbins ice cream flavors, and the inconsistency of these laws will continue to cause confusion and compliance challenges for companies throughout 2019. We will see an increase in fines levied and potential jail time for those who do not meet the expectation of these measures. States like California, Rhode Island, and Massachusetts have all been very aggressive in their enforcement of these laws, a trend likely to be closely followed throughout the next year.
Many organisations struggle with the lack of clarity of breach disclosure definitions and expectations. States that create notification laws that include defined processes will help organisations be better prepared and compliant to disclosure strategies in the event of a breach. This will promote more strategic thought processes for recording and reporting incidents and will reinforce that it is no longer enough to quickly notify on a breach incident, they will also need to accurately identify the full impact of the event. Going forward, organisations will be expected to fully understand how widespread the attack was, how deeply the attacker penetrated, and how to set the right controls in place to prevent their return.”
Companies will need to start looking at security differently, moving beyond IT risk management and into digital risk management. It’s no longer just about protecting a particular asset, server, or endpoint, it’s about protecting the entire business and maintaining a competitive advantage. More companies will need to take a closer look at their security risk profiles and assess whether the controls they have in place will scale to facilitate the needs of an interconnected on-demand business, while ensuring the protection of their networks.
Brian Hussey, VP of Cyber Threat Detection and Response, SpiderLabs at Trustwave
We are seeing cryptominers everywhere. These are relatively low-impact events but can cause service disruption, elevated CPU utilisation, heat discharge, computation speed reduction. I rate them high because they are so prevalent right now. It is taking more attention from threat actors because of its relative higher profit margins than ransomware and less risk than ransomware. The escalating value of various cryptocurrencies will continue to drive this threat. It is also a recurring revenue model, versus ransomware, which is a single income event.
Artturi Lehtio, Service Technology Lead, F-Secure
Supply chain attacks have become more prominent in recent years, and we expect this trend to continue in 2019. Perhaps the best known example of a supply chain attack is 2017’s NotPetya ransomware attack (opens in new tab), though this type of attack is incredibly diverse. Compromising a service provider to steal a particular customer’s data is another kind of supply chain attack, so is manipulating otherwise legitimate information that people would normally trust. It could be a simple change to an online service that brings security risks users don’t really understand.
Organisations and end users put large parts of their lives in the hands of others, where they don't always realise how much they’re relying or trusting others. The thing is, no one really has a way of verifying that those people are still worthy of that trust.
In this day and age, everything from cloud computing to the increasing use of code repositories by developers is creating interdependencies that companies might not fully appreciate; the way attackers breach an organisation may not be something that's directly under their control, or something that they’ve thought of as being their responsibility.
Increasing sophistication will defeat weak defences
Rusty Carter, VP of product management at Arxan Technologies
On the deeper security front, we’ve seen a marked increase in organisation around attacks and electronic crime. I believe that will result in a continuing increase in the sophistication and ability to defeat weak defences. This combined with the ongoing componentisation of applications and reliance on APIs for multi-system interactions and separation of application logic from data, the attacks against cryptographic and API keys will likely increase, especially as they are not well protected in many if not most instances within mobile and consumer IoT applications.
Deeper learning, not just machine learning
Chris Morales, head of security analytics at Vectra
We will see an increase in the use of deep learning techniques (e.g., recursive neural nets) that enable algorithms to continuously learn and evolve. While many organisations have invested in cybersecurity tools using basic machine learning techniques (e.g., random forests), 2019 will see deep learning become the best practice for detecting cyberattacks.
The fall of cryptomining will give way to the return of ransomware
Allan Liska, senior solutions architect at Recorded Future
Among criminal actors, expect cryptomining to fall off and ransomware to return; cryptomining has not been as profitable for many cybercriminals as originally intended. Unless an attacker can infect tens or hundreds of thousands of devices it is difficult to make even close to the money that can be made from a successful ransomware campaign. On the other hand, ransomware actors behind the SamSam, BitPaymer and CrySIS ransomware campaigns have created a blueprint for a new generation of ransomware attacks. By using open RDP servers as a method of entry vice more traditional phishing or web exploitation campaigns these actors have seen a lot of success with their ransomware attacks. SamSam, for example, has made almost $6 million from ransomware attacks using this tactic. We are already starting to see new ransomware variants copy this model and we expect to see a new crop of ransomware families continue to expand on this method of attack.
Image source: Shutterstock/alexskopje