The cybersecurity beast: what’s in store for 2019

(Image credit: Image source: Shutterstock/Sergey Nivens)

Corporate cybersecurity is a huge concern for both customers and business owners alike with the number of attacks keep growing month on month. 2018 has seen a multitude of hacks and breaches coming from a wide array attack vectors. Companies have been left with data losses, stolen customer information and compromised networks. Big business just hasn’t been able to respond to the challenge fast enough, resulting in successful hacks that have resulted in data loss, and malicious cybersecurity related attacks across the globe. Below are some predictions of what 2019 is likely to hold for businesses from a cybersecurity perspective.

AI use will increase on both sides

AI adoption will increase on both sides. Hackers will attempt to corrupt and hijack AI systems with automated and intelligent attacks, and try to alter the logic of these tools to perform malicious tasks. Cybersecurity counter measures will seek to use AI to combat the rise in these intelligence based attacks. AI is already in use by cybersecurity firms and large companies perform real-time threat analysis on their networks to spot potential attacks before they are able to cause any damage.

5G data service will connect more target devices to the internet

As is the case with most of the new technologies that come to market, the potential for improvement is also shadowed by unintended negative consequences. 5G will enable millions more devices to connect to the internet, all with high bandwidth capabilities. This means we are likely to see new record breaking DDoS attacks utilising an increased number of compromised devices connected at even faster speeds.

Ransomware instances will continue to decline

This sounds like good news, but there is another reason for the drop off in reported crypto infections. Cybercriminals have moved on from ransomware, and are now using other techniques that are easier to implement, allowing them to illegally get their hands on cryptocurrencies. This can be done by injecting mining software onto a network, often through malicious Javascript on a website or by compromising Github code libraries that are then incorporated into other applications. These vectors then enable the computers (or sometimes even IoT devices) to mine for coins. The attackers are essentially stealing electricity and bandwidth from companies to mine for cryptocurrency, leaving the victims with higher utility bills and lower performance while the cybercriminals cash in on free digital currencies. The remaining new variants of Ransomware will still be devastating to unprepared organisations, so proper protection and procedures such as disaster recovery is essential.

IoT continues to enable web based attacks

Due to the insecure nature of most IoT platforms, the ability of attackers to infiltrate and maliciously control IoT devices has been a growing concern. Some inexpensive IoT devices such as IP cameras and Smart Home devices don’t even have default passwords set or are relying on undocumented APIs with no authentication and the ‘walled garden’ approach of being behind your home or office firewall to protect themselves. This means that companies with such devices installed have a huge IT security threat within their organisation without even knowing it, creating a much larger attack surface for cybercriminals to target.

Multifactor security methods become more common

Unauthorised access to your accounts will become much more difficult for hackers to accomplish, but it won’t be impossible. Already, some two-factor authentication methods such as mobile text messaging, which uses One Time Pins (OTP), have been thwarted by hackers. In some cases, they will illegally clone or swap out cell phone SIM cards to control the target’s mobile number. This allows them to receive the text messages that were intended for the owner of the account, thereby giving them a means to login.

Biometric vulnerabilities such as facial recognition and fingerprint technologies will also have added pressure with criminals creating ‘fingerprint master keys’ which have a high probability of unlocking devices due to the use of partial matching. New methods are constantly being developed to spoof user identities to trick the underlying technologies that make up the biometric systems into granting attackers unauthorised access to devices and information.

Cybersecurity heads to the cloud

Companies will increasingly favour cloud-based security products which allow for better scalability and flexibility. Security teams will load the protection that they need, when they need it, to help mitigate threats and attacks. They can then disable it once it is no longer needed. These technologies are easy to implement on cloud and hybrid systems and are sometimes cheaper than an in-house solution that is locally installed and maintained on site within the organisation.

State sponsored cyber attacks will grow in number and frequency

We have already seen instances of international cyberattacks being carried out at scales only achievable by governmental agencies such as Stuxnet and WannaCry. Such occurrences of malware require research, development and sophistication that is not easily achievable by small groups of cybercriminals, making nation states a more likely culprit. As tensions between competing countries such as China and the USA continue to escalate beyond trade wars and territory disputes, we can expect to hear about subtler attacks between the two nations.

CTA: Protect yourself

The current state of cybersecurity means that ‘off the shelf’ products are simply no longer enough to protect your business from threats. You simply cannot afford to fall victim to a cybersecurity breach. When did you last perform a security audit on your network? Are you protected against threats such as targeted large scale DDoS attacks and ransomware? Are your staff properly trained on how to avoid common threats such as malware and phishing? If you are not sure, then you need to take the necessary steps to prepare your organisation for all cybersecurity related eventualities.

David Barker, Technical Director, 4D Data Centres
Image source: Shutterstock/Sergey Nivens