2019 cybersecurity crystal ball
February 2019, This Week's Editor's Pick, Cyber Security
Every January of every year, experts in all fields of cybersecurity put on their thinking caps and, alone or in group think tanks, wrack their brains about the perils facing us in the year ahead. They attempt to get into the minds and thought patterns of attackers, but invariably come back to the same question and answer: How long is a piece of string?
Most experts will claim that their domain is most at risk and should therefore claim the larger slice of the annual cyber spend. One thing is abundantly clear, what goes around comes around (with some tweaks to the code) with a few new surprises thrown in.
Wolfpack Information Risk undertook research, both online and vis-à-vis, to try and gauge the feelings of those in the industry and other outside players. The slight majority fall into the following categories.
Volatility – will 2019 be more volatile than 2018?
Every responder replied in the affirmative. Most international experts were of the same opinion.
Most sought-after asset for attackers?
A small word with massive implications – data. According to Wolfpack senior consultant, Mitch Sowden, ‘’There is a lack of appreciation pertaining to the value and ownership of data assets.’’ An attacker’s ultimate aim when targeting an organisation is its crown jewels. They are worth a fortune whether ransomed, stolen, exfiltrated for sale or used in future attacks against the organisation, subsidiaries, suppliers and stakeholders of the entity.
Data is an enormous asset, yet a major burden to an organisation as well. Sowden continues, ‘’understanding the value of assets and the actual risks faced can achieve a balance between cyber spend and ROI.’’
Although the long sought-after promulgation of PoPIA and that EU GDPR has finally happened, it remains to be seen if they will be the promised watchdogs and guardians of data or toothless hounds with more bark than bite.
Who will be 2019’s most active threat actors?
Many still feel that 2019 will belong to cyber criminals, both organised and otherwise, whose main focus is on monetary gain. However, nation states and terrorism will play a major part in assaults this year.
According to Mike McKee, CEO, ObserveIT, “We expect nation-state threats to increase significantly in 2019, particularly targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are constantly looking to gain access to the critical infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more”.
Observers are anxiously scanning the skies and space as previously immune satellites used in communications, science and the military are open to cyber-attacks. As the saying goes, ‘’He who controls the skies (space) controls the battle.” The loss of these crucial assets will be catastrophic for governments and humankind in general.
Although a cyberwar is looming, many nation states are using proxies to test the waters to determine the extent that cyber weapons can be included in their armouries. Further, disinformation campaigns and voter rigging is already seen to be happening and pinning the blame is increasingly difficult.
The above, in their purest forms of thinking and invention, could really benefit all of humankind. The Dark Side, however, has seen the potential in far more sinister ways. AI can be used relatively easily to disseminate millions of craftily conceived phishing and social media attacks with minimal human help. Rogue chatbots, currently using text messages, could soon evolve into slick talking instruments to get people to click on links or open attachments which are malicious. Unlike ethical businesses that are extremely protective over their intellectual property, bad actors often freely share their knowledge and products or offer it for sale at bargain prices.
On the positive side, AI, can be extremely helpful in protecting systems from attack by sifting through chatter, static and false positives that torment organisations daily. However, current AI needs to be streamlined to offer more quality services than quantity.
As far as IoT is concerned, volumes can be written. As with AI, devices conceived to make our lives simpler, safer and easier have turned and bitten the hands that created them. CCTV systems to help protect against intruders are now welcoming them in and guiding them to the mother lode of an organisation or state department. Driverless cars are deemed suitable ‘vehicles’ to assassinate, kidnap or simply hinder innocent people. Smart systems in your car can give an overview of your daily routine, routes, preferences and habits. In the race to get out new products before the competitor, manufacturers are bypassing best practice security and leaving many devices woefully exposed.
The cloud, the mighty cloud. It doesn’t take a rocket scientist to see where the most lucrative data, intellectual property, company secrets, celeb pics, etc. are stored and the enormous wealth associated with it. 2019 will most likely see renewed, more advanced attacks on cloud service providers. Why aim for a few thousand records when you can get hundreds of millions in one foul swoop. Watch this space.
What about other threats?
Make no mistake, the usual ‘oldies but goldies’ will still be around this year and for years to come. ‘’We will however see an increase in extortion/sextortion-based attacks and a huge leap in scams thanks to the large volumes of information available which attackers use to create more personalised messages to trick their victims.’’
Keep safe out there.