2019 cybersecurity crystal ball

February 2019 Editor's Choice, Cyber Security

Every January of every year, experts in all fields of cybersecurity put on their thinking caps and, alone or in group think tanks, wrack their brains about the perils facing us in the year ahead. They attempt to get into the minds and thought patterns of attackers, but invariably come back to the same question and answer: How long is a piece of string?

Craig Rosewarne.
Craig Rosewarne.

Most experts will claim that their domain is most at risk and should therefore claim the larger slice of the annual cyber spend. One thing is abundantly clear, what goes around comes around (with some tweaks to the code) with a few new surprises thrown in.

Wolfpack Information Risk undertook research, both online and vis-à-vis, to try and gauge the feelings of those in the industry and other outside players. The slight majority fall into the following categories.

Volatility – will 2019 be more volatile than 2018?

Every responder replied in the affirmative. Most international experts were of the same opinion.

Most sought-after asset for attackers?

A small word with massive implications – data. According to Wolfpack senior consultant, Mitch Sowden, ‘’There is a lack of appreciation pertaining to the value and ownership of data assets.’’ An attacker’s ultimate aim when targeting an organisation is its crown jewels. They are worth a fortune whether ransomed, stolen, exfiltrated for sale or used in future attacks against the organisation, subsidiaries, suppliers and stakeholders of the entity.

Data is an enormous asset, yet a major burden to an organisation as well. Sowden continues, ‘’understanding the value of assets and the actual risks faced can achieve a balance between cyber spend and ROI.’’

Although the long sought-after promulgation of PoPIA and that EU GDPR has finally happened, it remains to be seen if they will be the promised watchdogs and guardians of data or toothless hounds with more bark than bite.

Who will be 2019’s most active threat actors?

Many still feel that 2019 will belong to cyber criminals, both organised and otherwise, whose main focus is on monetary gain. However, nation states and terrorism will play a major part in assaults this year.

According to Mike McKee, CEO, ObserveIT, “We expect nation-state threats to increase significantly in 2019, particularly targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are constantly looking to gain access to the critical infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more”.

Observers are anxiously scanning the skies and space as previously immune satellites used in communications, science and the military are open to cyber-attacks. As the saying goes, ‘’He who controls the skies (space) controls the battle.” The loss of these crucial assets will be catastrophic for governments and humankind in general.

Although a cyberwar is looming, many nation states are using proxies to test the waters to determine the extent that cyber weapons can be included in their armouries. Further, disinformation campaigns and voter rigging is already seen to be happening and pinning the blame is increasingly difficult.

AI/IoT/cloud

The above, in their purest forms of thinking and invention, could really benefit all of humankind. The Dark Side, however, has seen the potential in far more sinister ways. AI can be used relatively easily to disseminate millions of craftily conceived phishing and social media attacks with minimal human help. Rogue chatbots, currently using text messages, could soon evolve into slick talking instruments to get people to click on links or open attachments which are malicious. Unlike ethical businesses that are extremely protective over their intellectual property, bad actors often freely share their knowledge and products or offer it for sale at bargain prices.

On the positive side, AI, can be extremely helpful in protecting systems from attack by sifting through chatter, static and false positives that torment organisations daily. However, current AI needs to be streamlined to offer more quality services than quantity.

As far as IoT is concerned, volumes can be written. As with AI, devices conceived to make our lives simpler, safer and easier have turned and bitten the hands that created them. CCTV systems to help protect against intruders are now welcoming them in and guiding them to the mother lode of an organisation or state department. Driverless cars are deemed suitable ‘vehicles’ to assassinate, kidnap or simply hinder innocent people. Smart systems in your car can give an overview of your daily routine, routes, preferences and habits. In the race to get out new products before the competitor, manufacturers are bypassing best practice security and leaving many devices woefully exposed.

The cloud, the mighty cloud. It doesn’t take a rocket scientist to see where the most lucrative data, intellectual property, company secrets, celeb pics, etc. are stored and the enormous wealth associated with it. 2019 will most likely see renewed, more advanced attacks on cloud service providers. Why aim for a few thousand records when you can get hundreds of millions in one foul swoop. Watch this space.

What about other threats?

Make no mistake, the usual ‘oldies but goldies’ will still be around this year and for years to come. ‘’We will however see an increase in extortion/sextortion-based attacks and a huge leap in scams thanks to the large volumes of information available which attackers use to create more personalised messages to trick their victims.’’

Keep safe out there.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Issue 1 2021 , Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Read more...
The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Read more...
Smart healthcare
Issue 2 2021 , Editor's Choice
In the past year, hospitals, elder care and other healthcare facilities have found themselves overwhelmed with new patients, COVID-19 regulations and other side effects of the pandemic. As efforts focused ...

Read more...
Platform-based access management solution
Issue 2 2021, ASSA ABLOY South Africa , Editor's Choice
Available in South Africa and throughout sub-Saharan Africa, new Incedo Business connects all your security software and hardware within one platform. You can easily scale it up or down, based on your needs, to keep your people moving and your business growing.

Read more...
FS Systems celebrates 50 years
Issue 2 2021 , Editor's Choice
This year, FS Systems celebrates 50 years in the fire detection and enterprise security market, successfully executing projects in over nine countries in Africa and LATAM.

Read more...
Formative AI and distributed cloud among four megatrends revealed at MIPS 2021
Issue 2 2021, Milestone Systems , Editor's Choice
Almost 4000 participants representing end customers, technology partners and media from across the globe attended the first virtual MIPS conference, held over two days in March 2021.

Read more...
Kiss passwords G00dby3
Issue 2 2021 , Editor's Choice
Cisco Secure has unveiled infrastructure agnostic, passwordless authentication by Duo which enables enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.

Read more...
200 000 daily access transactions
Issue 2 2021, Impro Technologies , Editor's Choice
The University of KwaZulu-Natal’s legacy access control system was suffering from increasingly limited support, both in terms of hardware and software, with maintenance becoming a pressing concern as it on-boards approximately 9000 new students each year across five campuses.

Read more...
Do not take the bait
Issue 2 2021 , Editor's Choice
Banks are unable to fully protect consumers from falling prey to the tactics used by fraudsters to obtain confidential information such as banking details, card information and one-time-pins.

Read more...