What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018 may have been filled with cybersecurity incidents, but the infosec community is gearing up for what the New Year will bring. From emerging cyber-threat attacks surfaces, new APT groups, and more regulations around data privacy, 2019 is set to be another big year in the cybersecurity space. Here are the top cybersecurity trends to look out for in 2019.
More Spectre-Like Flaws 2018 started with a bang after the disclosure of two hardware-based side-channel flaws, Spectre and Meltdown . The two impacted a wide range of microprocessors used in the past decade in computers and mobile devices, including those running Android, Chrome, iOS, linux, macOS and windows and over the year, fresh variants continue to emerge
Sophisticated IoT Attacks The Internet of Things (IoT) market is set to explode but many of these devices are built with little-to-no security in mind. Since the Mirai botnet emerged in 2016 , researchers have seen IoT devices being harnessed maliciously to launch an array of threats including cryptomining,
Ransomware is Back When it comes to cyber-threats, the infosec community expects cryptomining to fall off the grid and ransomware to return to the scene.Cryptomininghas not been as profitable for many cybercriminals as they originally hoped it turns out, it only makes money when an attacker can infect tens or hundreds of thousands of devices. Ransomware however remains lucrative: “SamSam, for example, has made almost $6 million from ransomware attacks using open RDP servers as a method of entry],” said Recorded Future's senior technical architect, Allan Liska. We are already starting to see new ransomware variants copy this model, and we expect to see a new crop of ransomware families continue to expand on this method of attack. ”
Operational Technology and IT Converge With the growing adoption of remote monitoring in industrial environments, operational technology (OT) and IT are converging and critical systems are increasingly vulnerable to cyberattacks. “OT security will come into sharper focus as IT infrastructures and OT environments converge,” said Armis’ Lea. “Smart, connected devices will become standard in manufacturing plants, utilities and other areas with critical infrastructure, where digital meets physical operations. This will increase the potential for remote attacks
Faster PatchingWith vulnerability patching a constant focus in 2018, the narrative around the process of vulnerability disclosurefrom the 90-day guideline from time of disclosure to issuing a patch. “Due to the significance vendors place on vulnerability discovery -- whether throughbug bounty programs, variant analysis or pen-testing -- I expect the average time from discovery to patch, and hence disclosure, to shorten from 90 days to 30 or less,” said Pavel Avgustinov, co-founder and vice president of platform engineering at Semmle.
Insecure Biometrics Biometrics have moved to the forefront in 2018 as a top way to authenticate people for banks and other institutions. However, 2019 could bring more security incidents tied with the data behind biometric systems. “Severalmajor leaksof biometric data have already occurred,” said
Supply Chain Attacks In 2019, “We will see cybercriminals continue to focus on attacking critical software supply-chain infrastructure to conduct largerattacks,” Deepen Desai, with Zscaler, said in a post . Attackers have started recognizing the advantages of supply-chain attacks starting with the June 2017NotPetya campaign, which rapidly spread to wipe data from thousands of computers around the world. 2018 saw a significant amount of supply chain-targeted attacks, involving companies likeDelta Airlinesto Best Buy
Privacy Legislation With several giant data privacy scandals erupting in 2018 most notably Facebook’s Cambridge Analytica incident security researchers think that 2019 will see more legislation and regulatory efforts when it comes to data privacy. “Security and privacy create strange bedfellows on Capitol Hill, pairing far-left progressives with libertarian conservatives,” said Dave Weinstein, vice president of threat research at Claroty. “Lawmakers will likely take their cues from the EU by mimicking many aspects of GDPR
GDPR Impact While 2018 was the year that the EU’s General Data Protection Regulation (GDPR) was implemented, security experts believe that 2019 will truly begin to show what kind of unanticipated impact the regulatory effort will have on data privacy and transparency. “In 2019, we will see companies bringing in additional staff, tools and trainings to untangle the data chaos, so they can leverage their valuable data while staying compliant