“The AI security software has malicious intent.”
That was Kelly Shortridge’s second prediction on a humorous list of 2019 predictions for cybersecurity published on Medium. The effort at levity was aimed not just at cybersecurity predictions but also, seemingly, at the industry jargon.
Her piece completed many rounds on social media prior to the holidays and it points how carried some predictions can get.
Still, predictions do have value. These are often equal parts analysis of the year gone by, assessment of where trends are leading, and yes, ambitions for the future.
We’ve combed through hundreds of cybersecurity predictions and pick out a handful that stood out to us as realistic.
1) Zero trust becomes more than a buzzword
As catastrophic data breaches become more common, the need for organizations to consider new approaches is escalating. For today’s enterprises, the concept of Zero Trust is rapidly moving from interest to adoption, and savvy organizations will adopt Zero Trust approaches to stay ahead of the security curve. In fact, Zero Trust Security is generating more interest from technology and security leaders than any other security technology, according to the 2018 IDG Security Priorities Study. Bad actors are no longer hacking their way in, they’re logging in using stolen, weak or compromised credentials. As attackers breach what’s left of enterprise perimeters and begin to look — and act — like trusted users, the concept of blindly trusting insiders now seems like a quaint notion. All of which explains why Zero Trust Security will generate even greater interest from security leaders in 2019.
2) Internal segmentation and new rules for intrusion detection
“You may need to revise your network architecture: A flat network is an open invitation to intruders once they penetrate your defenses, and yes, they will penetrate your defenses. Instead, you need to implement internal segmentation, which may require changes to your routers or perhaps installing internal firewalls. You may also need to revise your intrusion detection so that it can detect unauthorized entry into protected areas by your own employees.”
3) Doomsday for DevOps
“The popularity of the DevOps methodology increases the number of environments where security risks are raised, undetected and unmitigated. ‘The once well-oiled Kubernetes/DevOps machine will start to rust as organizations set unrealistic goals, improperly train employees and lack consideration for monitoring or control tools, giving external threats easy access to an enterprise’s core IT system,’ says Jackson Shaw, vice president of product management at One Identity. ‘In 2019, malicious actors will use these gaps in security to infiltrate sensitive data and generate one of the biggest breaches we’ve seen to date.’”
4) More ways to avoid detection emerge
“Attacks designed to avoid detection, like soundloggers, will slip into the wild. Keyloggers that record sounds are sometimes called soundloggers, and they are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard. Already in existence, this type of attack was developed by nation-state actors to target adversaries. Attacks using this and other new attack methodologies designed to avoid detection are likely to slip out into the wild against businesses and the general public.”
5) A rise in preventable data leaks and exposures
2018 saw a rising trend in data leaks and exposures — specifically data that’s not protected with even the most basic security, like a password.
We’ve seen a ton of sites and services exposed in the past year — from gym booking sites, anonymous social network Blind, Urban Massage, FedEx, Canadian internet provider Altima, Amazon and fitness app Polar, to name a few.
Exposed databases and user data can be easily found, yet are entirely preventable — often simply by setting a password. Breaches, where a hacker exploits a vulnerability, are more difficult and require some level of skill, making them less common. But human error, a lack of security smarts or just sheer laziness makes exposed data more discoverable, and yet there’s no sign of data exposures dying down any time soon.
6) Targeting of real-time settlement of funds
“Many attacks [on banks] over recent years have focused on international interbank payment systems. These have a major disadvantage for criminals though, in that there is a delay of 24-48 hours before the funds are settled and available to be moved. This time window allows the authorities time to catch up following an attack and freeze the funds.
In 2019 we anticipate attackers will shift to targeting systems that allow real-time settlement of funds – meaning that money can be moved through a network of accounts more quickly and ultimately laundered successfully. This will present a challenge for the community in terms of the speed of response and international co-operation.”
Don’t miss these related posts:
IDS is Dead! Long Live IDS! An Analyst Prediction from 2003 Remains Relevant
15 Cybersecurity Statistics Summarizing the Intense Year the Community had in 2018
The 10 Most Read Bricata Posts on Cybersecurity in 2018
7) Watch out for the supply chain
“Cybercriminals are diabolically savvy, and they realize that the easiest route to high-profile targets is through that organization’s network of suppliers and contractors. In 2019 supply-chain attacks will escalate as large corporations, which have enough trouble safeguarding assets already, open themselves up to greater risk as they grow their reliance on partnerships. The results can be catastrophic. The infamous 2013 Target breach was the result of an attack that had its origins through the retailer’s HVAC vendor…
…Because of these abundant dangers, many companies that rely on partners and third parties have created vendor risk management processes within their organizations. These can include policies around constant monitoring and log access and retention, which may sound difficult to meet but are already part of many regulatory compliance frameworks. Vendor risk management teams within organizations will become more commonplace as supply-chain attacks increase.”
Cybersecurity predictions for 2019 | Forbes | Brian NeSmith
8) Spear phishing attackers sharpen their aim
“Attackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. Some are using tactics that are a bit creepy. ‘One of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, lurks and learns,’ says Roger Grimes. ‘Then they use the information they have learned, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other.’
One area where Grimes sees this happening more is mortgage wire fraud, where home buyers are tricked into wiring closing fees to a rogue party by an email arriving from a trusted mortgage agent. ‘The hacker breaks into the mortgage lender’s (or title agent’s) computer and takes note of all the upcoming pending deals and their closing dates,’ he says. ‘Then the day before the mortgage agent would normally send out an email telling the client where to send the closing money, the phisher uses the mortgage agent’s computer to beat them to the punch. The unsuspecting client wires the money, which is rarely recovered, and ends up losing the house (unless they can come up with another substantial closing payment, which most can’t do).’”
9) The mobile workforce vector of attack widens
By virtue of this, we have seen and will continue to see, an increase in mobile defense technologies. In the construction industry, mobile workforces are easy targets due to the use free internet connections at places like coffee shops, hotels and other places as well as a lack of a full mobile device management system, which I rarely see running when dealing with the construction and mechanical verticals. In 2019 proper cyber defense for the mobile workforce should be on everyone’s mind.”
10) Threats propagate personal IoT networks and business
“It may not seem like a big deal for an attacker to compromise your smart-lights, but those can connect to your smart home management device (e.g., Google Home, Amazon Echo), and from there propagate throughout both your physical and notional personal networks. And those networks can be tied to even larger ones that could result in high-profile DDoS attacks. Every added device is an added attack surface, and we’re in for a very rude awakening in the near future.” – Ken Underhill, Master Instructor, and Joe Perry, Director of Research, Cybrary
11) A New Union Among MSPs and MSSPs
“With an increasing emphasis on security, MSPs may wonder if they need to become MSSPs. Ultimately, there’s not only room for both businesses – they can work synergistically. MSPs are the CIOs of their clients. They provide IT services to help them achieve their business goals. MSSPs, on the other hand, focus on security. They monitor for intrusions, remediate threats, and provide advanced threats. MSPs focus on supporting the good guys; MSSPs focus on thwarting the bad guys. To top it off, most MSSPs don’t want to be MSPs. MSPs that partner with MSSPs can provide even greater services to their clients and help serve more of their IT needs. If an MSP, for example, picks up a client in a regulated industry that requires 24/7 security monitoring, they could easily partner with an MSSP to deliver to the customer. Don’t get me wrong – MSPs should still handle the fundamentals of cyber hygiene for their clients. If the MSP doesn’t help ensure systems get patched, antivirus stays up to date, and backups remain current, the customer will likely find an MSP who will.”
12) Business will see more women in the role of CISO
“In 2017, only 13% of the Fortune 500 had women CISOs. In 2019, we expect to see the number of women CISOs grow to 20%. Why the jump? The security industry has long lamented the fact that security resources are few and far between, but it does so while ignoring half of the population. Expanding how you search for talent, identifying other disciplines with relevant skill sets, and making sure you’ve created an inclusive culture will lead to a more diverse industry. To benefit from this trend, start by implementing targeted hiring goals for women, and focus your recruiting efforts on groups with more diversity, such as Women in Security and Privacy, AnitaB.org and the Grace Hopper Celebration, the Executive Women’s Forum, and Women’s Society of Cyberjutsu. Consider women in other technology, compliance, legal, or risk roles as your next potential CISO, and sustain a culture of acceptance, inclusion, and mentorship to hold on to top talent.”
13) The cost of cybercrime rises to $6 trillion
“Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.” Within that number, the organization counts cybercrime costs including “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
* * *
What predictions stand out as realistic for you? Tweet us up @BricataInc.
If you enjoyed this post, you might also like:
Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018