As we near the end of 2018, it’s time to start predicting what the new year holds for the cybersecurity landscape. While predictions are tough, 2019 will certainly be another huge year for cybercriminals. The threat landscape is massive, offensive and defensive technologies are evolving, and nation-state attacks are increasing in terms of scope and sophistication.
We have recently discussed how to budget for cybersecurity and importance aspects of cybersecurity for Small and Medium Enterprises (SMEs). Now, we will offer our top 5 cybersecurity predictions for 2019.
Top 5 Cybersecurity Predictions for 2019
1 – Ransomware continues to wreak havoc
With the emergence of cryptojacking, the number of users who encountered ransomware in 2017 and 2018 fell nearly 30 percent over the 2016 and 2017 time period. However, ransomware attacks are becoming more sophisticated and more targeted. Meaning, you are less likely to see a random phishing email containing ransomware and more likely to see an email that is targeted specifically for you or your business. Instead of sending out thousands and thousands of emails trying to infect some random individual; hackers are doing their research, figuring out exactly who you are, and tailoring their email to entice you to click on a malicious link or attachment.
“The randoms went down, and the targeted ones were big news,” says Steve Ragan, CSO’s senior staff writer.
2 – Multifactor authentication, also known as two-factor authentication (2FA) will become the norm
Every day, more and more businesses are seeing the importance of 2FA. Let’s say your login credentials were compromised in the Yahoo data breach and you have neglected to change your username and password. With 2FA, a hacker cannot access your account if they only have those credentials. 2FA requires a username, password, and an additional form of verification such as a four- to six-digit code sent to your cell phone.
At the time being, users and consumers may become frustrated with the multitude of 2FA products available. While the company you work for could use a USB key as a form of 2FA, each vendor you purchase household items through could all use completely different forms. The 2FA market is really in need of a standardized, universal process to ease the burden of multifactor authentication. However, standardization makes it easier for hackers to penetrate those defensives.
3 – Data protection regulation and policies will increase
Massive data breaches have made headlines over the last couple of years. Rising concerns over how companies use and protect our personal information will or should encourage regulators and the public alike to hold companies more accountable. While a law may not go into effect in 2019, users should expect to see an effort in the United States to enact privacy laws similar to the General Data Protection Regulation (GDPR) implemented by the European Union.
The California Consumer Protection Act has already been passed and will go into effect in 2020. In Oregon, a bill titled the Consumer Data Protection Act (CDPA) has been introduced. The bill has stiff penalties, including jail time, for privacy violations.
In the meantime, Washington continues to lull around with regulations on data privacy; effectively putting the burden on individual states to create their own laws on protecting consumer privacy.
4 – Cyberwarfare rules will be established
Unbeknownst to many, the art of hacking is a reputable career in countries such as Russia, China, and North Korea. However, unlike physical warfare where nations have agreed upon a basic set of rules, (no torture, no poison gasses, etc.) such rules do not exist in cyber warfare. Some nations believe they can do whatever they please with no repercussions.
For example, North Korea hacks Sony, there are Russian ties to influence elections of other nations, China steals intellectual property, and the US and Israel use malware to destroy nuclear equipment. Basically, the boundaries are being tested, and nations are starting to push back. In 2019, we should expect to see new international rules to protect the public from nation-state threats in cyberspace.
5 – Education requirements will increase for Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs)
This one may come as a bit of a surprise as we recently discussed the immense shortage of qualified information security professionals. However, we are talking about executive management. Cybersecurity training continues to develop, and certifications will soon be a thing of the past for upper management. Prestigious universities such as NYU and UC Berkley have started to offer master’s degrees in cybersecurity. In order to climb the corporate ladder, like many other disciplines, cybersecurity experts are going to need to those letters after their name.
Photo courtesy of Harbor Technology Group