2018 was a big year for cybersecurity, with increased usage in areas such as cloud adoption, AI and a move away from perimeter-based security systems. 2019 looks set to be an equally important year so we thought we would look ahead to what we think will be at the forefront in the next 12 months and list our 2019 Cybersecurity Predictions.
Cyber Risk Insurance Will Become More Common
Cyber risk insurance is similar to other types of insurance and with premiums paid by a company or individual to cover costs should they get hacked. This includes not only the loss of funds to the company/user, but also the loss of data, revenue, reputational damage and potentially improvement costs for current security systems. The cost of this sort of insurance can range from £1000 to £100,000, so it is important to evaluate the value it will deliver.
Due to the increase in breaches in the past few years, this could soon be seen as an essential business cost to mitigate potential losses – some companies have lost thousands in revenue from a data breach. Clearly a lot of businesses already agree as a recent report forecast global cyber insurance market size to reach $16,970 million by 2023, and will grow over 20% CAGR during 2017-2023.
Does cyber risk insurance have a line in your 2019 budget?
Breaches Will Get More Complicated and Harder to Beat
In cybersecurity, attackers often seem to be one step ahead of the protective measures we implement. Malicious actors are coming up with ever more complicated ways to infiltrate systems and convince innocent people to unintentionally give up their credentials.
For example, a new type of ransomware has turned the victim into the attacker. If the affected party passes on the infected link and manages to snare several other people, the initial victim will have their data released for free!
Cryptojacking, a relatively new type of attack, is becoming more popular than the traditional types of ransomware. It poses less of a risk to the hacker as it mines for cryptocurrency, often without detection. This type of attack increased 141% in the first half of 2018, and like most attack types, looks set to increase in 2019 according to Kaspersky’s 2019 Threat Predictions.
Demand Will Continue to Rise for Security Skills
According to the 2018 Black Hat USA Attendee survey, 65% of infosec professionals said they do not have enough qualified members of staff to deal with potential threats to their cybersecurity. As this figure has remained constant for the last 4 years it is clearly an issue that is not being addressed.
It is crucial for businesses to have enough funding to train/support their staff as ultimately it is these staff members that will protect the business. Businesses may be at risk from cybercriminals if the security team do not have sufficient training and skills to combat them. Outsourcing IT staff is one option businesses can look to as a way to get an organization quickly up to standard.
2019 needs to be the year when organizations make sure they have their house in order.
Attackers Will Get Smarter
With hacking techniques becoming increasingly advanced, cybercriminals are gaining ever more experience in how to infiltrate networks and get to assets. Deep in the Dark Web criminals can share information about new techniques and how to beat current security systems, meaning a network of criminals have knowledge of these methods.
“Hackers have become very nimble at outsmarting protection measures. Cybercriminals always seem to stay a step ahead of new security gates,” said Michael Bruemmer, vice president of data breach resolution at Experian
Year after year, attacks become more sophisticated, with malicious code being able to catch more organizations unawares and 2019 will be no exception. As the types of attacks increase so do the types of hacker – there is rarely an ‘average’ hacker; like the attacks they perpetrate, the hackers themselves range from the very basic to highly sophisticated. Check out our blog Hackers – exactly who, how and why?
Spear Phishing Becomes Even More Targeted
With social engineering techniques, such as spear phishing, becoming increasingly advanced, it makes it much easier for unsuspecting individuals or companies to be deceived. A recent trend sees hackers getting into your system and watching and learning before they strike. Knowing your behaviours makes it much easier to create a more tailored, attractive scheme to draw you in. Kaspersky Lab’s 2019 cybersecurity predictions highlighted spear phishing as a top threat for businesses and consumers saying “We believe that the most successful infection vector ever will become even more important in the nearest future”
An example of this is mortgage wire fraud, where the day before a customer is due to wire over the money for their mortgage, the hacker sends an email supposedly from the estate agent with a nefarious link. The unsuspecting customer then sends the money over and will most likely never be able to recover it.
2019 is likely to see a more advanced form of spear phishing attacks, where voice manipulation and face mapping technologies could come into play, utilizing the recent explosion in Artificial Intelligence (AI).
Security Will Become More Data-Centric
With the growth in cloud and BYOD, where applications, data, users, and devices are moving outside of the enterprise’s zone of control, IT needs to move its focus from perimeter-based network security to a data-centric architecture. This is often known as a Zero Trust framework, and works on the premise of ‘trust no-one’; users and devices are never trusted, and the environment is always assumed to be hostile. With the implementation of GDPR in 2018, the spotlight will be on how you secure your data, wherever it resides, both for B2B and B2C.
Data Protection is going to be key in 2019. Although it seems like GDPR has been around forever it only came into force in May 2018, and many organizations are still getting to grips with it. Knowing where your data is (both employee and customer data), what kind you store and, most importantly, who has access to it, will be crucial to enable you to protect and manage that data. It is inevitable that there will be more fines to come in 2019.
Personal Data Breaches Will Continue
Data stolen from companies or individuals is often used for extortion or blackmail purposes, demanding a ransom or threatening to leak the data. Sometimes malicious actors need only to CLAIM that they have something with which to blackmail the victim, even if their computer systems were not hacked, and still manage to extort money.
In recent attacks instead of asking for money, some actors have demanded company details, for example IP addresses from employees, as a ransom for their personal files. This turns the victim into a malicious insider, and means that businesses need to be equally wary of suspicious employee activity.
And of course, the old favourites of phishing and using stolen information to commit identity theft still remain a very real threat.
Overall, it is clear to see from our 2019 Threat Predictions that cybersecurity continues to be an issue facing companies on a daily basis. Techniques are becoming more advanced, new attack vectors being used and malicious actors demanding more from their victims. Solutions that were adequate 6 months ago will already have vulnerabilities that new attack methods are able to exploit. 2019 will need to see companies focus on their data and network security to ensure customer confidence and avoid GDPR fines.
activereach specialises in helping companies to understand what they need and providing a helpful ongoing service to keep networks secure and combat the threats mentioned in our 2019 Cybersecurity Predictions. Give us a call on 0845 625 9025 or visit our website to find out more.