As 2019 approaches, we look at the predictions of experts, business leaders and futurists for the cyber landscape in the year ahead.
In a fast-paced digital world with rapid tech advancement, it has never been more important to stay ahead of the game when it comes to cyber security.
Over the past few years the landscape of cyber security has greatly changed along with the skills within the industry. The scale of data breaches and cyber attacks in 2018 has been staggering as has been the number of records compromised. According to the Identity Theft Resource Centre’s 2017 Data Breach Industry Summary report, the number of records compromised by cyber attacks breached the 2017 total within the first six months of 2018.
There are many predictions about how the landscape will evolve in 2019; we look at some of the top ones.
Nations will make an effort to establish cyberwarfare rules
No rules currently exist for cyber warfare but this is likely to change, perhaps even in 2019. Experts told CSO that:
“Digital boundaries are being tested, and some nation states are starting to push back. Expect there to be a Geneva Convention for digital warfare coming soon.”
A major concern which may drive the development of cyber warfare rules is that cyber hackers have safe havens in countries such as Russia, China and North Korea. These attackers have more resources at their disposal and they will use these to find new attack vectors as well as increasing the resilience of their malware. Another expert, Korolov, noted that the situation will continue to get worse until something very major happens in global geopolitics.
Cloud technology has always been a security concern
More and more companies are adopting cloud computing systems, which opens a door for cyber criminals to take advantage of the vulnerabilities within the system.
Uber is one example of a company which was hacked due to a misconfiguration of Amazon Web Services’ cloud. This example highlighted questions about the overall security on the vendor side and how long it will take hackers to skip the middleman and go straight to the cloud source, a move which could affect the world’s largest companies and potentially billions of pieces of data.
Biometric hacking is another key threat for the New Year
Attackers will expose vulnerabilities in touch ID sensors, facial recognition and passcodes.
Biometric data is considered the most secure method of authentication, but it can be stolen or altered, and sensors can be manipulated and fooled or weakened with too much use.
One of the key elements of biometric security fingerprints. Your fingerprint is, of course, unique to you. However, in 2017, Researchers at Tokyo’s National Institute of Informatics were able to reconstruct a fingerprint from a photo of a person flashing a peace sign taken from nine feet away. As Isao Echizen told the Financial Times:
“Once you share them on social media, then they’re gone.”
The fundamental issue with biometrics is that they cannot be reset. If all ten fingerprints are compromised, you cannot replace them. The same is true for iris or retina scans as well as your face.
Attackers will exploit Artificial Intelligence (AI) systems and use them to aid their attacks.
“Attackers won’t just target AI systems, they will enlist AI techniques themselves to supercharge their own criminal activities.”
Symantec Cyber Security Predictions 2019
AI is gradually becoming more and more common in many areas of business operations to automate manual tasks and enhance decision making. However, AI systems also bring the threat of cyber attacks as they hold massive amounts of data.
It is not just the potential for AI to be hacked but also the potential to use this technology to hack that has been highlighted as a key cyber security threat for 2019. AI could be used to probe networks and search for vulnerabilities to exploit as well as be used to make phishing attacks. Symantec’s review of cyber security in 2019 gives the example of using AI to launch realistic disinformation campaigns:
“Imagine a fake AI-created, realistic video of a company CEO announcing a large financial loss, a major security breach, or other major news. Widespread release of such a fake video could have a significant impact on the company before the true facts are understood.”
5G deployment will expand the cyber attack landscape & data will be captured in transit
5G will accelerate in 2019 with ten UK cities set to have the network deployed. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, growth will occur rapidly. As time goes on, 5G Internet of Things (IoT) devices will not require a Wi-Fi router but will connect to the network directly.
This is where the threat lies as these devices will become more vulnerable to direct attacks. The ability to back up or transmit massive volumes of data easily to cloud-based storage will give attackers rich new targets to breach.
Data-in-transit compromises will also grow from this. This technique is where hackers embed malicious scripts onto targeted websites directly or through third-party suppliers used by said site to capture data as people go through the site eg when a consumer pays for a product.
This has become more popular since sensitive data is better secured “at rest” and eCommerce merchants do not store credit card CVV numbers which makes hacking this data more difficult. Therefore, hacking data as it is being processed is likely to be a focus for future attacks.
The supply chain will continue to be a target
Supply chain software is increasingly becoming a common target of attackers. This kind of attack is where the attacker replaces legitimate software updates with a malicious version in order to distribute it quickly.
These attacks are increasing in sophistication and in volume. One predication from Symantec is that we could see this method being used in supply chain hardware where an attacker could compromise or alter a chip before components are shipped out to millions of computers.
The main takeaway from all this is that hackers will continue to search for new and more sophisticated opportunities to hack or breach data. The positive is that while hackers become more sophisticated, so do defenders.
One of the ways you can actively defend your company is by undertaking the Cyber Essentials certification. Cyber Essentials provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability. Having the certification:
Demonstrates control of your business network security