So what are the Cyber Security trends of 2019?
Digjaks CEO Alan W. Silberberg lays out some areas we all need to be paying attention to in 2019.
2019 is going to be lit, at least in the cyber world.
We are not talking about the fireworks from New Year’s Eve celebrations. Nor are we talking about the circus in Washington, DC.
The cyber security world is hopping. Hacks all around. Major companies revealing breaches affecting millions and hundreds of millions at once.
Just to name a few companies this year that have actually admitted to breaches, with “admitted” being key phrase, as many companies still do not do timely breach reports:
- Marriot (500,000,000+) membership accounts breached.
- Google+ is being shut down after two breaches revealed affecting 50,000,000 + accounts.
- Facebook has had multiple breaches, affecting 50,000,000 + people; plus the Cambridge Analytica issue that revealed how all of our data was misused through 3rd party apps, with developers abusing the Facebook system and Facebook itself selling data points.
- The Healthcare industry has been under sustained attacks, and does not usually get quite as much press as the big tech breaches, but it affects hundreds of millions of people globally with potentially life threatening exposure.
- These are just a few of the major breaches affecting the global digital community. There were many, many more in 2018.
So, what is coming in 2019? What do we need to be looking for?
- Polymorphic Malware + Artificial Intelligence. What the heck is polymorphic malware you may be asking? Basically, in the most simple terms, it is malware that changes upon detection, or “morphs” into a new form, or goes into hiding. This malware was already prevalent and growing. When combined with true artificial intelligence, it literally trains itself not just to avoid detection but in some cases can actually use your system resources to become something you are used to looking at. This is a huge problem and growing. As the cost of artificial intelligence services and technology continues to drop, the increased use of AI + polymorphic malware together becomes an ever bigger risk for enterprises, governments and private organizations alike.
- Continued Social Engineering Attacks. By now we have all heard about and maybe even experienced social engineering attacks. They can occur through email, voice, sms, social media, websites and even in person. This is a relatively cheap and easy attack method from threat actors. They can target anyone with an email address or even a cellphone; and especially anyone using social media. It can be something simple like a lame email with a malware laden link. Or all the way through a live person using small data points about another person to impersonate them with a customer service agent in order to compromise one account, then others from it. Social engineering was used heavily during the Russian attacks on America in the 2016 and 2018 elections. It will continue to be a huge and growing problem globally in 2019.
- Mobile Device Malware. Most people assume malware and viruses really only target networks, computers and larger devices. However this is not correct. 2018 saw an explosion of mobile device malware, presented in apps, sms attacks and even voice attacks. Like polymophic malware above; the access for threat actors to this attack vectors continues to get easier and easier. This is due to the proliferation of mobile devices, ease of app downloads and continued dropping prices of technology needed to mount such attacks.
- Iot Device Attacks. The Iot (Internet of Things) is notorious for not having any cyber security, or barely any. This issue stems from multiple vectors, but increasingly it is due to speed to market trumping security being developed into the full stack. Most Iot Devices do not offer any real cyber security protections. There are no standards for #Iot industry to follow yet for cyber security. Additionally this problem is compounded by a central basket of chips, motherboards and circuitry that is used from device to device; and with multiple manufacturers using the same tech. The explosion of Iot devices for both home and industry is leaping far ahead of cyber security protections. This is creating a wild west of problems. The threat actors know this is a wide open opportunity. They can even use such websites as Shodan.io to find both industrial and residential Iot devices that are connected to the internet. Digijaks CEO Alan W. Silberberg has written about the lack of security in IoT.
- Continued Nation State Attacks. Nation State attacks using cyber war and or information war will continue to grow as a major problem. These attacks occur on other nations, companies and even individuals. As the cost of command and control servers drop, more nation-states become active players in using cyberwar. Additionally as the cost of other technology continues to drop, nation state cyber attacks become a cost effective parallel or even additional means of show of force. This could be in the form of electrical grid attacks, social engineering, denial of service attacks. Nation state attacks can also include fake social media, fake websites and exploitative surveillance technology attacks on websites, mobile phones, emails and infrastructure facilities. There is a huge and growing threat of nation state cyber espionage attacks against countries, companies, individuals, reporters, researchers, human rights activists and more.
So. Be careful out there in 2019. Lots to watch out for. This list is by no means exhaustive. Be alert. Be pro-active. Don’t take cyber security for granted, whether at work, at home or even in your connected car.