Our Cyber Security Predictions for 2019
2019 promises to bring us some familiar IT security problems with a twist as well as some new ones. Here are our Cyber Security Predictions for 2019 and what our recommendations are:
Ransomware and cryptojacking will wreak havoc
First on our list of Cyber Security Predictions for 2019 is ransomware. Like most things, ransomware is always evolving and 2019 will see it continue to cause problems for businesses and organisations. The ransomware attacks predicted for 2019 will be more focused and targeted as hackers become more sophisticated in how they monetise the data they steal.
The increasing level of sophistication of ransomware attacks during 2018 was evident as a reported 75% of organisations infected with ransomware were running up-to-date endpoint protection (Sophos) and 2019 shows no signs of slowing the cyber criminals down.
Alongside the evolving sophistication of ransomware comes the emerging threat of cryptojacking. Criminals are finding cryptojacking attacks very effective money-makers, mainly because the number and quality of ready-made cryptomining tools available means they don’t need to be technically skilled.
That’s reflected in the 44.5% rise in number of users that have experienced a cryptomining attack in 2018, according to Kaspersky. “Hidden coinminers continue to proliferate in 2019, and malware authors are taking advantage of them to disrupt your business,” says CSO contributor David Strom. “Cryptomining will continue to be a threat as long as attackers can make quick cash from the infections.”
Ransomware, cryptomining, banking trojans and VPN filters are some of the key malware challenges that continue to threaten businesses and consumers. Live monitoring by industry giants Malwarebytes, Kaspersky Labs and others has shown that the mix of threats varies during the year, but the end result of malware threats will be a bad 2019.
Our recommendation for 2019: Due to the financial impact of ransomware, it tops our list of Cyber Security Predictions. We suggest that you adopt a holistic approach to cyber security, making sure all of your security systems are in place and up to date, not just the obvious ones. Traditional anti-virus will not provide sufficient protection. Solutions that have a direct malware focus are essential for organisations, alongside the tracking of network activity (both in and out of the network). You may also want to think about Dark Web Monitoring as prevention is so much cheaper than cure!
With Cyber Security Ventures predicting that ransomware damage costs will exceed $11.5 billion by 2019, it certainly won’t be going away. Oh yes, and make sure that your backup plan is working and tested.
Single-factor passwords: The Dark Ages
Second on our Cyber Security Predictions for 2019 list is single-factor passwords. As we all know, simple passwords are the key tool for attack vectors, from novice hackers right the way up to national players. Yet they are still the ‘go-to’ security protection for the majority of organisations, despite the low cost and easy deployment of multi-factor authentication solutions. Sadly, password theft and password-based breaches will persist as a daily occurrence in 2019.
Multi-factor authentication will become the standard for all online transactions
In addition to single-factor passwords, we take a look at multi-factor authentication. Though far from a perfect solution, most websites and online services will abandon password-only access and offer additional authentication methods. For a while, the different forms of multi-factor authentication (MFA) might confuse and frustrate users as they get used to MFA becoming the norm.
“Only using a password to authenticate is increasingly leaving us open to phishing and other attacks,” says Windows expert Susan Bradley. “But the fact that all the vendors are implementing different systems to authenticate means I’m being driven slightly crazy with all of the two-factor authentications I’m having to manage. It won’t be better until a more standardized process is settled on.”
Our recommendation for 2019: If you would like more information about multi-factor authentication, contact our experienced IT consultants on 01283 75333 or email email@example.com
Spear phishing becomes even more targeted
Another big threat on our Cyber Security Predictions for 2019 list is spear phishing. Attackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. Some are using tactics and emotional triggers that are a bit creepy. “One of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, lurks and learns” says Cyber Security Expert, Roger Grimes, “then they use the information they have learned, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other.”
A staggering 91% of cyber-attacks begin with a spear phishing email (KnowBe4), which uses emotional triggers to encourage users to open infected emails and their attachments. Once the criminals have accessed your sensitive information, they can wreak havoc with your data, not to mention ransomware.
Find out more about our industry-leading email security solution to keep you safe in 2019.
Education, Education, Education!
End users are the biggest weakness of any organisation when it comes to staying safe online. As a result, they are one of the biggest targets for cyber criminals and hackers. Driven partly by the shift in Boardroom awareness, and partly by GDPR, many organisations are recognising, perhaps belatedly, that their users are their weakest link.
Not only is there a greater awareness of the insider threat from malicious staff (existing or former), but there’s also a growing recognition that staff cyber awareness and training is a crucial step in securing this vulnerable area.
2019 will see an increase in end-user training as it becomes an untapped form of security for all organisations and businesses. As the treats continue to evolve and become more prevalent, even at lower levels, the focus on prevention will increase with basic security training and raising awareness on a continuous basis.
More organisations will require masters degrees in cyber security for CSOs/CISOs
Cyber security training will continue to mature, and certificates alone will no longer be enough to take the next step in a security professional’s career. Cyber security training will continue to mature, with organisations embracing different types of cyber training, whether that is through workplace learning or in a more formal setting such as University.
Masters degrees in cyber security are popping up across the country and will be sought after by those looking to take the next step in their career as organisations look for this level of knowledge, understanding and awareness.
We have already seen an appetite for this level of formal cyber security training and qualification from the large retailers including M&S and John Lewis as they embrace online retail technology to remain competitive.
General Data Protection Regulation: the pain still to come
The 25 May 2018 has come and gone, with many companies and organisations breathing a sigh of relief. They’ve put security processes in place, or at the very least they are in progress, so they can say they are en route to a secure situation. So all good then?
Well, we are still awaiting the first big GDPR penalty. When it arrives, organisations are suddenly going to start looking seriously at what they really need to do. Facebook, British Airways and Cathay Pacific have suffered breaches recently and will have different levels of corporate cost as a result, depending on which side of the 25 May deadline they sit. Undoubtedly, GDPR will continue to have a big impact in 2019.
A decade, perhaps two decades, late for some organisations, cyber security is now considered a key business risk by the Board. 2019 will see this trend accelerate as Board members demand clarity and understanding in an area that was often devolved as a sub-component of the CISO’s role and was not really a major topic for the Boardroom.
The financial, reputational and indeed C-Suite employment risks of a cyber breach will continue to drive Board focus on cyber security upwards on the corporate agenda.
If you think your business could benefit from an IT Consultant visit in 2019 to ensure your cyber security solutions are up to scratch and ready for the year ahead, contact us today on 01283 753333 or at firstname.lastname@example.org