Cybersecurity has again been a major focus in the past year as the compromise of elections and voting machines is on the top of everyone’s minds. Given the critical impact of the midterm elections on future governance, election security is a major concern. It’s especially concerning after it was demonstrated at DEF CON how to hack voting machines in two minutes – and even young children had successfully displayed how easily they could hack these critical systems. With ransomware cyberattacks on the decline and cryptomining on the rise, it appears that rather than trying to extort money from victims, cybercriminals are using victims’ stolen computer resources to mine cryptocurrencies, increasing their profit from previous years’ financial fraud and now basically stealing energy from victims.
Email continues to be the number one method at delivering malicious payloads and identity theft continues to be most targeted by cybercriminals. This year’s data breaches have personal data at the top of the list of stolen assets from major data breaches such as Exactis, Under Armour and MyHeritage. The education and airlines industries have been targeted by cybercriminals stealing intellectual property that can be used to make counterfeit products and airline passenger data, such as passport details that could be used to create fake identities. Air Canada, British Airlines and Cathay Pacific have all experience major data breaches in 2018.
Facebook had a horrible year for cybersecurity in 2018 after making their relationship to Cambridge Analytica transparent. The British consulting firm had a major impact on the 2016 Presidential Election and the Brexit Campaign and Facebook’s involvement forced founder Mark Zuckerburg to appear before congress to explain what happened and how Facebook is going to take responsibility. Facebook’s woes continued, later experiencing one of the biggest data breaches in 2018 with 50 million victims resulting from poor security.
Cyberattacks continue to cause major disruption and in 2018 we saw the World Economic Forum raise cyberattacks to be the third highest risk to world economies, just behind climate change and extreme weather events. With cyberattacks toping the world stage, what predictions do we have for 2019? I am always trying to figure out what will happen next and below are my 2019 predictions for the future of cyberattacks and what type of threats you will need to prepare yourself for.
Million-dollar data breach fines
In 2018, we have seen the EU GDPR come into enforcement as well as the California Consumer Privacy Act which both have serious financial penalties for organizations that fail to protect personal data. We also saw some serious financial costs from cyberattacks with Uber agreeing to pay $148 million from their data breach that occurred in 2016 and both Equifax and Facebook fined £500,000 which was the maximum penalty possible under the older UK data protection law. In 2019, we are going to see some serious financial penalties with Facebook, Google and British Airways all under the microscope, which could prompt the first billion-dollar data breach fines for failure to secure and protect personal data.
Regulations get tough and the rest of the world to update laws for data protection
Following the EU’s GDPR and the California Consumer Privacy Act, the rest of the world is ramping up data protection laws, responding to the modern global economy in which data is now exceeding the value of oil, becoming the most valuable asset. Governments have now seen that importance of protecting their citizens’ sensitive personal data and punishing corporations for failure to protect individuals’ data., particularly organizations that are profiting from the data. In 2019, we will see the rest of the world continue to increase legislation related to personal data and IoT (Internet of Things) devices to ensure that the standards of cybersecurity in place to protect data are at a standard equal to the value of the data itself.
Machines to attack humans
In 2019, with so many connected devices, we are very likely to see machines attack humans. Yes, machines will be used to target humans with cyberattacks and many of those machines will be controlled by other humans. Cyberattacks will start to have a direct impact to humans and possibly cause physical harm or eventually even death. You can go as far as saying we might see a vacuum cleaner chase your kids around the room, your fridge spit water in your face, a kettle boil water to extreme temperatures, or even your car turning into another car – all resulting from malicious acts to attack humans. IoT could potentially become the future assassin and attacks could easily be carried out across country borders. At least in 2019 these devices are being controlled by other humans, but with AI (Artificial Intelligence) we may lose this control to devices in the future.
Government will engage in cyber offensives
Governments have been developing cyber weapons for several years and many have been using them in secret to attack other countries causing situations just short of war. Nuclear weapons no longer have the deterrence they once had, and cyber weapons have allowed countries to disrupt our society and political stability that was protected in previous years. In 2019, we will likely see governments reveal their cyber weapon capabilities to create a future deterrence in showing other countries what will happen if they continue to use cyber techniques to cause social and political harm.
Email and compromised privileges continue to be the major cause of data breaches
In 2019, email and compromised privileges will continue to be the primary method at bypassing company security controls to disrupt services, steal sensitive data or cause financial fraud. Reducing the impact and risk of emails and privileges should be the number one priority for organisations to reduce the risks of cyberattacks. If you can control email hyperlinks and attachments as well as implement a least privilege strategy, that will limit and control privileges, then organisations will reduce the risks exposed from cyberattacks. It is time to get in control of privileges in 2019.
About the author
|Joseph Carson has more than 25 years of experience in enterprise security and is an InfoSec award winner and author of Privileged Account Management for Dummies and Cybersecurity for Dummies. He is a CISSP and an active member of the cybercommunity, speaking at conferences globally. He’s a cybersecurity advisor to several governments, as well as critical infrastructure, financial, and maritime industries.|