5 cyber-security threats to watch out for in 2019
Ransomware, viruses, data breaches and more; cyber-threats might not be new but there is no sign of them stopping.
14 January 2019
Indeed, Malwarebytes reported a 55% rise in cyber-attacks this summer, including an 84% increase in Trojans detected compared to the previous quarter. Not only that, but the Ponemon Institute’s 2018 Cost of a Data Breach study for IBM reports that the cost of the average data breach to companies worldwide is a huge $3.86 million. In this blog, we’ll take a look at some of the threats to be mindful of in 2019.
Data theft gets expensive
In previous years, major organisation after major organisation has hit the headlines due to the theft of hundreds of millions of customer records, including the recent incident of 500 million personal accounts of Marriott and Starwood customers being compromised. This has been reputationally damaging and many companies have faced fines from regulators as a result. However, it would be naive to assume that reputational damage is the sole purpose of the perpetrators; add in the increasing availability of AI platforms that can process huge amounts of data and sooner or later this stolen information will be manipulated, either for commercial gain or used as the basis for further targeted attacks. Whilst organisations can’t do anything about the data that’s already out there, it further underlines the critical importance of having proper security systems and processes in place to prevent such theft.
The rise of the things
A couple of years ago, Gartner predicted 8.4 billion network connected devices would be connected by 2017, rising to 20.4 billion by 2020. It’s therefore reasonable to extrapolate the addition of 4 billion devices in 2019. Such a dramatic rise means a substantial threat vector increase and for businesses, a need to properly understand the function and intent of each and every device connected to the network. Internet of Things devices such as monitoring systems are frequently given network access without consideration being given to the fact that many devices having little or no inbuilt security function. Whilst IoT systems can save substantial money, thoughtless deployment effectively punches multiple holes in traditional edge security. Industrial process control systems represent soft targets with potentially massive impacts to public health should a system become compromised, so thinking must change towards developing security-immune systems and away from securing the edge. Central Security Information Event Management systems will gather and collate event information from a wide range of Network Access Controllers and internal sensors. This information is parsed against a pre-determined customer landscape and alerts are fed directly into a business’ IT Management System for remediation. End-to-end protection is achieved from the core of the network out - rather than the edge in - and therefore covers every device connected to it.
Large and wealthy organisations have been the obvious targets for hackers in years past. However, as such organisations increase their security, the humble consumer smartphone could be the new target. After all, your smartphone is probably now the portal for accessing everything from your home, bank accounts and social media platforms. It also contains an average of 664 social ties for forward infection; easy targets too if the attack looks benign and comes from a “known contact”. A well-automated hacking operation can harvest hundreds of pounds in ransomware payments, multiplied across many hundreds of thousands of consumers. 2018 saw an increase in devious schemes to increase transmission rates; for example, ransom victims being offered the option to have their device unlocked free of charge in return for passing on the infection to unknowing contacts. With hackers basing themselves in countries where cyber-crime is barely recognised and with consumers unlikely to report a small incident, it’s a fast-emerging, penalty-free revenue stream until awareness is raised of mobile device anti-malware.
Artificial Criminal Intelligence and Mal-Machine Learning
The use of AI and ML by Enterprise has led to huge leaps in scientific progress. We will unfortunately start to see such powers deployed for nefarious gain, especially the pinpoint targeting of spear-phishing attacks. For example, by tracking a customer’s email traffic during the progress of a key financial transaction, spoof emails from brokers requesting money transfers will land just when a user is expecting to see a genuine communication and will raise the chances of such an attack being successful. By inserting AI-powered chat-bots into websites with no such function, users will be tricked into giving away personal information in the belief that they are communicating with the genuine article. With nearly all organisations choosing to host websites in the Cloud, many also innately trust the Cloud Provider’s security, which can be perfunctory at best. Investment in specific web security software to protect public-facing systems will become increasingly vital.
SMEs reach against the breach
2017 and 2018 saw an unprecedented rise in successful attacks targeting Small-to-Medium Enterprises. Given the complexity of attacks and the skills needed to both combat and remediate threats - and indeed the scarcity of said skills in the UK workforce - it’s unreasonable to expect an SME to employ an in-house security officer or team. Successful attacks have also highlighted the fact that a simple firewall feature set on a broadband router is in no way a sufficient method of protection. SMEs will therefore reach out to Managed Security Services Partners that can take care of network, application and edge security as a holistic solution, from making a business secure to the ongoing monitoring of alerts to mitigation and remediation.
Want to know more?
Contact GCI for a complimentary security review of your IT estate, where we will make recommendations on how you can reduce the likelihood of cyberattacks. Simply email us at firstname.lastname@example.org and we’ll be in touch.
Author: Andrew Napier - Network & Infrastructure Product Manager