The year 2018 saw a proliferation of high-profile data breaches and phishing attacks, and 2019 will undoubtedly involve more of the same, along with several new and evolving enterprise cybersecurity threats, according to a new report from BeyondTrust.
"As in any cyber defense strategy, BeyondTrust first recommends getting the basics right," Morey Haber, CTO at BeyondTrust, said in a press release. "Securing your privileged accounts, eliminating excessive user privileges, ensuring secure remote access to critical systems, prioritize patching the vulnerabilities with known exploits, and reporting, reporting, reporting."
Here are 10 cybersecurity predictions for 2019, according to the report.
SEE: Intrusion detection policy (Tech Pro Research)
1. Artificial intelligence (AI) attacks will rise
The year 2019 will see an increasing number of cyberattacks developed using AI and machine learning, the report predicted.
"AI will analyze the available options for exploit and develop strategies that will lead to an increase in successful attacks," according to the report. "AI will also be able to take information gathered from successful hacks and incorporate that into new attacks, potentially learning how to identify defense strategies from the pattern of available exploits."
The evolution of AI in cyberattacks could lead to attacks that are far more difficult for enterprises to defend against, the report noted.
2. Privileged attacks will continue
Privileged attack vectors will remain the no. 1 cause of breaches for both business and consumer data, the report said, and more high-profile breaches are likely to occur in the new year.
"Organizations must discover and manage their privileged accounts because the attack vector is not going away anytime soon, and ugly newspaper headlines will continue to plague boardrooms," the report stated.
3. Established vulnerabilities will dominate cyberattack reports
Hackers will continue to use well-known, preventable strategies and vulnerabilities to successfully attack victims, the report predicted. "Organizations continue to focus their efforts injudiciously, ignoring the lower severity vulnerabilities with known exploits in favor of largely academic high severity vulnerabilities," the report said. "This leaves their systems vulnerable, which can then open up pathways for further exploitation, resulting in major data exfiltration incidents."
SEE: Network security policy template (Tech Pro Research)
4. Supply chain risks will come to the forefront
Attacks on organization supply chains are the next frontier of cyber risks, the report said. For example, consider the recent accusations of China allegedly embedding tiny chips into supermicro servers for spying purposes.
"Corporate attacks and corporate espionage will take on a whole new meaning as more supply chain attacks with embedded malware are discovered," the report stated.
5. Internet of Things (IoT) devices will become major targets
IoT devices will be those targeted most often, due to lax security standards built into many of these smart gadgets. "Expect the supply chain for many vendors, including those that produce personal digital assistants, to be a new target from threat actors who infiltrate environments and insecure DevOps processes," the report stated.
6. Industrial Control Systems (ICS) will come into focus
In the next few years, we will see increased cybercriminal attention on ICS/SCADA systems, the report predicted.
"The opportunity to create ransomware scenarios directly affecting critical national infrastructure will draw attention from cyber criminals motivated both by financial gain as well as those who are looking to develop weapons in the evolving cyber-frontline," the report stated.
Though operational technology teams have historically been slow to engage with IT security practices, this will need to change, as they increasingly recognize that cybersecurity is critical for business continuity, the report noted.
7. Android will close open access
In 2019, Android will no longer be fully open and extensible, the report predicted. Google has already announced that only default applications can access calls and SMS texting data for the next release of Android, so multiple applications cannot be shared with calling and texting applications.
"Expect Google to continue this trend to fight malware and spyware by closing more of the operating system in the name of security," the report stated.
8. Infonomics will begin to become mainstream
Businesses will begin applying a value to data, and disclosing the information they have and what it would cost for sale, the report predicted. "Businesses will begin rating themselves more publicly on the Infonomics they possess and not just to private equity firms or other businesses looking at merger and acquisition activities, or purchase of the information," the report stated.
9. Definitions of privacy will evolve, thanks to millennials
Millennials and Gen Zers have lower sensitivity to private data, diminishing the value of data, the report predicted. "Expect data classification to evolve based on the youngest users, and what we consider private today will not be private, or of a concern, tomorrow," it added.
10. Centralized information brokers will emerge
To better protect and control exposure of personal data, information brokers who will provide tools that allow only granular sharing of data for a given service will arise, according to the report.
"The EU has been working on digital identity in this form for several years and may well be the first to bring that into full effect, but others will follow in providing a mechanism by which our data is decentralized," the report stated. This will help limit individual data exposures when systems are compromised and allow more control by individuals over their data and who has legitimate access to it."
- Phishing attacks: A guide for IT pros (free PDF) TechRepublic)
- Digital risk protection in 2018: New vendors, new leaders, new wave (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Survey: How does your company handle cyberwarfare and cybersecurity? (ZDNet)
- Cybersecurity no. 1 challenge for CXOs, but only 39% have a defense strategy (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.