Cybercriminals are developing more sophisticated attacks, while individuals and enterprises need to be more proactive in security practices.
2018 has been a landmark year for security vulnerabilities and emboldened cybercriminals—including nation-state actors—commandeering control of computers not just to extract a ransom from unwitting victims, but to utilize the computing power of devices to mine cryptocurrency, occasionally in ways which are physically destructive to the infected device.
SEE: Research: As overseas business operations grow, so do concerns over cyberwarfare and cybersecurity (Tech Pro Research)
The Information Security Forum released their Global Security Threat Outlook for 2019 on Thursday, detailing the security risks and encumbrances to mitigating said risks. Here are the top four emerging security threats detailed in the report.
1. Cybercrime and ransomware will become increasingly sophisticated
The frequency of ransomware attacks has actually decreased throughout 2018, as malicious actors change tactics. Rather than indiscriminately attack any computer that can be infected, cryptojacking malware is being targeted toward enterprise networks. The report notes that damages from ransomware are difficult to calculate, though it claims a "a global loss in excess of $5 billion" from ransomware in 2017. Accordingly, ransomware on mobile devices is cited by the report as being an increasing threat moving forward.
2. Smart devices are the weak link in security
Device manufacturers are enthusiastically adding smart functions across product lines, with personal assistants on smartphones always listening, as well as internet-connected devices including smart TVs, conference phones, and smart appliances. These devices are essentially security black boxes, as the report notes: "It will be problematic for organizations to know what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones, smart TVs or conference phones. When breaches occur, or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection."
SEE: Man-in-the-disk attacks: A cheat sheet (TechRepublic)
3. Legislation will not keep up with security realities
Considering that legislators do not, generally speaking, have a strong background in technology (and are often too old to be digital natives,) legislation is often either years behind the technological curve, or impractical to implement given the capabilities and limitations of available technology. Likewise, sweeping changes are made with little forewarning, or adequate time for enterprises to attain compliance with statutory deadlines. Per the report, "Organizations will struggle to keep abreast of such developments which may also impact business models which many have taken for granted. This will be of particular challenge to cloud implementations where understanding the location of cloud data has been an oversight."
4. Supply chain security is a lost cause
Most boldly, the report declares that "In 2019, organizations will discover that assuring the security of their supply chain is a lost cause. Instead, it is time to refocus on managing their key data and understanding where and how it has been shared across multiple channels and boundaries, irrespective of supply chain provider." Compartmentalizing access to data and fingerprinting data shared with third parties to detect leaks will be increasingly important strategies as once-trusted third parties require more scrutiny.
The big takeaways for tech leaders:
- Malicious actors, including individuals, cybercriminal organizations, and nation-state actors, are developing more sophisticated and targeted attacks.
- Ransomware attacks have resulted in a $5 billion loss in 2017 - Information Security Forum, 2018
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- This is how Docker containers can be exploited to mine for cryptocurrency (ZDNet)
- Man-in-the-middle attacks: A cheat sheet (TechRepublic)
- Cross-site scripting attacks: A cheat sheet (TechRepublic)
- Multicloud: A cheat sheet (TechRepublic)
- Using the cloud to turn governance into a business advantage (ZDNet)
- How to protect your business from botnets: 6 strategies (TechRepublic)