Cybersecurity predictions are both a fun and useful exercise. Fun because you get to see what different researchers and companies are focusing on, and useful because they provide guidance for organizations in the way they approach their internal security. Admittedly, most security predictions are, well, predictable, following on cybersecurity trends that were seen during the months before. As someone who sees a lot of predictions, I can tell you there tends to be a lot of overlap (again, why they are so important for organizations) and, while they are not all identical, you can see patterns.
But every once in a while, a prediction jumps out at you as surprising or rather obvious (as in, how did no one else make this prediction). This piece looks at some of these predictions, things that especially caught my interest enough that I’ll likely follow them to see how accurate they turn out to be.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Of course, the most important thing to remember about any of these predictions is the ability to prepare for and defend against potential cyberattacks. “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments, and even the infrastructure of the internet itself,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Organizations of all sizes need to look ahead at what new threats might be around the corner, prepare for evolving attacks, and ensure they’re equipped with layered security defenses to meet them head-on.”
That said, here are some of the more interesting cybersecurity predictions for 2019.
Nation-State Focused Attacks
WatchGuard Technologies mentioned two predictions that involve state-sponsored attacks. First, they predict that escalations in state-level cyberattacks will force a UN Cyber Security Treaty. “The UN will more forcefully tackle the issue of state-sponsored cyberattacks by enacting a multinational Cyber Security Treaty in 2019,” said Nachreiner. As more nation-state attacks are launched and more civilian victims are impacted, WatchGuard predicted the UN will pursue a multinational cybersecurity treaty that establishes rules of engagement and impactful consequences around nation-state cyber campaigns.
Also, WatchGuard predicted that a nation-state will launch a “fire sale” attack. This would be an incident that seems to come straight from Hollywood. In the Die Hard movie series, Nachreiner explained, a “fire sale” was a fictional three-pronged cyber-attack. It targeted a government’s transportation operations, financial systems, public utilities and communication infrastructure. The goal is to strike fear into the citizenry while allowing the bad guys to steal huge sums of money. “Modern cybersecurity incidents suggest that nation-states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation,” added Nachreiner.
Another nation-state-related prediction warns of a convergence with organized crime. “In the past, organized crime played a significantly larger threat to the industry than nation-state attacks as the rise in opportunity and capability brought organized criminals into the arena,” said Jason Haward-Grau, CISO at PAS Global. “In 2019, dangerous nation-state alliances will be formed or further cemented, and these groups will leverage organized crime to gain critical insights that are worth far more than the previously coveted financial gains, whilst nation-states will develop the capabilities and deniability that these alliances bring.”
The Advent of Skill-Squatting
According to Laurence Pitt, global security strategy director with Juniper Networks, we can expect skill-squatting to become a legitimate threat. “With more and more voice assistant-powered smart speakers entering the home, ‘skills’ – verbal commands that instruct the assistant to perform a task – are also becoming increasingly commonplace,” he explained. “Skill-squatting is a new threat where a skill is developed to look for certain statements and then re-direct them before running the requested command.” For example, a request to “play some music in the kitchen” could be overtaken to first extract a user’s Wi-Fi information, home network and possibly password, before running the usual command, so the user never knows their information has been stolen.
Cloud App Wars Grow Fiercer While Cloud and Security Vendors Play Nice
Expect the cloud wars to get more intense in 2019, said Sanjay Beri, CEO of Netskope. “It’s healthy competition as a variety of new use cases are made possible by the adoption of multi- and hybrid-cloud, with customers typically opting for multiple vendors versus just one,” he added. That means your security and IT teams need to take a more cooperative approach with cloud vendors. “IT teams will need to ensure that the organization’s application and infrastructure vendors are working alongside one another, and have even more shared responsibility to ensure that physical security and beyond are adequately accounted for -- and most importantly protected against cyberattacks,” Beri added.
Breaches Aren’t Equal
It’s easy to think that a breach is a breach is a breach. But in 2019, we’ll see a shift in that attitude, according to Shuman Ghosemajumder, CTO of Shape Security. Expect organizations to change how they approach data breaches; instead of focusing on size and scope, more attention will be on potency and longevity. “Breach impact will be measured by the overall quality and long-term value of the compromised credentials,” said Ghosemajumder. “For instance, do these assets unlock one account or one hundred accounts? As hacker tools become more sophisticated and spills more frequent, businesses can’t afford to ignore downstream breaches that result from people reusing the same passwords on multiple accounts.”
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba