As businesses continue to reel from the after-shock and as attacks become a regular day-to-day occurrence, which cybersecurity trends should you be looking out for in 2019?
Here are a few of my predictions:
The market for IoT is booming and is set to reach over $160b by next year. It also feels like every manufacturer under the sun now offers some form of 'smart' device. Sadly many of these devices have glaring security vulnerabilities that cyber criminals will look to exploit.
The number of IoT endpoints and devices has already vastly outgrown the number of IoT security products available.
I expect the number of IoT attacks to double in the next 12 months. However the majority of these will still come from simple Telnet and SSH password brute force, which highlights the need for immediate IoT endpoint security measures. Don't wait for the tech to catch up.
A report from techproresearch.com suggests that organisations supply chains are the 'next frontier in cyber risk'. In this strange new world consider a Bloomberg report that identified a Chinese manufacturer using small microchips to spy on companies. This included Apple and Amazon whose supply chain was infiltrated. Oh dear, oh dear.
Just how closely are you inspecting those shiny new servers before flicking the switch?
Even as organisations look to improve their posture and build perimeter defences, attackers are increasingly changing tact. They're moving towards compromising third party vendors or customers with the intention of gaining access to your IT network.
GDPR (General Data Protection Regulation), Australia's encryption-busting law, Google's capitulation toward a Chinese censored search engine. Increasingly we're moving toward more ring fenced areas of the internet in what was once a location-agnostic world.
This new Compliance as a Service market will mean you need to increasingly be sure your data, cloud compute hardware and data backups are all stored within the same regulated geo-zone. Ignorance is no longer a (legal) option. This means more staff costs, stricter training and greater headaches for businesses small and large.
Fortunately things might not be as stressful as they first appear. You can reduce the stress by moving or renting your infrastructure from a compliant UK based Data Centre.
Bring Your Own Device is increasingly becoming a security problem. Wandera reported a staggering 95% growth in mobile security breaches in 2017, alongside an 88% rise in the number of businesses targeted by ransomware. Yikes!
Whilst allowing your employees to use their own devices sounds like a mecca for productivity and cost saving; businesses adopting this across the board are opening themselves up to new threats and increasing their attackable surface area.
We expect to see more and more workplaces stamping down on BYOD in 2019, either by limiting the use of personal devices or by enforcing greater policy control through tools such as Wandera and Airwatch.
Ransomware certainly isn't disappearing into the sunset I'm afraid. In fact we predict a significant rise in the number of attacks in 2019. However as the value of Bitcoin, which maxed out at $20,000 in 2017, continues to decline to new lows ransomware attacks will become less profitable to criminals.
This may also signal to attackers to shift efforts towards other threat vectors such as phishing emails, malware and botnets - which in many cases are even harder to detect.
Blockchain, or the increasingly preferred 'distributed ledger technology (DLT), will undergo its first mini ice-age since 2008. In the absence of revolutionary new products and services this 'miracle child' of the tech world will see little or even reduced investment. This could cause a serious setback for the development of enterprise-grade security solutions.
For the time being organisations will either need to stick to existing security solutions to encrypt and protect their networks, or adopt new technologies. This includes Intercity's Touch Secure 'next generation firewall service'. - providing off-perimeter cloud security across networks, cloud and internet services. (Hint: we think option 2 is the way to go!).
In 2019 'zero trust' cloud security will evolve into the enterprise standard.
Traditional perimeter security solutions have failed to provide adequate visibility, protection and control of user and application traffic. A zero trust model applies the principles of "seek permission, not forgiveness" to all devices, users, applications and packets - regardless of what they contain or where they come from.
"Seek permission, not forgiveness."
As vendors increasingly offer zero trust cloud security solutions, those products will gain widespread acceptance and many global enterprises will start to adopt them.
Tip: Intercity's Touch Secure cloud security solution takes a zero-trust approach through our in-built sandboxing service. We ensure that every packet is analysed and checked before being allowed onto the network. This allows us to not only protect your perimeter network, but also public clouds and the internet, which are inherently at risk.
Well there we have it. Seven of my cybersecurity trends for 2019. Here's hoping this year will be a merry year for you all and we all make it through another 12 months of stormy cyber-seas together.
Some of those less prepared will sink like a proverbial lead-ship, but by staying ahead of the game and keeping well informed you'll surely stay afloat until 2020.
We don't sell sell sell - so don't be shy.