Criminals using artificial intelligence. More nation-state backed attacks. The Internet held hostage. Dangerous chatbots. President Trump’s cellphone will be hacked. And, of course, more malware.
These are some of the predictions security vendors see coming in the next 12 months. It’s not a pretty picture, but then again cyber security never is.
So, in no particular order here’s what 27 security experts say infosec pros should expect:
Dave Masson, country manager for Canada, Darktrace
In 2019, attackers will increasingly look to sabotage critical infrastructure. Rather than stealing or encrypting data, historically prolific attacks due to their profitability, hackers will look to turn off the lights, disrupt transport systems, and ultimately threaten our safety. This is nothing new; over the past few years we have seen several high-profile cyber-attacks that affected the manufacturing, energy, and shipping industries. But these attacks are suddenly on the rise.
This year the ports of San Diego and Barcelona were attacked with ransomware – compromising industrial devices can now allow criminals to ransom access to operational systems in addition to data. Geopolitical tensions are shaping attacks in cyber-space, and nation-states are now on high alert to protect national critical infrastructure, such as energy grids, from well-funded international attackers and adversaries. As cyber warfare capabilities continue to become more advanced and well-developed, the private sector, and ultimately individuals, will begin to feel the impact of this growing conflict.
Caleb Barlow, vice-president IBM Security
— Companies in the U.S. will start to move away from using social security numbers as a form of access to employee corporate benefits programs ahead of regulators;
–A side effect of the new European General Data Protection Regulation has been the elimination of WHOIS lookup data. As a result, identification of malicious domains connected to bad actors has become an enormous challenge. We’ll likely see malicious domains ramp up. My hope is that regulators, work councils and security industry leaders can work together in 2019 to identify some exceptions in which security takes precedent.
–Cryptocurrency mining will continue to rise;
–Cybercriminals use of automation and machine learning to collect data to launch personalized and sophisticated social engineering campaigns will increase;
–Given the importance of customer data to companies, individuals and to cybercriminals, the ability to manage data privacy will make or break companies in 2019;
–The pressure to protect customers’ data and ensure the privacy of sensitive information is a global issue, which may encourage a move towards global privacy law;
–Cybercriminals have used IoT devices to launch major denial of service attacks, but as more devices become connected and engrained into people’s lives in 2019, attackers will set their sights on smart home devices.
— The hacker underground will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together. These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials.
–Due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence.
Tim Steinkopf, president of Centrify
–Zero Trust Security — trust no one on the network — will generate great interest from security leaders in 2019. As catastrophic data breaches become more common, the need for organizations to consider new approaches is escalating. For today’s enterprises, the concept of Zero Trust is rapidly moving from interest to adoption, and savvy organizations will adopt Zero Trust approaches to stay ahead of the security curve.
–Privileged Access Management will become a priority due to a new wave of high-profile breaches involving privileged credentials. We predict the PAM segment will outpace identity governance and administration, access management, and user authentication due to a virulent breach culture that demands a new, cloud-ready, Zero Trust approach to security;
–California’s IoT security bill, which requires any manufacturer of a device that connects “directly or indirectly” to the Internet to outfit it with “reasonable” security features, will spur similar IoT regulations in other states and even in other countries. We also predict that GDPR is just the beginning in the fight to protect data, and more data privacy laws will follow suit.
Mike McKee, CEO of ObserveIT
–The impending deployment of 5G wireless connectivity creates the ability to create a more vulnerable security landscape, particularly as it relates to insider threats. With 5G, both malicious actors and accidental insiders can work faster and export more data in less time. With that, organizations need to take preemptive steps before 5G’s to deployment to make sure their infrastructure is prepared for the new reality of connectivity, speed and data;
–Generational Risk: In 2018 just over one-third of 18-to-24 year-olds reported that they don’t know nor understand what is included within their company’s cybersecurity policy. As such, generation Z and entry-level employees with poor knowledge of organizational security will cost companies the most money due to insider threat incidents in 2019, compared to any generation.
Corey Nachreiner, chief technology officer at WatchGuard Technologies
— Cyber criminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information. Chatbots are now a useful first layer of customer support and engagement that allow actual human support representatives to address more complex issues. But life-like AI chatbots also offer new attack vectors for hackers;
–A nation-state launches a “Fire Sale” attack, defined as an attack that starts with a diversion away from the real target. Many modern cyber security incidents suggest that nation-states and terrorist have developed these capabilities. Cyber criminals and nation-states have launched huge distributed denial-of-service (DDoS) attacks that can take down entire countries’ infrastructure and could certainly hamper communications systems. It’s only one step more to use many attacks as a smoke screen for a larger operation;
— A new breed of fileless malware will emerge, with wormlike properties that allow it to self-propagate through vulnerable systems and avoid detection.
–Already, GDPR is having a big impact on digital privacy, not only in the EU, but also in the U.S., as well as other countries. This is a trend that will influence the cybersecurity landscape in 2019 and beyond
–Given the importance of customer data to companies, individuals and to cybercriminals, the ability to manage data privacy will make or break companies in 2019. The pressure to protect customers’ data and ensure the privacy of sensitive information is a global issue, which may encourage a move towards global privacy law
–Cybercriminals have used IoT devices to launch major denial of service attacks, but as more devices become connected and engrained into people’s lives in 2019, attackers will set their sights on smart home devices
Guy Rosefelt, Director of Product management at NSFocus
–Expect cryptominers to spread. Since the end of March, the number of cryptomining activities has risen sharply compared to the beginning of the year. In 2019, we should expect cryptominers to continue their trajectory of becoming increasingly active as they did in 2018;
–IoT will be a pain point for DDoS attacks. As IoT innovation continues to blossom, more and more IoT devices will continue to get involved in DDoS attacks in 2019. The steady development of the IoT industry makes it difficult for security techniques to keep up, and threats posed by IoT devices will likely be put on the agenda of governance.
—A cyber attack on an automobile will kill someone. We’ve already seen hackers remotely kill a Jeep on the highway, disable safety features like airbags and antilock brakes, and hack into a car’s Bluetooth and OnStar features. As cars become more connected and driverless cars evolve, hackers will have more opportunities of doing real harm;
–Cloud-based ransomware will compromise a major corporation’s infrastructure. Ransomware continues to grow in sophistication. In 2019, we believe we will see it successfully compromise a major corporation’s cloud infrastructure. The results will be devastating, impacting thousands of customers and resulting in a heavy loss of profits due to missed SLAs and fines;
–President Donald Trump’s cell phone will be hacked.
Michael George, CEO, Continuum
–Every business will be no more than two degrees of separation from a major cyber attack. Sixty-one per cent of small and medium businesses are now being hit by cyber attacks every year, and the average cost of a cyber attack has increased to US$2.2 million, making it extremely difficult for businesses to recover. The sheer volume of cyber threats that SMBs are experiencing has caused a substantial shift in their risk of being attacked—from minimal to material—meaning that no business is now more than two degrees of separation from a business that has been attacked. What’s more, the risk and potential damages associated with these attacks is also increasing—making it extremely difficult for SMBs to protect themselves.
Alex Schutte, director of security operations at CyberSight
–Ransomware attackers will focus on targets that cannot afford disruption including healthcare, government, supply chain, and critical infrastructure. These organizations have clear economic justification for paying up;
–The crash in cryptocurrency prices will cause a resurgence in ransomware as hackers perceive the market to be returning to normal levels;
–Polymorphic ransomware variants that constantly change their signature will be used to evade traditional AV products which now have a library of known ransomware signatures.
John Humphreys, SVP of Business Development and Alliances at Proficio
–The cyber skills gap will gets worse. Hiring and retaining cyber professionals is already a huge problem. Growth in demand for people and the high employment rates will only make the problem worse. Ultimately AI and digital robots may come to the rescue, but in the short-term AI is driving demand for more people – the rarest of candidates being a data scientist that understands cybersecurity.
–CFOs will take a greater role in measuring the ROI of cybersecurity programs. Investment in people and technology has always been a necessary expenditure. In 2019 there will be more accountability for cost-effectiveness and more focus on outsourcing to service companies.
–We’ll go back to basics on security (again), but also focus on specifics. Organizations will redouble their efforts to strengthen their security posture. It’s about understanding their risk environment, and ensuring they are doing the basics right to protect their business; practicing IT hygiene to keep infrastructure current to protect against vulnerabilities continues to be critical. Network-level security is essential – in a software-defined world, network segmentation and security is a central part of the design. They’ll also increasingly need visibility on data to drive insights and ultimately to make decisions on how to mitigate against specific security threats.
–Contextual privacy will be front and center. Application users are keenly interested in how their data is used. In 2019, we’ll begin to see a focus on contextual privacy requirements, linked to location-based awareness. This will change how organizations are able to approach their security, and will impact their ability to keep personally identifying data safe.
–Software subversion. While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing. In 2019, we will see a continued increase in the use of third-party applications or services as the “back channel” into networks through the corruption of third-party firmware/software (and updates);
–Authentication through mobile devices will explode. Acceptance and use of biometrics, facial recognition, QR codes, etc. via mobile devices will increase as organizations and users gain trust that these approaches provide additional security to currently “insecure” elements at places like voting booths, for DMV registration, etc. Greater acceptance trending is also linked to the proliferation of converged physical-cyber security in identity proofing – i.e., need to use facial recognition at facility turnstiles, access WiFi via devices, etc.
Roger Grimes, data driven defence evangelist at KnowBe4
— Expect a U.S. national privacy law to be created and passed by Congress. And if history is any guide (see the CAN-SPAM act, etc.) the law will be mostly crafted by the very entities that it’s supposed to protect us against. It will contain multiple clauses which essentially make it easier for corporations to take and use private information, with even less penalties and consistency than what California is trying to build.
Sam Curry, CSO of Cybereason
–Ransomware has had its heyday, and while it’s not going away and may lead to some big security incidents, it’s not the main course anymore. For the most part, it’s used as a distraction or even a tool to stimulate IT into cleaning up forensic traces on behalf of the attackers! Run an attack, drop ransomware, and watch IT re-image the system and destroy the evidence of that attack! It’s largely brute force, and while there will still be painful victimization and damage, it will subside in 2019 and beyond as a top attack form.
–Critical infrastructure will be a prime target. Attacking critical infrastructure hurts, and as a result defenses and first responders can be disrupted and the general noise and confusion around everything from nation-state hacks to simple cybercrime can benefit from noise-to-signal ratio, reduction in resources, confusion in triage, and more. So drill, establish critical relationships, define escalation paths, and get ready for when disaster may strike. Now is the time for resilience and contingency planning and preparedness.
Ophir Gaathon, CEO/Co-founder, DUST Identity
–In 2019 measures to protect supply chain security — both software and hardware — will need to improve drastically. Industrial IoT is driving an explosion of connected parts and assets. More connectivity and accessibility introduces more attack vectors, and thus ensuring the integrity of the parts is more critical than ever before. Asset owners control over their parts supply chain is diminishing – leading to higher risk and greater impact of breach and disruption. Without a new approach and use of modern tools the changing threat environment compounded by the anticipated increase in regulatory pressure companies and government stakeholders will experience a significant increase in resource allocation to stay compliant.
Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies
–Companies are strengthening protection, striving to comply with regulatory requirements. As a result, it will be more difficult for criminals to hit companies with single mass attacks, and targeted attacks will become more popular.
–Cyber crooks are also likely to start attacking users of online trading applications, as such applications can be weakly protected, therefore making them an easy target.
Ajay K. Sood, Symantec Canada’s VP and country manager
–2019 will be an election year in Canada, and I expect to see a proliferation of fake news. We’re also going to see cyber attacks directed at political parties, candidates and any official sites associated with the election. This includes social media, and we can expect that candidates’ Facebook pages will be site-jacked. It’s not a matter of if this will happen, but when.
I also think we will see retaliation for the extradition hearing of the Huawei executive. We’re in the process of developing a 5G network in Canada, and major Canadian telecom firms are building their 5G backbones on Huawei technology. There’s little doubt that this technology is back-doored, and so we might see some level of infrastructure vulnerability.
–Finally, we are going to see more ransomware attacks, and even more big data breaches, and these attacks will be more sophisticated. Breaches of IoT and mobile devices will be made easier by the 5G deployment, since it provides a larger, faster network, and the backbone of the 5G network is ostensibly vulnerable. But there is reason for optimism. Vulnerability research will be assisted by AI in 2019, and this will lead to more vulnerabilities detected, and more successful defenses against attacks.
Matt Tyrer, Commvault’s Ottawa-based senior manager, solutions marketing, Americas
–Privacy-first becomes a priority: As government agencies increasingly cite enterprises for non-compliance with the European Union’s GDPR and other strict data privacy regulations, and other governments implement new data privacy regulations, enterprises will increasingly adopt a “Privacy First” approach to data management. We’ve seen this discussion quite a bit in the Waterfront Toronto/ Sidewalk Labs project, where the push for “privacy by design” has come to the forefront.
Tim Jefferson, VP, Public Cloud, Barracuda Networks
–As workload migration accelerates to the public cloud, security risk professionals will need to get more actively involved in their DevOps team’s processes, so they can automate the application of governance and compliance controls. It’s not about dictating what tools the team uses, but verifying that controls are being met and helping the builders build securely. After all, configuration errors can be easy to make as people try to use new cloud services they might not fully understand. That’s why I expect to see more teams embracing automation to continuously monitor cloud security and remediate problems automatically.
Chester Wisniewski, principal research scientist at Sophos
–In 2019 we’ll see an increase in cybercrime aimed at to servers. In recent years companies have invested in next-generation technology to protect endpoints, but server security has fallen to the wayside despite the high-value data often stored there. Companies will need to re-think their server security with a layered approach that includes server-specific protection;
— Opportunistic ransomware isn’t going away – and Matrix and Ryuk are frontrunners to watch. Cybercriminals have taken note of the success of the SamSam targeted ransomware and in 2019 we will see more and more copycat attacks.
Anthony Di Bello, OpenText’s senior director of market development for cybersecurity
–Automation is already an important part of enterprise security. With machine learning, these systems will evolve from linear automation, to more of a “choose-your-own-adventure” style. Augmented intelligence tools will more effectively present options for security teams based on impact, what stage of attack is detected, and other factors to speed response and remediation time.
–Privacy regulations will force vendors to abandon the black-box approach to AI. Vendors will need to be more open about what data is captured and analyzed by security and AI technology. This in turn pushes vendors to focus on more specific and achievable use cases.
–As the Enterprise IoT market matures vendors will self-regulate with regards to security. Principles like security-by-design will be a competitive differentiator and a must-have for enterprises.
Ilia Kolochenko, CEO of High Tech Bridge
–Millions of people lost their money in cryptocurrencies in 2018. As a result their illusions about cryptocurrency security have vaporized. The problem for 2019 is that many victims irrecoverably lost their confidence in blockchain technology in general. It will be time-consuming to restore their trust and convince them to leverage blockchain in other areas of practical applicability.
–Bug bounties are trying to reinvent themselves in light of emerging startups in the field and not-for-profit initiatives such as the Open Bug Bounty project. Most crowd security testing companies now offer highly-restricted bug bounties, available only to a small circle of privileged testers. Others already offer process-based fees instead of result-oriented fees. We will likely see crowd security testing ending up as a peculiar metamorphose of classic penetration testing.
Jacques Latour, chief technology officer, Canadian Internet Registration Authority
–2019 will be the year when cybersecurity goes mainstream. The new disclosure rules in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) combined with cheap, accessible tools for hackers are creating a situation where Canadian businesses–regardless of size–won’t be able to ignore the threat anymore.
–Another major trend we foresee is a desire to create a more robust, resilient Canadian internet. While internet infrastructure is global, having a strong national presence of Internet Exchange Points (IXPs), data centers, and cloud providers will improve our resiliency, performance and access to the internet.
Albert Ziegler, data scientist, Semmle Ltd.
–Developer awareness of security will rise. I recently conducted a study examining instances of developers mentions of code security on open source code development platforms and found that developer awareness about security and vulnerabilities is exploding. The number of mentions of the terms has significantly increased and maintained volume, demonstrating a growing awareness of software risks.
Joel Windels, VP of global marketing, NetMotion
–2019 will see a major mobile app scandal related to where mobile data is being sent. When someone uses a phone, tablet or laptop to connect to a website the content that’s being pulled on the backend is located on servers across the globe. The same thing occurs when a user connects to popular applications from messaging to video to games. If users use their mobile devices for business purposes, they should be concerned. Their device may be connecting to servers located in countries that, for corporate security reasons, may put them in risk of breaching security policies. Creating security policies isn’t enough; companies also need to address the security of mobile users themselves;
— 2019 will be the year that an unusual device such as a fridge will be exploited by hackers
Ofer Amitai, CEO of Portnox
–Artificial Intelligence and machine learning are going to be implemented into the arena of practical usage in cyber security, mainly for forensics and identification of culprits in cyber events. Investigating security events is costly both in terms of time and the expertise required. We believe that AI and ML are well positioned to help in these investigations for obvious reasons, relating to computing power and specialized programming of what to look for and the ability to learn.
–Security and privacy merge. Everyone is paying attention, for a variety of reasons. All we know is that we have seen an increase in companies seeking network access control to keep up with all the new compliance regulations and it is very satisfying to hear that sigh of relief, when a company has implemented their solution.