+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Top 5 Top Cyber Security Predictions for 2019

Written by Joseph Carson

December 24th, 2018

Cyber security was a major topic in 2018 as the compromise of elections and voting machines was at the top of everyone’s minds.

Given the critical impact of the midterm elections on future governance, election security is a major concern. It’s especially concerning after it was demonstrated at DEF CON how voting machines could be hacked in two minutes, and even young children had successfully displayed how easily they could hack these critical systems. With ransomware cyber-attacks on the decline and cryptomining on the rise, it appears that rather than trying to extort money from victims, cyber criminals are using victims’ stolen computer resources to mine cryptocurrencies, increasing their profit from previous years’ financial fraud, and basically stealing energy from victims.

Email continues to be the number one method of delivering malicious payloads and identity theft continues to be most targeted by cyber criminals. This year’s data breaches have personal data at the top of the list of stolen assets from major data breaches such as Exactis, Under Armour and MyHeritage.  The education and airlines industries have been targeted by cyber criminals stealing intellectual property that can be used to make counterfeit products and airline passenger data, such as passport details that could be used to create fake identities. Air Canada, British Airlines and Cathay Pacific have all experienced major data breaches in 2018.

Email continues to be the number one method at delivering malicious payloads and identity theft continues to be most targeted by cyber criminals.

Facebook had a horrible year for cyber security after making their relationship with Cambridge Analytica transparent. The British consulting firm had a major impact on the 2016 Presidential Election and the Brexit Campaign, and Facebook’s involvement forced founder Mark Zuckerburg to appear before Congress to explain what happened and how Facebook was going to take responsibility. Facebook’s woes continued: they later experienced one of the biggest data breaches in 2018, with 50 million victims—the result of poor security.

Cyber attacks caused major disruption throughout 2018 and we saw the World Economic Forum raise cyber-attacks to be the third-highest risk to world economies, just behind climate change and extreme weather events.

With cyber attacks dominating the world stage, what predictions do we have for 2019?  I am always trying to figure out what will happen next. Below are my 2019 predictions for the future of cyber attacks, and the type of threats you need to prepare yourself for.

1. Million-dollar data breach fines

In 2018, we saw the EU GDPR come into enforcement as well as the California Consumer Privacy Act, both of which have serious financial penalties for organizations that fail to protect personal data. We also saw some serious financial costs from cyber attacks with Uber agreeing to pay $148 million from a data breach that occurred in 2016, and both Equifax and Facebook were fined £500,000—the maximum penalty possible under the older UK data protection law.  In 2019 we are going to see some serious financial penalties, with Facebook, Google, and British Airways all under the microscope This could prompt the first billion-dollar data breach fines for failure to secure and protect personal data.

2. Regulations get tough, and the rest of the world will update laws for data protection

Following the EU’s GDPR and the California Consumer Privacy Act, the rest of the world is ramping up data protection laws, responding to the modern global economy in which data is now exceeding the value of oil, becoming the most valuable asset. Governments have now seen that importance of protecting their citizens’ sensitive personal data and punishing corporations for failure to protect individuals’ data., particularly organizations that are profiting from the data. In 2019, we will see the rest of the world continue to increase legislation related to personal data and IoT (Internet of Things) devices to ensure that the standards of cyber security in place to protect data are at a standard equal to the value of the data itself.

3. Machines will attack humans

In 2019, with so many connected devices, we are very likely to see machines attack humans.  Yes, machines will be used to target humans with cyber attacks and many of those machines will be controlled by other humans. Cyber attacks will start to have a direct impact on humans and possibly cause physical harm or eventually even death. You might go as far as saying we could see a vacuum cleaner chase your kids around the room, your fridge spit water in your face, a kettle heat water to extreme temperatures, or your car veering into another car—all resulting from malicious acts to attack humans.  IoT could potentially become the future assassin, and attacks could easily be carried out across country borders. At least in 2019, these devices will be controlled by other humans, but with AI (Artificial Intelligence) we may lose this control to devices in the future.

4. Government will engage in cyber offensives

Governments have been developing cyber weapons for several years and many have been using them in secret to attack other countries causing situations just short of war.  Nuclear weapons no longer have the deterrence they once had, and cyber weapons have allowed countries to disrupt our society and political stability that was protected in previous years. In 2019, we will likely see governments reveal their cyber weapon capabilities to create a future deterrence in showing other countries what will happen if they continue using cyber techniques to cause social and political harm.

5. Email and compromised privileges continue to be the major cause of data breaches

Email and compromised privileges will continue to be the primary method at bypassing company security controls to disrupt services, steal sensitive data or cause financial fraud. Reducing the impact and risk of emails and privileges should be the number one priority for organizations if they want to reduce the risk of cyber attacks.  If you can control email hyperlinks and attachments as well as implement a least privilege strategy, that will limit and control privileges and reduce your risks.  2019 is the time to get in control of privileges.

Want to follow the timeline of major cyber security events in 2018 and see how they’ll affect 2019? Watch my on-demand webinar now.

Are there any cyber security predictions you have not on my list? Share in the comments below.

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.