During the past 2017, the words ransomware was no longer reserved only for cybersecurity specialists and IT departments and became part of the public domain. In 2018, cybersecurity has been constantly evolving, and has been part of the daily lives of network users.
Since cybercriminals have been adapting to the new defensive situation, changing their attack tactics, opting for more stealthy trends like cryptojacking.
What happened in 2018?
The mandatory GDPR was a turning point for most cybersecurity professionals. In addition, the entry into force of the regulation coincided with a critical moment in data breaches, with attacks such as The Marriott International, Exactis, or the well-known case of Facebook and Cambridge Analytica.
On the other hand, there are all attacks related to blockchain technology, specifically throughout 2018 have highlighted the coinminers, who seek to take advantage of the processing resources of the victims to mine cryptocurrencies and get a benefit.
Importantly, all these technological advances and their consequent attempts at harnessing cybercriminals also have as their counterparts the use of technology to protect users and organizations. Machine learning is an example of how these advances make it possible to make the most of the enormous amount of information generated from user-system interaction, processing it and leveraging the results to refine the systems of Security.
Part of the task of cybersecurity professionals is to be aware of new trends around cyber threats, they must be prepared to be able to protect the information of users and companies.
What will 2019 stop?
Overall, the cybersecurity market is on track. With the 2017 National Initiative for CyberSecurity Education (NICE), widespread efforts were seen to improve awareness and security capabilities across organizations.
Importantly, following the implementation of new regulations and recent attacks, organizations began to understand the importance of cybersecurity and increased their efforts to mitigate some of the internal threats and human errors that are at the root of many companies’ cybersecurity problems.
However, despite the changes that companies can take on, thanks to emerging technology some predictions can be made about what is reserved for cybersecurity in the coming year.
Cryptojacking will continue to increase
As mentioned at the outset, coinminers have been trending during 2018 the 42% of organizations were affected by malware encryption, compared to 20.5% companies affected in the second half of 2017.
Since the beginning of this year it has been seen as the cryptocurrency mining malware has been described as “the new ransomware”, and that ransomware attacks have attracted much less media attention.
Of course this does not mean that the ransomware epidemic has not run its course, but it is clear that there are fewer stories about users who have lost their data or who have had to pay for a ransom.
Zero trust is becoming digital trust
Due to the increasing sophistication of attacks and the emergence of internal threats, IT teams adopted a “trust inge-anyone” mentality. Which means verifying the identity of any user inside or outside your network when trying to connect to systems or access data, before granting access.
However, zero trust has proved difficult to deploy, especially for organizations with legacy networks, and in some cases becomes a barrier to employee productivity and customer engagement.
In 2019, digital trust is expected to become the next security model. Zero trust has laid the foundation for digital trust by enabling IT to build a “fingerprint” of its employees. They have established a comprehensive behavior profile for each user that includes information such as the devices they use and their location. Digital trust will allow the user to access applications and systems, as long as they remain consistent with their profile.
As a result, users can access data and applications more easily, with a small number of authentication hurdle, improving their overall experience.
- By 2020 more than 60% of organisations will invest in multiple data security tools such as data loss prevention and encryption.
- Between 2018-2020 SaaS, user authentication, identity and access management are expected to be the largest segments for information security market growth with a CARG of 10.3%.
Cybersecurity powered by artificial intelligence?
In a world of fast-moving, automatic attacks, intelligence is the key to being able to respond quickly or even predictably, rather than react, to individual threats. It will also allow your organization’s overall cybersecurity posture to change dynamically in response to the changing threat landscape.
Machine learning will play a critical role in intelligence gathering. In addition, machines will start making more decisions of their own and execute changes to minimize an organization’s cyber risk, based on this intelligence.
While machine learning helps organizations protect themselves, it should be noted that cybercriminals also use this technology in their attacks.
This will allow them to move much faster. Once the malware has infiltrated a network, its decision making will be instantaneous. You’ll be able to move laterally within your organization, across different ports and domains, faster than ever before.
The challenge is that, for companies, security must have no failure. Whereas cybercriminals only need to get it right once. Artificial intelligence is becoming the new arms race between adversaries. That’s why getting ahead of the curve by using intelligence will be critical in the coming year.
- 12% of enterprise organisations have already implemented AI-based security analytics.
- 27% of enterprises have implemented AI-based security analytics to a limited extent.
- 29% of enterprise organisations want to use AI-based cyber security technology to troubleshoot, correlate and enrich security alerts.
- 27% of companies want to use AI-based cybersecurity to improve operations, prioritise and automate the right incidents and remediation tasks.
Organizations focus on cloud-based security platforms
Throughout 2019, security providers based on in the cloud start á n to gain strength in the security market. Cloud-based security is attractive for the same reasons organizations are attracted to cloud-based services—they’re delivered on a platform, flexible, and scalable.
Cloud-based security systems are built with open APIs, so security teams can integrate technology into the platform with relative ease and enable or disable security technologies, depending on your needs.
Cloud-based security is especially important in an era of hybrid cloud, as cloud services have presented many security challenges. IT often has no knowledge of activating new cloud services or the connections made. However, due to the flexibility and scalability of cloud-based security, organizations now have additional visibility into their environments, rather than a static view of the organization with a defined set of technologies, protecting specific points on the network.
This type of security also allows for greater automation and orchestration. With the advent of runbooks, security professionals have a knowledge base that gives them insight into what, how and when to respond to unusual new connections and cybersecurity incidents. It also allows them to automate responses when appropriate. By leveraging machines, they can scan the environment for changes, gather and build intelligence again on the platform (and in runbooks), taking action where there is a clear threat.
- 49% of organisations expect cloud security budgets to increase, with a budget increase of 28%.
- 47% of enterprises have implemented AI-based security analytics on a limited basis.
- 56% of enterprise organisations recognise the need or staff expertise and training.
- 37% of companies point to a lack of integration with on-premise security technologies.
More attacks on IoT routers and devices
In mid-November, and with little impact, a team of researchers discovered 7 new attacks against processors, related to it and continuing with the trend targeted by attacks such as VPNFilter, which is estimated to have affected about half million routers worldwide. It is expected that in 2019 there will be increased attacks, not only against routers, but against IoT devices.
There are two main reasons:
- The default security of such devices is questionable, with factory passwords or directly without a password.
- Moreover, they are difficult devices to update, and therefore many users do not know how to do it, which causes their level of protection to be much lower than other devices like computers.
This makes IoT devices an easy target for attackers, both to perform DDoS attacks, and to distribute crypto-miner-type software, at low cost and risk to the criminal.
These attacks on household devices have given the alarm voice and there are already those who are concerned and have begun to remedy, such as approval of a new law in the state of California (USA), which will require that by 2020 all IoT devices marketed on the market must be configured with unique passwords.
Conclusions
All these trends have a common point and it is the importance of data both for companies, users, for those responsible for providing protection and also for cybercriminals.
As technological advances develop, the attack surface expands more and more and challenges increase. In a current world crossed by interconnectivity, where all services are linked to each other in the cloud, where virtual assistants, routers and other smart devices can be the gateway to information theft or in which a website may have been infected by a malicious code to mine cryptocurrencies, it becomes increasingly necessary a more prepared user profile, that has tools to make responsible and conscious use of technology, and that also knows not only how to protect yourself, but also to know about the responsibility and risks that come with uploading information personnel to the cloud.
With regard to organizations, companies and manufacturers, they should do their part if they do not want to be affected by users who lost confidence as a result of being harmed as a result of a security incident.
During 2019 there will continue to be cases of security breaches, devices that leave the factory without having had enough security controls and sophisticated campaigns that affect critical entities. At the same time, classic phishing campaigns will continue to arrive in the inbox that attempt to take advantage of individuals without the skills to make safe use of the technology.
Faced with this diversity of attacks and their complexities, there are multiple responsibilities of the various actors in society (companies, users, manufacturers, governments, civil society organizations) to ensure that the privacy and confidentiality of the data will be maintained.
