When it comes to cybersecurity, making accurate future predictions is almost impossible. The threat landscape is vast, technologies evolve at a rapid pace and the scope and sophistication of attacks is increasing all the time.
From a business owner’s perspective, trying to keep up to date with all the dangers can seem mind-blowing but there is another side of the coin – from a cybersecurity professional’s perspective it’s an exciting time with lots of new jobs in the field coming online all the time. With that in mind, Technology Ireland ICT Skillnet has launched the Cybersecurity Skills Initiative with the aim of creating awareness and upskilling people and businesses in best practice through a series of training programmes.
There are many common causes of security attacks though and by looking at a few specific areas, you can greatly reduce your risk of attack and improve your security:
- Poor Passwords – Web Based Email Attacks
- Missing Patches
- Vulnerabilities – Web Platforms, Out of Date Software (Windows XP)
- Out of Date Anti-Virus Software
- Lack of Monitoring
Let’s take a look at the year ahead; here’s 7 things to be keep an eye out for in 2019…..
Multi-factor Authentication Will Become Commonplace
Anything that improves security and protects valuable consumer data is a welcome improvement for businesses and individuals. There’s a strong possibility that websites will begin to move from password only login and will add additional access requirements. Using passwords alone increases the risk of phishing and other methods of stealing data or gaining access to a system occurring.
From a consumer perspective the user experience might dis-improve as we can expect to see lots of additional boxes to click/complete and this might become frustrating until a more standardised process emerges.
On a positive note though, we can certainly expect to see a lot of innovation in this space over the coming months. Recently Google launched a new product, the reCAPTCHA v3, which we are already seeing deployed on plenty of websites. The reCAPTCHA v3 allows the webmaster or site administrator to verify if an interaction is genuine and helps keep a site safe. Have a look at this short video to learn more;
Phishing Will be Laser Targeted
Cybercriminals love getting their hands on your data. The more information they have on you, the more they will be able to craft a successful phishing campaign against you.
One thing that is becoming more common is hackers who break into your email system and simply lurk in the background gathering data and learning all they can about you. They then use this information to break into other more crippling areas of your life or business.
Detecting and protecting phishing attacks comes with a variety of challenges; for example they are difficult to spot as cyber criminals are getting more and more cunning. We hope that AI can play a role in changing phishing detection during 2019 and improve it for the better. As AI technology is adopted across systems it will become increasingly accurate in spotting phishing campaigns.
The big social media platforms and email providers should get on board too and incorporate AI technology and functionality to help spot incidents of phishing.
Ransomware for the Internet of Things (IoT)
Ransomware is when cybercriminals encrypt your data and then demand payment in return for an encryption key which allow you unlock it. Cybercriminals often specifically focus on this type of attack as it can reap some big rewards.
A recent report by cybersecurity experts Symantec revealed the average ransoms for data demanded by cybercriminals in the US increased from $294 in 2015 to $679 in 2016. Also, in the U.S. the Federal Bureau of Investigation (FBI) estimated that cybercriminals generated approximately $1 billion in revenue from ransomware in 2016.
With more IoT smart devices coming online all the time, opportunities for ransomware has increased exponentially. Attackers can hold specific devices for ransom but, more worryingly, they may use them as stepping stones to install ransomware on other more critical devices or to get deeper access into entire organisations. The risk here is that entire production lines could grind to a halt because of an infection; that’s a real risk right now for many manufacturers – although they may not even be aware of that exposure.
Organisations who use connected devices will need to identify how they are being used, what they are connected to and what the impact on the wider organisation would be if one of them was to be infected by ransomware.
Cryptojacking uses invasive methods to initially gain access to a system and then to place scripts on websites to steal resources from their victim. Cryptojacking is a silent attack and can easily go unnoticed; it runs in the background where it goes about stealing your free machine resources to mine cryptocurrency and make big profits with a very low risk of detection.
Due to the ease of which it can be implemented, the low risk of detection and the high levels of profit to be gained – it’s expected to be more prevalent this year.
Increase of Attacks on Cryptocurrency Ecosystem
Why have criminals always robbed banks? Because that’s where the money is! Cryptocurrencies are becoming more commonplace for everyday transactions, as people adopt the technology. With the continued growth in the use of cryptocurrencies, you can be sure to see a related rise in attacks against both organisations and individuals.
Organisations Will Invest in Knowledge
With the threat landscape shifting so rapidly, organisations are going to need more highly trained cybersecurity professionals on hand to help protect their systems. Companies will continue to invest in this area and individuals who obtain masters level cyber security qualifications will be in big demand.
AI to Exploit Systems and Help Criminals
AI is extremely helpful to lots of industries in terms of automating tasks and enhancing decision making through big data, but it also becomes a possible target for attack given that AI systems have access to such vast amounts of highly valuable data.
On top of attacking these systems, cybercriminals may also use AI to make their own attacks far more sophisticated. All the areas we’ve listed above could incorporate AI to probe networks and systems to find weaknesses and then these could be exploited.
This topic is one that is highly likely to affect many businesses and individuals over the course of 2019. So it’s well worth keeping up-to-speed with developments and taking an interest in the solutions available – sometimes these are simple steps that will give you peace of mind; and security.