Cybersecurity trends in 2018 were a blur of giant DDoS attacks, cryptomining, social engineering, malware, and more. If you escaped unscathed, you should count yourself lucky but not necessarily safe. There’s still significant room for progress on the cybersecurity front.
To be fair, most organizations are trying to make this needed progress. Spending on security solutions grew 5 percent in 2018, according to ComputerWeekly. However, the percentage of organizations that reported a data breach grew 10 percent. Today’s security teams have more tools than ever—but so do hackers.
Before you finalize your cybersecurity strategy for 2019, take a step back and consider what’s really coming next.
Understand what’s on the threat horizon for 2019
IoT is bigger than ever, and hackers are having a field day with your unsecured business printers, routers, and connected devices. There was 35 percent growth in DDoS attacks in 2018, and the average attack size expanded 500 percent. With the Ransomware as a Service (RaaS) epidemic continuing to rage, it’s a safe bet 2019 will see a continued trend toward higher-volume, higher-frequency DDoS threats.
When the wolves aren’t trying to use your unsecured endpoints in these attacks, they’ll be exploring another easy angle for data theft. A Threat Stack study revealed 73 percent of AWS cloud environments have at least one critical security misconfiguration. It’s also worth noting that 28 percent of data breaches last year involved insiders, according to the Verizon’s Data Breach Investigations Report. Human error and, more rarely, malicious insiders are risky obstacles in your cybersecurity strategy for 2019.
Build out your 2019 cybersecurity strategy
Data breaches are costlier than ever, compliance requirements are steep, and customers have become more conscious of their data security in today’s cybersecurity climate. As a result, cybersecurity threats are finally getting the attention they deserve from the board of directors. While this trend will likely result in increased budget and support, it also presents new challenges. Here are a couple strategies for facing those challenges:
Know what’s actually on your network
The pressure is now on IT to inventory every single device on their network and develop a comprehensive plan for securing them. While this best practice sounds like a no-brainer, it’s difficult to do in an age when endpoints are proliferating in the form of mobile devices, IoT devices, and more.
“Today, CISOs are desperate for solutions to secure existing endpoints,” said Head of Security Practice Michael Howard during the Black Hat security conference. “Many lack understanding of their current multivendor environment. They need vendor-neutral advice on basic best practices.”
You can’t fight hackers if you have 10,000 invisible devices on your network. The first step toward an effective strategy is identifying key endpoints and assets that need securing.
Learn business as a second language
Like it or not, IT professionals are now forced to collaborate with business leaders. A recent RSA study found that 70 percent of IT leaders believe building relationships with business can be challenging due to the different terminologies, success metrics, and technologies used by the two teams.
The most-needed upgrade to your cybersecurity in 2019 might not be a shiny tool for defending against advanced threats. It may be as simple as improved communication and data dashboards that both sides find valuable.
Watch out for the scariest cybersecurity threats of 2019
There’s a chance robots could start getting hacked by the end of 2019. Researchers at Black Hat demonstrated how hackers can easily fool AI with existing methodologies. Adversarial attacks can alter the output of algorithms by feeding it “subtly altered images, objects, or sounds that fool AI without setting off human alarm bells.”
The rate of innovation in the DDoS space is also worth watching. Hackers are discovering new vectors, such as the recent rise in memcached attacks on open source infrastructure software. February 2018 marked the first DDoS attack larger than one terabyte, and 2019 will likely host new varieties of sophisticated denial-of-service attacks. It’s safe to say pouring money into unsecured IoT technology would be a risky choice for your business.
Sixty-nine percent of Black Hat conference attendees believe it’s highly likely a successful attack on the United State’s critical infrastructure will occur in the next two years. Simultaneously, research shows that less-skilled threat actors are starting to use the tactics of nation-state cybercrime groups to target the enterprise. This includes “employing hands-on-the-keyboard tactics to break into systems, conduct reconnaissance, steal credentials, and move laterally,” researcher Jennifer Ayers tells DarkReading.
Prepare for the cybersecurity trends of the future
While 2019 could be the year that marks the emergence of entirely new categories of threats, it’s most likely going to be another year of the same types of cybercrime occurring at a slightly higher volume and frequency. The vast majority of hackers will continue to remix the same basic techniques for hacking, malware, social engineering, and privilege abuse. Employee errors and unsecured endpoints are likely to continue to cost millions.
As an IT pro, the biggest challenges to your cybersecurity strategy are within your organization. To become resilient, you need to understand what’s on your network, communicate these risks to the board, and fast-track mitigating major vulnerabilities with more secure solutions, such as smarter print security and better cloud compliance. By doing so, you’ll be able to keep your company secure in 2019 and beyond.