What will we see in 2019 for Information Security ?
We were having a discussion the other day around threats and hackers in 2019, and what we can expect and what we have been reading thats ‘on the horizon’ for 2019.
No doubt, more focus, more attacks, more targeted attacks. For the defenders they will be looking for solutions that dont tie up the ever dwindling budget for IT Security. Well I say IT Security, we prefer the term Information Security, as thats what we are all trying to do, secure the business information assets and making sure our organisations dont appear as another statistic on the ICO’s website.
As more and more businesses are shifting their applications and data to the cloud, threat actors will look to target systems and applications around Office 365, crafting techniques and exploits to get access to the applications, not just the data. We are advising businesses to go multifactor authentication wherever they can.
Budgets and Spending
Spending is on the increase for CyberSecurity (and I hate that term Cyber), in the attempt to beef up security and reduce the attack vector, but attacks still happen. Its only a matter of time before Execs and Security Management begin to ask “How much is enough ?” as budgets are cut. Businesses are on the look for efficient ways to protect against cyber attacks.
Security vendors may experience targeted attacks as the security architecture gets more and more complex, and attackers look to target the weakest link in an ever expanding data chain.
Internet of Things
The Internet of Things (IoT) is ever expanding and will probably see a swathe of botnet recruitment of unwitting devices. A great example of how much power that criminals can wield with connected devices – The 2017 Reaper Botnet
Hardware based attacks
You may or may not have seen hardware based attacks with Spectre and Meltdown, which can result in a hacker, once exploited, gaining access to screen views and data. In 2019 we expect to see a shift away from software based attacks to hardware.
Sophisticated Scams and Phishing attacks – targeted
We all get the bulk emails and attempts to swindle you out of Bitcoin or attempt to get you to pay an invoice or pay “HMRC” under the threat of the wrath of them. Most are easily recognisable, but we expect to see more targeted, researched attacks taking place on businesses.
One example is a business we have worked with, where a mailbox had been hacked and communications with the accounts team was redirected to a separate folder so any comms about “Paying Invoices” were private so to speak. The attackers can even use language and phrasing of the sender so not to cause any suspicion.
Another example is a report around bank fraud – getting phone calls which all seem genuine trying to get access to your account in order to make sure things are secure. The advice is if you get any calls or emails like this – independently call them back (ie call your bank directly not on their number 🙂 and if its an email – manually type your bank details into the computer to log on and check yourself )