So, 2019 has begun, and as is usual everyone is making predictions of what to expect whether it is Computer trends, Travel, Clothing, Cars, Financial Investments to of course Security. I agree it is essential to learn from the past and do better going into the new year.
Cyber Security is an area that is always changing. Just as a specific threat is found and fixed, another appears causing havoc. It is, in reality, a big game of “cat and mouse,” always playing catch up to an industry that seems never to sleep or show any intention of stopping. Two thousand eighteen saw multiple attacks of every kind, with an increase in exposing personal data whether through social media platforms or even fitness systems that store our exercise statistics. Nothing seemed to be secure enough, and the size of the data exposed enforced this. The top 5 most massive Security breaches of 2018 were:
- Adhar – 1.1 billion people affected
- Marriott Starwood Hotels – 500 million
- Exactis – 340 million
- MyFitnessPal – 150 million
- Quora – 100 million
The interesting piece for all of the data breaches is what they have in common. The systems were compromised either by an unauthorized attacker, misconfiguration by internal support or lack of security protections. As you think about that, we realize that the same issues still exist even though there are better platforms and tools available to us.
Of course, a prediction for this year, is the increased use of Artificial Intelligence (AI) Security tools, to help in identifying and potentially mitigating some of the problems. The downside though is that teams will rely too heavily on the new “silver bullet” to do their work for them. Though the new AI tools work, they are not meant to replace real-world experience and hard work altogether. Teams need to ensure they still secure endpoints correctly, with the right tools, and then monitor for issues. The AI tools are an extra layer to facilitate a better overall strategy for threat management. We may also see attackers harnessing the power of AI to evade these systems too.
A second prediction that is becoming more prevalent is the attack on the Internet of things (IoT) devices. Everyone has at least one device connected to the internet, with maybe a few home-automation components too. Some of these do not have the best security, plus we as users of them, do not secure them as needed, as we almost rely on the manufacturer to make them secure for is. Don’t get me wrong I agree they need to make them more secure, but that does not mean we do nothing and leave ourselves open to potential attacks. Attackers will target these devices trying to embed malware into them that can capture the data as it travels through these devices. We need to get better at protecting ourselves constantly, including the IoT devices we use at work and home.
My third prediction is one that is always on the list. The Increased Connectivity options, from standard internet to your house to cellular networks, converging together. As speeds increase both for standard internet and mobile networks, the surface area of attack grows. Historically some of the most significant attacks are performed on wired internet connections due to speed. However, with technology such as 5G offering 10 Gbps, this will become a new platform for attacks. Many new devices will prefer the new 5G networks over standard Wi-Fi due to the increased speeds, making it much more complicated to manage centrally and protect.
There are so many other predictions you can read about online. For me all of the predictions are valid, however by the very nature of them being predictions no-one truly knows what will happen. I always air on the side of caution, and break it down to its purest form.
- I need to ensure my accounts are secure
- I need to protect my home network
- I need to ensure I patch with security updates
- I need to make sure I am using some form of multi-factor authentication
- Anything I configure of setup needs to factor in Security as a top priority
- I need to be vigilant with emails, attachments and of course my online presence
In reality if we just took extra care when we work, when we configure and setup, when we are online and put Security at the forefront of what we do, we will be in a better position to thwart these data and security breaches.