2018 was an eventful year for Cyber Security. Barely a day passed by without hearing reports of high-profile data breaches, cyber attacks, sophisticated phishing campaigns, and even cities were held to ransom by hackers.
The threat landscape has clearly evolved, and new threats are emerging all the time that threaten the security of organisations around the world.
If 2018 was anything to go by, 2019 is shaping up to be a rollercoaster of a ride. There’s no doubt that cybercrime will continue to dominate the headlines, and as cybercriminals become more sophisticated and devious in their attack methods, organisations will need to ensure they have robust systems in place to defend against these evolving threats.
So, what’s in store for 2019? Well we’re barely two months in and we’ve already had one of the world’s largest ever data breaches. Dubbed ‘collection 1’, the breach exposed more than 770 million unique email addresses and 21 million passwords. It’s evident that the data breaches we are seeing are increasing in frequency and severity and this appears to be a trend that won’t be disappearing anytime soon.
There are also a number of other trends that we expect to make an impact over the coming year:
2018 has been the year that has propelled Cyber Security to the top of the boardroom agenda. Priorities have shifted, and the increase in corporate cyber attacks, as well as the implementation of the GDPR, has prompted a greater sense of urgency in how organisations manage cyber risk.
According to the International Board Research Report, Cyber Security is now the top concern for 72% of board members, compared to just three years ago when it came fifth in the survey.
Clearly the penny has dropped, and organisations have become acutely aware that a cyber attack could be hugely detrimental to their business. Whether it’s a loss of customers, drop in share price, financial penalties or damage to reputation, the consequences of complacency are just too great to ignore.
Senior Executives have also become a prime target for malicious hackers due to their high-level access to valuable corporate data. Within the last year, there has been a 58% increase in Business Email Compromise (BEC) attacks, and spear phishing attacks have been used in 91% of all cyber attacks around the world.
With new threats emerging all the time, C-Level Executives will need to become more proactive in their approach to Cyber Security if they are to reduce their chance of being attacked.
Supply chain attacks are one of the biggest threats facing organisations in 2019. Cybercriminals have shifted their strategies and rather than target a company directly, they are attempting to inflict damage by exploiting vulnerabilities in its supply chain network.
Digital transformation has led to the emergence of new service models, and a company’s supply network may be made up of lots of different third parties including; manufacturers, suppliers, handlers, distributors, all working together to bring a product to market.
Typically, these suppliers won’t have the same robust Cyber Security defences in place and provide attractive weak points to exploit. Supply chain attacks have the potential to infiltrate an entire network through one single compromise and can be harder to detect than traditional malware attacks.
Software providers have become an increasingly attractive target for these types of attack. Attackers will attempt to plant malicious code within the software at the manufacturing stage, then wait to the vendor unwittingly distributes the malware to its end users.
This method was used in the 2017 attack on computer clean up tool CCleaner. Hackers were able to infiltrate the supply chain and inject malicious code within the software. The malware was downloaded by 2.2 million users and further attacks were launched against technology and telecommunications companies located in the UK, Germany, Taiwan, Japan and the US.
The much publicised GDPR came into effect on the 25 May 2018, and lay new foundations for how organisations process and handle data going forward. The legislation has modernised data protection rules and now gives individuals a greater control over who collects and processes their data, what it’s used for and how it’s being protected.
The implementation of the GDPR, and a dramatic increase in the number of data breaches has prompted many other countries around the world to take a closer look at their own data security and privacy laws.
Argentina and Japan have already started to align their national data protection legislation with the GDPR, and Brazil has implemented a similar legislation called the General Data Protection Law.
Within the US, the states of California, New York and Colorado have passed local data privacy laws and other states are likely to follow suit as pressure mounts for stricter data protection and a more standardised approach throughout the country.
The GDPR has acted as a catalyst for change, and countries around the world are now actively looking to align their data protection rules more closely with the EU legislation.
Within the last year, the global Internet of Things (IoT) market has experienced a significant growth spurt that shows no sign of slowing down. Over 8.4 billion devices are currently in use and this figure is expected to rise to 25 billion by 2020.
IoT devices can include anything from smart speakers to large scale manufacturing operations, and many global industries are now adopting IoT technology as a means of improving efficiencies and increasing profits.
However, as the use of IoT devices has increased, so has the associated security risks. The problem with IoT devices is they have very little security, and many lack the ability to be updated which provides cybercriminals with easy access points to exploit.
Hackers will attempt to compromise IoT devices with weak authentication, unpatched firmware or other software vulnerabilities. If these tactics don’t work, they will apply brute force attack using default usernames and passwords.
This is exactly what happened in 2016 when the infamous Mirai Botnet launched a wide scale distributed denial of service (DDoS) attack that took down dozens of the world’s largest web services. This attack method will continue to grow in prominence as hackers look to weaponise our everyday devices.
By 2020 its estimated that 25% of all cyber attacks will target IoT devices, and with more industries adopting IoT technologies, we can expect to see a continued rise in these attacks unless manufacturers prioritise the security features within these devices.
MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security training within your organisation.