By Tim Brown, VP of Security, SolarWinds MSP
2018 was a prolific year within the cybersecurity and wider tech landscape. Data breaches have consistently made headlines, and as a result, we have seen the public mood sour toward many well-known companies whose brands have been quite damaged—potentially irreversibly. The rate of high-profile cyber-attacks and data breaches shows no signs of slowing down either—especially as the value of customer data continues to grow.
While 2019 may not see the birth of new cyberattacks, we will see successful attacks becoming bigger and better, which means the good guys need to be better in order to ensure the bad guys stay out.
So, what can we expect from the world of cybersecurity in 2019?
Hackers Refashioning A Classic
Phishing scams are the oldest trick in the book for hackers, and for good reason too. At almost no cost at all, hackers can send out thousands of emails containing bad links—and it only takes one recipient to mistakenly click a link to deliver the hacker a profit. Some of the more “cybersavvy” of us would like to think that we could see a phishing email from a mile away, but even today, millions of email users are falling victim to “simple” phishing scams.
The WannaCry attack on the NHS is a striking example of the impact a phishing scam can have on a business—the result of mistakenly opening email attachments unleashed malware into the network and cost the NHS over £100m.
Phishing scams clearly deliver results, which means they aren’t going anywhere anytime soon. It would be a mistake for anyone in the cybersecurity space to downplay phishing scams or view them as a cyberattack of the past.
Will Cryptomining Remain King?
Cryptojacking/cryptomining was one of the most popular online criminal activities during 2018. Cryptomining is largely invisible and when done right, those affected won’t even realize hackers have comprised their devices to mine cryptocurrencies—instead, they will just think their devices are slow.
But the crash in crypto prices in the latter half of 2018 may have a knock-on effect in 2019. The value of cryptomining decreases as the value of currencies like Monero and ZCash fall. Cryptomining will stick around, and will likely even increase in popularity, but cyberattacks such as phishing and ransomware won’t go away, and they—or some new unknown attack type—may take over.
A Future With Zero Trust
Mobile devices, and their ever-faster connections, make it possible to upload gigabytes of information far quicker than ever before. These devices, and their common use for work purposes, essentially make a mockery of the idea of a “perimeter,” which keeps trusted devices in and untrusted devices out. In fact, the idea of a perimeter that by default trusts any device inside a perimeter and only distrusts devices from outside the perimeter has allowed hackers to exploit many networks.
The alternative Zero Trust model of security is a few years old, but 2019 could see it become far more mainstream. The Zero Trust model means every connection on a network is deemed suspicious, and even known IP addresses and machines aren’t guaranteed access. Instead, access is gained when a user can identify themselves. The current scale of data breaches and growing value of customer data means more businesses are likely to adopt a Zero Trust model in 2019.
(Still) Addressing The Skills Gap
The cybersecurity skills gap still remains an issue for the industry. It will still be there this year, and it doesn’t look like it’s going away anytime soon. Degrees and courses focused on cybersecurity are of course great—but it will be a while before this has a substantial effect on the overall talent pool.
This year, companies need to look within alternative talent pools to find the next wave of cybersecurity experts. Companies also need to remember that cybersecurity isn’t just about technical skills—there’s a great need for people skills too. Fundamentally, cybersecurity is about preventing users from the consequences of bad decisions, or from making those decisions in the first place. Doing this effectively doesn’t just require technical skills, it requires skills in fields like psychology. In 2019, expect more organizations to begin adopting this bohemian outlook when working to address the fundamental issues the skills gap presents.
Overall, 2018 was a prolific year for the IT security space and this year is set to be one of a similar fashion. Modern advances in technology that once seemed distant and far away are increasingly becoming reality. In the next year, cybersecurity experts must get to grips with this and understand the new threats they face if they are to have any chance of combatting the “cyberwar.”