2018 has been a tough year for businesses as far as cybersecurity is concerned. While the first half kept most businesses busy with GDPR compliances, this year has witnessed a number of high-profile cyber attacks including Equifax, Deloitte, the notorious WannaCry ransomware attack and a bunch of attacks on government systems like the Emotet malware attack on Allentown City Council and SamSam ransomware attack on the Colorado Department of Transportation. Here are some top cybersecurity trends for the year ahead.
Cybersecurity Trends for the Year Ahead
Ransomware has been the new attention area for a number of cyber criminals. Ransomware is often easy and rewarding as it depends on negligent security practices on the part of the users. A large number of Internet users are not even aware about the best practices as far as security is concerned and this makes them easy targets for ransomware attacks. Cyber criminals will continue to leverage on ransomware for their paycheck in the year ahead as well. This year, we mostly saw ransomware attacks that affected individual users and demanded ransom individually too. Still, we cannot afford to miss the potential ransomware can have if executed at a damaging scale. Imaging ransomware taking down a local government's city operations like the power grid, or transport systems, etc. If the ransom is not paid on time, it can cause a damaging effect to the economy.
Smarter Attacks Powered by AI
AI/Machine Learning software has the aptitude to ‘learn’ from the consequences of former events to help forecast and classify cybersecurity threats. According to a 2018 report, AI is used by roughly 87% of US cybersecurity professionals. AI can act as a double-edged sword as hackers can leverage this to launch sophisticated attacks.
Politically Driven Attacks
The rise in cyber attacks goes beyond financials or business systems. This year has seen multiple attacks on local government and civil systems that can cause significant damage. These attacks go beyond financial interests and are politically driven. In the year ahead, attacks will be designed in ways to obtain intelligence to fulfill certain global political agenda and manipulate politics and governance at a global scale.
Growth of IDSaaS
By 2019, 40% of Identity of as a Service (IDaaS) implementations will replace on-premises identity and access management (IAM) implementations, up from 10% today.
Enough limitations have disappeared on IDaaS that companies should use IDaaS on small-scale projects. While a clash of regulations could derail the increased implementation, companies should adapt to current limitations and benefits.
IoT Security Will Continue to be a Concern
Everything from your laptop and your fridge to cars and wind turbines can be connected to the internet today. That’s a lot of endpoints to secure and a lot of new threats to identify. Many IoT security tools have emerged that help detect and prevent these unsuspecting endpoints from sharing data insecurely.
While some of the solutions work on the hardware side to monitor IoT sensors, others work on the software side with cloud application monitors that monitor threats on multiple devices. We've already seen cars and hospital systems get hacked this year and with the growth of IoT solutions, this will only increase if not addressed at the earliest.
The IoT security market is expected to grow from less than $2 billion to over $30 billion by 2022. Sadly, more than 50% of Internet of Things (IoT) device manufacturers will not be able to address threats from weak authentication practices.
By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
Use of Passwords and Tokens Will Reduce
By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
It's hard for passwords to disappear completely but that day is also not too fay away. As far as the coming year is concerned, more biometric methods of authentication will start becoming popularly adopted.
Exploits Will Continue to be Ones Already Known
Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
Companies should stay focused on fixing the vulnerabilities they know exist. While these vulnerabilities are easy to ignore, they're also easier and more inexpensive to fix than to mitigate.